[Troubleshooting Series] Case 27 Traffic flow unreachable on the VxLAN-unok

Created: Jan 14, 2019 11:22:27 484 0 0 0

Physical Network Topology

network where Traffic flow unreachable on the VxLAN

111536zcv31dp9a3zq00q1.png

 

Fault Description

It is unreachable to ping its gateway from server to gateway C when it passes through the VxLAN tunnel.

Configuration Files

l   SwitchA

!Software Version V100R005C10SPC200
dfs-group 1
 source ip 10.1.1.1 
#
ip tunnel mode gre
#
bridge-domain 10
 vxlan vni 5010
#
interface Eth-Trunk1
 peer-link 1
 port vlan exclude 1000 
#
interface Eth-Trunk10
 port default vlan 1000
 dfs-group 1 m-lag 500
#
interface Eth-Trunk10.1 mode l2
 encapsulation dot1q vid 4000
 bridge-domain 10
#  
interface 10GE2/0/1
 undo portswitch
 ip address 102.1.1.2 255.255.255.0
 device transceiver 1000BASE-X
#
interface Nve1
 source 5.5.5.5
 vni 5010 head-end peer-list 1.1.1.1
#
bgp 10088
 peer 102.1.1.1 as-number 10086
 #
 ipv4-family unicast
  import-route direct  
  peer 102.1.1.1 enable
#
ospf 100
 import-route direct
 import-route static
 area 0.0.0.0   
  network 5.5.5.5 0.0.0.0
  network 102.1.1.0 0.0.0.255

l   SwitchB

!Software Version V100R005C10SPC200
dfs-group 1
 source ip 10.1.1.2 
#
ip tunnel mode gre
#
mpls lsr-id 5.5.5.5
#
bridge-domain 10
 vxlan vni 5010
#
trill
#
traffic classifier test type or
 if-match ipv6 acl 3000
#
traffic behavior test
 redirect interface 10GE3/0/9
#
traffic policy test
 classifier test behavior test precedence 5
#
ospfv3 100
 area 0.0.0.0
#
interface Vlanif100
 ip address 10.1.1.2 255.255.255.0
 pim silent
 pim sm
 igmp enable
#
interface Vlanif1000
 ipv6 enable
 ip address 100.100.1.103 255.255.255.0
 ipv6 address 1000:1000::1/64
 vrrp vrid 1 virtual-ip 100.100.1.101
 vrrp6 vrid 2 virtual-ip FE80::5 link-local
 vrrp6 vrid 2 virtual-ip 1000:1000::1000
 traffic-policy test inbound 
#
interface Eth-Trunk1
 peer-link 1
 port vlan exclude 1000 
#
interface Eth-Trunk10
 port default vlan 1000
 dfs-group 1 m-lag 500
#
interface Eth-Trunk10.1 mode l2
 encapsulation dot1q vid 4000
 bridge-domain 10
#
interface 10GE3/0/2
 undo portswitch
 mtu 1300
 ipv6 enable
 ip address 107.1.1.2 255.255.255.0
 ipv6 address 100::2/64
 ospfv3 100 area 0.0.0.0
 jumboframe enable 1536
 device transceiver 1000BASE-X

interface Nve1
 source 5.5.5.5
 vni 5010 head-end peer-list 1.1.1.1
#
interface Tunnel1
 ipv6 enable
 ip address 13.13.13.14 255.255.255.0
 ipv6 address 100:100::100/64
 tunnel-protocol gre
 source 107.1.1.2
 destination 107.1.1.1
 ospfv3 100 area 0.0.0.0
#
bgp 10089
 peer 107.1.1.1 as-number 10086
 #
 ipv4-family unicast
  import-route direct  
  peer 107.1.1.1 enable
#
ospf 100
 import-route direct
 import-route static
 area 0.0.0.0
  network 5.5.5.5 0.0.0.0
  network 13.13.13.0 0.0.0.255
  network 107.1.1.0 0.0.0.255

