Traffic flow unreachable on the VxLAN-unok

Physical Network Topology

network where Traffic flow unreachable on the VxLAN

Fault Description

It is unreachable to ping its gateway from server to gateway C when it passes through the VxLAN tunnel.

Configuration Files

l  SwitchA

!Software Version V100R005C10SPC200
dfs-group 1
 source ip 10.1.1.1 
#
ip tunnel mode gre
#
bridge-domain 10
 vxlan vni 5010
#
interface Eth-Trunk1
 peer-link 1
 port vlan exclude 1000 
#
interface Eth-Trunk10
 port default vlan 1000
 dfs-group 1 m-lag 500
#
interface Eth-Trunk10.1 mode l2
 encapsulation dot1q vid 4000
 bridge-domain 10
#  
interface 10GE2/0/1
 undo portswitch
 ip address 102.1.1.2 255.255.255.0
 device transceiver 1000BASE-X
#
interface Nve1
 source 5.5.5.5
 vni 5010 head-end peer-list 1.1.1.1
#
bgp 10088
 peer 102.1.1.1 as-number 10086
 #
 ipv4-family unicast
  import-route direct  
  peer 102.1.1.1 enable
#
ospf 100
 import-route direct
 import-route static
 area 0.0.0.0   
  network 5.5.5.5 0.0.0.0
  network 102.1.1.0 0.0.0.255

l  SwitchB

!Software Version V100R005C10SPC200
dfs-group 1
 source ip 10.1.1.2 
#
ip tunnel mode gre
#
mpls lsr-id 5.5.5.5
#
bridge-domain 10
 vxlan vni 5010
#
trill
#
traffic classifier test type or
 if-match ipv6 acl 3000
#
traffic behavior test
 redirect interface 10GE3/0/9
#
traffic policy test
 classifier test behavior test precedence 5
#
ospfv3 100
 area 0.0.0.0
#
interface Vlanif100
 ip address 10.1.1.2 255.255.255.0
 pim silent
 pim sm
 igmp enable
#
interface Vlanif1000
 ipv6 enable
 ip address 100.100.1.103 255.255.255.0
 ipv6 address 1000:1000::1/64
 vrrp vrid 1 virtual-ip 100.100.1.101
 vrrp6 vrid 2 virtual-ip FE80::5 link-local
 vrrp6 vrid 2 virtual-ip 1000:1000::1000
 traffic-policy test inbound 
#
interface Eth-Trunk1
 peer-link 1
 port vlan exclude 1000 
#
interface Eth-Trunk10
 port default vlan 1000
 dfs-group 1 m-lag 500
#
interface Eth-Trunk10.1 mode l2
 encapsulation dot1q vid 4000
 bridge-domain 10
#
interface 10GE3/0/2
 undo portswitch
 mtu 1300
 ipv6 enable
 ip address 107.1.1.2 255.255.255.0
 ipv6 address 100::2/64
 ospfv3 100 area 0.0.0.0
 jumboframe enable 1536
 device transceiver 1000BASE-X
# 
interface Nve1
 source 5.5.5.5
 vni 5010 head-end peer-list 1.1.1.1
#
interface Tunnel1
 ipv6 enable
 ip address 13.13.13.14 255.255.255.0
 ipv6 address 100:100::100/64
 tunnel-protocol gre
 source 107.1.1.2
 destination 107.1.1.1
 ospfv3 100 area 0.0.0.0
#
bgp 10089
 peer 107.1.1.1 as-number 10086
 #
 ipv4-family unicast
  import-route direct  
  peer 107.1.1.1 enable
#
ospf 100
 import-route direct
 import-route static
 area 0.0.0.0
  network 5.5.5.5 0.0.0.0
  network 13.13.13.0 0.0.0.255
  network 107.1.1.0 0.0.0.255

