Posted on June 3, 2020 10:21 pm
 |  Asked by Stanislav Tretiakov
 |  103 views
RESOLVED
0
0
Print Friendly, PDF & Email

We have stand for test VXLAN between different DCs (schema in attachment).

All Leafs connected to CVX server on each DC. And each CVX connected between themeslaves via BGP EVPN.

For test in each leaf was connect server with linux and configured port on access VLAN100. Next step I configure assotiation VLAN100 and VNI25100. MAC Lerning good work and on both leaf I see mac-addreses.
Connection for vxlan configured in GRE tunnel and has good L3 connectevless.
But traffic has no on VNI 25100. I tried to debug this problem and discovered:
show vxlan config-sanity
category result detail
———————————- ——– ———————————-
Remote VTEP Configuration Check FAIL
Remote VTEP FAIL Unresolved ARPs to 172.16.1.2

and other switch:
show vxlan config
category result detail
———————————- ——– ———————————-
Remote VTEP Configuration Check FAIL
Remote VTEP FAIL Unresolved ARPs to 172.16.1.1

 

 

Configurations:

Leaf DC-1:

! Command: show running-config
! device: GBDC-Arista-7050SX-D13-1 (DCS-7050SX-64, EOS-4.23.1F)
!
! boot system flash:/EOS-4.23.1F.swi
!
transceiver qsfp default-mode 4x10G
!
ip security
ike policy ikebranch1
dh-group 15
!
sa policy sabranch1
sa lifetime 2 hours
pfs dh-group 14
!
profile hq
ike-policy ikebranch1
sa-policy sabranch1
shared-key <>
dpd 10 50 clear
!
ip virtual-router mac-address mlag-peer
!
hostname GBDC-Arista-7050SX-D13-1
ip name-server vrf default 10.240.33.150
!
snmp-server community <> ro
!
spanning-tree mode none
!
tacacs-server host 10.240.33.10 key 7 <>
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ local
aaa authorization exec default group tacacs+ local
!
no aaa root
!
clock timezone Etc/GMT-3
!
vlan 15,32,100
!
vlan 4094
trunk group mlagpeer
!
interface Port-Channel1
description Uplink to GBDC-Arista-D15
switchport mode trunk
mlag 1
!
interface Port-Channel2
switchport access vlan 100
mlag 2
!
interface Port-Channel100
description MLAG peer
switchport mode trunk
switchport trunk group mlagpeer
no sflow enable
!
interface Recirc-Channel1
no switchport
switchport recirculation features vxlan
!
interface Ethernet1
!
interface Ethernet2
!
interface Ethernet3
switchport access vlan 32
!
interface Ethernet4
!
interface Ethernet5
!
interface Ethernet6
!
interface Ethernet7
!
interface Ethernet8
!
interface Ethernet9
!
interface Ethernet10
!
interface Ethernet11
!
interface Ethernet12
!
interface Ethernet13
!
interface Ethernet14
!
interface Ethernet15
!
interface Ethernet16
channel-group 2 mode active
!
interface Ethernet17
!
interface Ethernet18
!
interface Ethernet19
!
interface Ethernet20
!
interface Ethernet21
!
interface Ethernet22
!
interface Ethernet23
!
interface Ethernet24
!
interface Ethernet25
!
interface Ethernet26
!
interface Ethernet27
!
interface Ethernet28
!
interface Ethernet29
!
interface Ethernet30
!
interface Ethernet31
!
interface Ethernet32
!
interface Ethernet33
!
interface Ethernet34
!
interface Ethernet35
!
interface Ethernet36
!
interface Ethernet37
!
interface Ethernet38
!
interface Ethernet39
!
interface Ethernet40
!
interface Ethernet41
!
interface Ethernet42
!
interface Ethernet43
!
interface Ethernet44
!
interface Ethernet45
traffic-loopback source system device mac
no switchport
channel-group recirculation 1
!
interface Ethernet46
description Uplink to GBDC-Arista-D15
channel-group 1 mode active
!
interface Ethernet47
description MLAGpeer
channel-group 100 mode active
!
interface Ethernet48
description MLAGpeer
channel-group 100 mode active
!
interface Ethernet49/1
!
interface Ethernet49/2
!
interface Ethernet49/3
!
interface Ethernet49/4
!
interface Ethernet50/1
!
interface Ethernet50/2
!
interface Ethernet50/3
!
interface Ethernet50/4
!
interface Ethernet51/1
!
interface Ethernet51/2
!
interface Ethernet51/3
!
interface Ethernet51/4
!
interface Ethernet52/1
!
interface Ethernet52/2
!
interface Ethernet52/3
!
interface Ethernet52/4
!
interface Loopback1
ip address 172.16.1.1/32
!
interface Management1
!
interface Tunnel10
ip address 172.16.255.1/24
tunnel mode gre
tunnel source 10.240.31.43
tunnel destination 192.168.1.22
tunnel path-mtu-discovery
tunnel ttl 10
tunnel tos 10
!
interface Vlan15
ip address 10.200.200.58/24
!
interface Vlan32
ip address 10.240.31.43/24
!
interface Vlan4094
no autostate
ip address 10.0.1.1/24
!
interface Vxlan1
vxlan source-interface Loopback1
vxlan controller-client
vxlan virtual-router encapsulation mac-address 00:aa:aa:aa:aa:aa
vxlan udp-port 4789
vxlan vlan 100 vni 25100
vxlan mlag source-interface Loopback1
vxlan learn-restrict any
!
ip virtual-router mac-address 00:aa:aa:aa:aa:aa
!
ip routing
!
mlag configuration
domain-id mlag_01
heartbeat-interval 2500
local-interface Vlan4094
peer-address 10.0.1.2
peer-link Port-Channel100
reload-delay 150
!
ip route 0.0.0.0/0 10.240.31.254
ip route 172.16.1.2/32 Tunnel10
ip route 172.16.2.2/32 Tunnel10
!
arp 172.16.1.1 f4:5e:24:49:bd:22 arpa
arp 172.16.1.2 2b:52:fc:16:fc:7c arpa
!
management api http-commands
protocol http
no shutdown
!
management cvx
no shutdown
server host 10.240.33.9
source-interface Vlan32
!
end