l   SwitchC

!Software Version V100R005C10SPC200
dfs-group 1
 source ip 10.1.1.2 
#
ip tunnel mode gre
#
bridge-domain 10
 vxlan vni 5010
#
trill
#
acl ipv6 number 3000
 rule 1 permit ipv6 destination 100::/64
#
traffic classifier test type or
 if-match ipv6 acl 3000
#
traffic behavior test
 redirect interface 10GE3/0/9
#
traffic policy test
 classifier test behavior test precedence 5
#
ospfv3 100
 area 0.0.0.0
#
interface Vlanif100
 ip address 10.1.1.2 255.255.255.0
 pim silent
 pim sm
 igmp enable
#
interface Vlanif1000
 ipv6 enable
 ip address 100.100.1.103 255.255.255.0
 ipv6 address 1000:1000::1/64
 vrrp vrid 1 virtual-ip 100.100.1.101
 vrrp6 vrid 2 virtual-ip FE80::5 link-local
 vrrp6 vrid 2 virtual-ip 1000:1000::1000
 traffic-policy test inbound 
#
interface Eth-Trunk1
 peer-link 1
 port vlan exclude 1000 
#
interface Eth-Trunk10
 port default vlan 1000
 dfs-group 1 m-lag 500
#
interface Eth-Trunk10.1 mode l2
 encapsulation dot1q vid 4000
 bridge-domain 10
#
interface 10GE3/0/2
 undo portswitch
 mtu 1300
 ipv6 enable
 ip address 107.1.1.2 255.255.255.0
 ipv6 address 100::2/64
 ospfv3 100 area 0.0.0.0
 jumboframe enable 1536
 device transceiver 1000BASE-X
#
interface Nve1
 source 5.5.5.5
 vni 5010 head-end peer-list 1.1.1.1
#
interface Tunnel1
 ipv6 enable
 ip address 13.13.13.14 255.255.255.0
 ipv6 address 100:100::100/64
 tunnel-protocol gre
 source 107.1.1.2
 destination 107.1.1.1
 ospfv3 100 area 0.0.0.0
#
bgp 10089
 peer 107.1.1.1 as-number 10086
 #
 ipv4-family unicast
  import-route direct  
  peer 107.1.1.1 enable
#
ospf 100
 import-route direct
 import-route static
 area 0.0.0.0
  network 5.5.5.5 0.0.0.0
  network 13.13.13.0 0.0.0.255
  network 107.1.1.0 0.0.0.255 

l   Server

!Software Version V100R005C10SPC200
interface Vlanif1000
 ipv6 enable
 ip address 100.100.1.1 255.255.255.0
 ipv6 address 1000:1000::2/64
 ipv6 address auto link-local
#
interface Vlanif4000
 ip address 17.1.1.100 255.255.255.0
#
interface Eth-Trunk100
 port link-type trunk
 port trunk allow-pass vlan 4000
#
ip route-static 0.0.0.0 0.0.0.0 100.100.1.101
#
ipv6 route-static :: 0 1000:1000::1000 

Troubleshooting Procedure

                               Step 1      Use the command “display arp” to check whether the ARP entry is normal on server and find there is not ARP entry of gateway, it causes the unreachable PING.

111537iqvwcvbrl72q41no.png

                               Step 2      Configure the traffic policy and capture the packets on the inbound of traffic, find the ARP packets are received, but these ARP packets are not sent out through the VxLAN tunnel.

111538mj3fe8p4gacpp303.png

                               Step 3      Check the status and information of the VxLAN tunnel, find that it is normal to establish the VxLAN tunnel.

[~R4U13-CE12800-SWITCH-B]display vxlan tunnel

Number of vxlan tunnel : 1

Tunnel ID      Source              Destination      State  Type

--------------------------------------------------------------

4026531841     5.5.5.5          1.1.1.1          up     static

 

We suspect the VxLAN forwarding mode is not correct, and check the product document for this, we find that it must be configured to VxLAN mode, but it is GRE tunnel forwarding mode.

Soultion: After Changing the forwarding mode to VxLAN forwarding mode, then reboot the switch, all the businesses work fine. We check the ARP entry on server, the ARP entry is learned normally

111539jmc3f3m75x66he6i.png

And check the ARP entry on the gateway, it is also normal.

111540i4yvqz7x748jolvv.png

Root Cause

The configuration of GRE tunnel and VxLAN tunnel forwarding modes are mutually exclusive on CE12800 switch. it must be configured to VxLAN tunnel mode for VxLAN business, if it is GRE mode, the traffic flow will be dropped on the switch.


  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Fast reply Scroll to top