l  SwitchC

!Software Version V100R005C10SPC200
dfs-group 1
 source ip 10.1.1.2 
#
ip tunnel mode gre
#
bridge-domain 10
 vxlan vni 5010
#
trill
#
acl ipv6 number 3000
 rule 1 permit ipv6 destination 100::/64
#
traffic classifier test type or
 if-match ipv6 acl 3000
#
traffic behavior test
 redirect interface 10GE3/0/9
#
traffic policy test
 classifier test behavior test precedence 5
#
ospfv3 100
 area 0.0.0.0
#
interface Vlanif100
 ip address 10.1.1.2 255.255.255.0
 pim silent
 pim sm
 igmp enable
#
interface Vlanif1000
 ipv6 enable
 ip address 100.100.1.103 255.255.255.0
 ipv6 address 1000:1000::1/64
 vrrp vrid 1 virtual-ip 100.100.1.101
 vrrp6 vrid 2 virtual-ip FE80::5 link-local
 vrrp6 vrid 2 virtual-ip 1000:1000::1000
 traffic-policy test inbound 
#
interface Eth-Trunk1
 peer-link 1
 port vlan exclude 1000 
#
interface Eth-Trunk10
 port default vlan 1000
 dfs-group 1 m-lag 500
#
interface Eth-Trunk10.1 mode l2
 encapsulation dot1q vid 4000
 bridge-domain 10
#
interface 10GE3/0/2
 undo portswitch
 mtu 1300
 ipv6 enable
 ip address 107.1.1.2 255.255.255.0
 ipv6 address 100::2/64
 ospfv3 100 area 0.0.0.0
 jumboframe enable 1536
 device transceiver 1000BASE-X
#
interface Nve1
 source 5.5.5.5
 vni 5010 head-end peer-list 1.1.1.1
#
interface Tunnel1
 ipv6 enable
 ip address 13.13.13.14 255.255.255.0
 ipv6 address 100:100::100/64
 tunnel-protocol gre
 source 107.1.1.2
 destination 107.1.1.1
 ospfv3 100 area 0.0.0.0
#
bgp 10089
 peer 107.1.1.1 as-number 10086
 #
 ipv4-family unicast
  import-route direct  
  peer 107.1.1.1 enable
#
ospf 100
 import-route direct
 import-route static
 area 0.0.0.0
  network 5.5.5.5 0.0.0.0
  network 13.13.13.0 0.0.0.255
  network 107.1.1.0 0.0.0.255 

l  Server

!Software Version V100R005C10SPC200
interface Vlanif1000
 ipv6 enable
 ip address 100.100.1.1 255.255.255.0
 ipv6 address 1000:1000::2/64
 ipv6 address auto link-local
#
interface Vlanif4000
 ip address 17.1.1.100 255.255.255.0
#
interface Eth-Trunk100
 port link-type trunk
 port trunk allow-pass vlan 4000
#
ip route-static 0.0.0.0 0.0.0.0 100.100.1.101
#
ipv6 route-static :: 0 1000:1000::1000 

Troubleshooting Procedure

                              Step 1     Use the command “display arp” to check whether the ARP entry is normal on server and find there is not ARP entry of gateway, it causes the unreachable PING.

                              Step 2     Configure the traffic policy and capture the packets on the inbound of traffic, find the ARP packets are received, but these ARP packets are not sent out through the VxLAN tunnel.

                              Step 3     Check the status and information of the VxLAN tunnel, find that it is normal to establish the VxLAN tunnel.

We suspect the VxLAN forwarding mode is not correct, and check the product document for this, we find that it must be configured to VxLAN mode, but it is GRE tunnel forwarding mode.

Soultion:After Changing the forwarding mode to VxLAN forwarding mode, then reboot the switch, all the businesses work fine. We check the ARP entry on server, the ARP entry is learned normally

And check the ARP entry on the gateway, it is also normal.

Root Cause

The configuration of GRE tunnel and VxLAN tunnel forwarding modes are mutually exclusive on CE12800 switch. it must be configured to VxLAN tunnel mode for VxLAN business, if it is GRE mode, the traffic flow will be dropped on the switch.