VXLAN can't ping each other after apply traffic policy

Latest reply: Dec 29, 2018 20:18:27 475 13 11 2

【ProblemDescription】

 

Please help to check since we can’t ping the same subnet between VXLAN after applytraffic-policy, but other different subnet is fine.

 


Below sample of config:

 

[~switch-COR01-acl4-advance-3024]dis this

#

aclnumber 3024

rule5 permit ip vpn-instance vrf_global destination 10.2.30.0 0.0.0.15

rule6 permit icmp vpn-instance vrf_global

rule9

 

bridge-domain 24

traffic-policy P3024 inbound                                      “we apply this one”


【ProblemAnalysis】

ask customer to explain the issue in details and feedback network topo diagnose information

customer request for remote troubleshooting and help

【Root Cause】

It is configuration issue and ACL deny the XVLAN underlay traffic

【SolutionDescription】

It is configuration issue and ACL deny the XVLAN underlay traffic

acl number 3024

 rule 9 deny ip vpn-instance vrf_global destination 172.16.0.0 0.15.255.255


acl 3024

undo rule 9


  • x
  • convention:

Skay Created Dec 22, 2018 13:53:01 Helpful(0) Helpful(0)

Good example and learned a lot .
  • x
  • convention:

yiyi0519 Created Dec 22, 2018 16:43:27 Helpful(0) Helpful(0)

VXLAN is used on the data center, can you introduce more about it?
  • x
  • convention:

Finn92 Created Dec 22, 2018 17:33:33 Helpful(0) Helpful(0)

so it's a traffic policy issue , maybe you can introduce VXlan more , i wonder to know it's feature .
  • x
  • convention:

wissal MVE Created Dec 23, 2018 01:49:02 Helpful(0) Helpful(0)

Detailed description of the problem and how to solve it.
  • x
  • convention:

wissal MVE Created Dec 23, 2018 01:50:03 Helpful(0) Helpful(0)

useful
  • x
  • convention:

yechao99 Created Dec 25, 2018 10:48:52 Helpful(0) Helpful(0)

VXLAN is new tech, study and hope for more
  • x
  • convention:

yjhd Created Dec 26, 2018 10:59:01 Helpful(0) Helpful(0)

rule 9 deny ip vpn-instance vrf_global destination 172.16.0.0 0.15.255.255
  • x
  • convention:

No.9527 Created Dec 26, 2018 11:07:15 Helpful(0) Helpful(0)

Defined in RFC 7348, Virtual eXtensible Local Area Network (VXLAN) is a Network Virtualization over Layer 3 (NVO3) technology that uses MAC-in-UDP encapsulation.
  • x
  • convention:

GongXiaochuan Created Dec 26, 2018 15:57:50 Helpful(0) Helpful(0)

customer the rule 9 has empty ,add below rule is working fine, good to know

rule 9 deny ip vpn-instance vrf_global destination 172.16.0.0 0.15.255.255
  • x
  • convention:

Good Good Study Day Day Up
12
Back to list

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top