CVX-DC1:

! Command: show running-config
! device: Arista-CVX-Moscow (vEOS, EOS-4.23.2F)
!
! boot system flash:/vEOS-lab.swi
!
cvx
no shutdown
source-interface Management1
!
service openstack
no shutdown
authentication role admin
name-resolution interval 1800
!
region Moscow
username arista tenant service password 7 <>
keystone auth-url http://10.240.33.57:5000/v3/
resource-pool vlan 1000-3400
networks map vlan 2300 – 2600 vni 25300 – 25600
!
service vxlan
no shutdown
redistribute bgp evpn vxlan
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname Arista-CVX-Moscow
ip name-server vrf default 10.240.33.150
!
spanning-tree mode mstp
!
no aaa root
!
vlan 2398
!
interface Ethernet1
!
interface Ethernet2
!
interface Ethernet3
!
interface Management1
ip address 10.240.33.9/24
!
ip routing
!
ip route 0.0.0.0/0 10.240.33.254
!
router bgp 100
router-id 10.240.33.9
neighbor 192.168.1.20 remote-as 200
neighbor 192.168.1.20 update-source Management1
neighbor 192.168.1.20 ebgp-multihop 32
neighbor 192.168.1.20 send-community extended
neighbor 192.168.1.20 maximum-routes 12000
!
vni-aware-bundle qt-vni-bundle
rd 100:100
route-target both 100:100
redistribute service vxlan
!
address-family evpn
next-hop resolution disabled
neighbor 192.168.1.20 activate
!
management api http-commands
protocol http
no shutdown
!
end

Leaf DC-2:

! Command: show running-config
! device: Miami-Arista-7050SX-WH-2 (DCS-7050SX-64, EOS-4.23.1F)
!
! boot system flash:/EOS-4.23.1F.swi
!
transceiver qsfp default-mode 4x10G
!
ip security
ike policy ikebranch1
dh-group 15
!
sa policy sabranch1
sa lifetime 2 hours
pfs dh-group 14
!
profile hq
ike-policy ikebranch1
sa-policy sabranch1
shared-key <>
dpd 10 50 clear
!
hostname Miami-Arista-7050SX-WH-2
ip name-server vrf default 1.1.1.1
!
spanning-tree mode mstp
!
no aaa root
!
!
vlan 100
!
interface Recirc-Channel1
no switchport
switchport recirculation features vxlan
!
interface Ethernet1
switchport access vlan 100
!
interface Ethernet2
!
interface Ethernet3
!
interface Ethernet4
!
interface Ethernet5
!
interface Ethernet6
!
interface Ethernet7
!
interface Ethernet8
!
interface Ethernet9
!
interface Ethernet10
!
interface Ethernet11
!
interface Ethernet12
!
interface Ethernet13
!
interface Ethernet14
!
interface Ethernet15
!
interface Ethernet16
!
interface Ethernet17
!
interface Ethernet18
!
interface Ethernet19
!
interface Ethernet20
!
interface Ethernet21
!
interface Ethernet22
!
interface Ethernet23
!
interface Ethernet24
!
interface Ethernet25
!
interface Ethernet26
!
interface Ethernet27
!
interface Ethernet28
!
interface Ethernet29
!
interface Ethernet30
!
interface Ethernet31
!
interface Ethernet32
!
interface Ethernet33
!
interface Ethernet34
!
interface Ethernet35
!
interface Ethernet36
!
interface Ethernet37
!
interface Ethernet38
!
interface Ethernet39
!
interface Ethernet40
!
interface Ethernet41
!
interface Ethernet42
!
interface Ethernet43
!
interface Ethernet44
!
interface Ethernet45
traffic-loopback source system device mac
no switchport
channel-group recirculation 1
!
interface Ethernet46
!
interface Ethernet47
!
interface Ethernet48
!
interface Ethernet49/1
!
interface Ethernet49/2
!
interface Ethernet49/3
!
interface Ethernet49/4
!
interface Ethernet50/1
!
interface Ethernet50/2
!
interface Ethernet50/3
!
interface Ethernet50/4
!
interface Ethernet51/1
!
interface Ethernet51/2
!
interface Ethernet51/3
!
interface Ethernet51/4
!
interface Ethernet52/1
!
interface Ethernet52/2
!
interface Ethernet52/3
!
interface Ethernet52/4
!
interface Loopback1
ip address 172.16.1.2/32
!
interface Management1
ip address 192.168.1.22/24
!
interface Tunnel10
ip address 172.16.255.2/24
tunnel mode gre
tunnel source 192.168.1.22
tunnel destination 10.240.31.43
tunnel path-mtu-discovery
tunnel ttl 10
tunnel tos 10
!
interface Vxlan1
vxlan source-interface Loopback1
vxlan controller-client
vxlan udp-port 4789
vxlan vlan 100 vni 25100
vxlan learn-restrict any
!
ip routing
!
ip route 0.0.0.0/0 192.168.1.1
ip route 172.16.1.1/32 Tunnel10
!
management api http-commands
protocol http
no shutdown
!
management cvx
no shutdown
server host 192.168.1.20
source-interface Management1
!
end

CVX DC-2:

Arista-CVX-Miami#SHOW RUN
! Command: show running-config
! device: Arista-CVX-Miami (vEOS, EOS-4.23.2F)
!
! boot system flash:/vEOS-lab.swi
!
cvx
no shutdown
source-interface Management1
!
service vxlan
no shutdown
redistribute bgp evpn vxlan
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname Arista-CVX-Miami
ip name-server vrf default 1.1.1.1
!
spanning-tree mode mstp
!
no aaa root
!
vlan 2398
!
interface Ethernet1
no switchport
!
interface Ethernet2
!
interface Ethernet3
!
interface Management1
ip address 192.168.1.20/24
!
ip routing
!
ip route 0.0.0.0/0 192.168.1.1
!
router bgp 200
router-id 192.168.1.20
neighbor 10.240.33.9 remote-as 100
neighbor 10.240.33.9 update-source Management1
neighbor 10.240.33.9 ebgp-multihop 32
neighbor 10.240.33.9 send-community extended
neighbor 10.240.33.9 maximum-routes 12000
!
vni-aware-bundle qt-vni-bundle
rd 100:100
route-target both 100:100
redistribute service vxlan
!
address-family evpn
next-hop resolution disabled
neighbor 10.240.33.9 activate
!
management api http-commands
protocol http
no shutdown
!
end

0
Posted by Vikram
Answered on June 4, 2020 4:16 am

Hi Stanislav,

Looking through your configurations and diagram there appear to be a couple issues. First of it seems on the device labelled Leaf DC-2 you are using the mgmt interface as a tunnel source and your default route points out the management interface. The mgmt interface cannot be used to route thru traffic. You will have use a front panel interface for this. At this time it seems like you don't even have connectivity between the 2 endpoints from a GRE perspective. What you need to try and do is get the GRE Tunnel working and then ensure that the the VTEP loopbacks are able to ping each other.

Now coming to the VxLAN portion I am not absolutely certain about this but I suspect that even after you get the GRE tunnel working you will not be able to use VxLAN as I don't think we support VxLAN over GRE yet. I would suggest opening a Tac case in order to get this re-confirmed. Thanks

0
Posted by Victor
Answered on June 4, 2020 6:07 am

Hello Stanislav,

Looking through you configuration I notice that you have configured both Vxlan and GRE on the Leaf switches. I just wanted to point you to a limitation as documented in https://eos.arista.com/eos-4-21-1f/gre-tunneling-support/ where there is no coexistence support for GRE tunnel interfaces and VxLan.

Would be good to review this and make adjustments to your setup.

Let us know if your setup still does not work and we can take a look.

Thanks.

 

0
Posted by Victor
Answered on June 17, 2020 6:33 am

Hello Stanislav,

How did you go with the setup?

Did you manage to get it to work?

Thanks.

Post your Answer

You must be logged in to post an answer.