Physical
Network Topology
network where Traffic flow unreachable on the VxLAN
Fault Description
It is unreachable to ping its gateway from server to gateway C when it passes through the VxLAN tunnel.
Configuration Files
l SwitchA
!Software Version V100R005C10SPC200
dfs-group 1
source ip 10.1.1.1
#
ip tunnel mode gre
#
bridge-domain 10
vxlan vni 5010
#
interface Eth-Trunk1
peer-link 1
port vlan exclude 1000
#
interface Eth-Trunk10
port default vlan 1000
dfs-group 1 m-lag 500
#
interface Eth-Trunk10.1 mode l2
encapsulation dot1q vid 4000
bridge-domain 10
#
interface 10GE2/0/1
undo portswitch
ip address 102.1.1.2 255.255.255.0
device transceiver 1000BASE-X
#
interface Nve1
source 5.5.5.5
vni 5010 head-end peer-list 1.1.1.1
#
bgp 10088
peer 102.1.1.1 as-number 10086
#
ipv4-family unicast
import-route direct
peer 102.1.1.1 enable
#
ospf 100
import-route direct
import-route static
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 102.1.1.0 0.0.0.255
l SwitchB
!Software Version V100R005C10SPC200
dfs-group 1
source ip 10.1.1.2
#
ip tunnel mode gre
#
mpls lsr-id 5.5.5.5
#
bridge-domain 10
vxlan vni 5010
#
trill
#
traffic classifier test type or
if-match ipv6 acl 3000
#
traffic behavior test
redirect interface 10GE3/0/9
#
traffic policy test
classifier test behavior test precedence 5
#
ospfv3 100
area 0.0.0.0
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
pim silent
pim sm
igmp enable
#
interface Vlanif1000
ipv6 enable
ip address 100.100.1.103 255.255.255.0
ipv6 address 1000:1000::1/64
vrrp vrid 1 virtual-ip 100.100.1.101
vrrp6 vrid 2 virtual-ip FE80::5 link-local
vrrp6 vrid 2 virtual-ip 1000:1000::1000
traffic-policy test inbound
#
interface Eth-Trunk1
peer-link 1
port vlan exclude 1000
#
interface Eth-Trunk10
port default vlan 1000
dfs-group 1 m-lag 500
#
interface Eth-Trunk10.1 mode l2
encapsulation dot1q vid 4000
bridge-domain 10
#
interface 10GE3/0/2
undo portswitch
mtu 1300
ipv6 enable
ip address 107.1.1.2 255.255.255.0
ipv6 address 100::2/64
ospfv3 100 area 0.0.0.0
jumboframe enable 1536
device transceiver 1000BASE-X
#
interface Nve1
source 5.5.5.5
vni 5010 head-end peer-list 1.1.1.1
#
interface Tunnel1
ipv6 enable
ip address 13.13.13.14 255.255.255.0
ipv6 address 100:100::100/64
tunnel-protocol gre
source 107.1.1.2
destination 107.1.1.1
ospfv3 100 area 0.0.0.0
#
bgp 10089
peer 107.1.1.1 as-number 10086
#
ipv4-family unicast
import-route direct
peer 107.1.1.1 enable
#
ospf 100
import-route direct
import-route static
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 13.13.13.0 0.0.0.255
network 107.1.1.0 0.0.0.255
l SwitchC
!Software Version V100R005C10SPC200
dfs-group 1
source ip 10.1.1.2
#
ip tunnel mode gre
#
bridge-domain 10
vxlan vni 5010
#
trill
#
acl ipv6 number 3000
rule 1 permit ipv6 destination 100::/64
#
traffic classifier test type or
if-match ipv6 acl 3000
#
traffic behavior test
redirect interface 10GE3/0/9
#
traffic policy test
classifier test behavior test precedence 5
#
ospfv3 100
area 0.0.0.0
#
interface Vlanif100
ip address 10.1.1.2 255.255.255.0
pim silent
pim sm
igmp enable
#
interface Vlanif1000
ipv6 enable
ip address 100.100.1.103 255.255.255.0
ipv6 address 1000:1000::1/64
vrrp vrid 1 virtual-ip 100.100.1.101
vrrp6 vrid 2 virtual-ip FE80::5 link-local
vrrp6 vrid 2 virtual-ip 1000:1000::1000
traffic-policy test inbound
#
interface Eth-Trunk1
peer-link 1
port vlan exclude 1000
#
interface Eth-Trunk10
port default vlan 1000
dfs-group 1 m-lag 500
#
interface Eth-Trunk10.1 mode l2
encapsulation dot1q vid 4000
bridge-domain 10
#
interface 10GE3/0/2
undo portswitch
mtu 1300
ipv6 enable
ip address 107.1.1.2 255.255.255.0
ipv6 address 100::2/64
ospfv3 100 area 0.0.0.0
jumboframe enable 1536
device transceiver 1000BASE-X
#
interface Nve1
source 5.5.5.5
vni 5010 head-end peer-list 1.1.1.1
#
interface Tunnel1
ipv6 enable
ip address 13.13.13.14 255.255.255.0
ipv6 address 100:100::100/64
tunnel-protocol gre
source 107.1.1.2
destination 107.1.1.1
ospfv3 100 area 0.0.0.0
#
bgp 10089
peer 107.1.1.1 as-number 10086
#
ipv4-family unicast
import-route direct
peer 107.1.1.1 enable
#
ospf 100
import-route direct
import-route static
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 13.13.13.0 0.0.0.255
network 107.1.1.0 0.0.0.255
l Server
!Software Version V100R005C10SPC200
interface Vlanif1000
ipv6 enable
ip address 100.100.1.1 255.255.255.0
ipv6 address 1000:1000::2/64
ipv6 address auto link-local
#
interface Vlanif4000
ip address 17.1.1.100 255.255.255.0
#
interface Eth-Trunk100
port link-type trunk
port trunk allow-pass vlan 4000
#
ip route-static 0.0.0.0 0.0.0.0 100.100.1.101
#
ipv6 route-static :: 0 1000:1000::1000
Troubleshooting Procedure
Step 1 Use the command “display arp” to check whether the ARP entry is normal on server and find there is not ARP entry of gateway, it causes the unreachable PING.
Step 2 Configure the traffic policy and capture the packets on the inbound of traffic, find the ARP packets are received, but these ARP packets are not sent out through the VxLAN tunnel.
Step 3 Check the status and information of the VxLAN tunnel, find that it is normal to establish the VxLAN tunnel.
[~R4U13-CE12800-SWITCH-B]display vxlan tunnel Number of vxlan tunnel : 1 Tunnel ID Source Destination State Type -------------------------------------------------------------- 4026531841 5.5.5.5 1.1.1.1 up static |
We suspect the VxLAN forwarding mode is not correct, and check the product document for this, we find that it must be configured to VxLAN mode, but it is GRE tunnel forwarding mode.
Soultion:After Changing the forwarding mode to VxLAN forwarding mode, then reboot the switch, all the businesses work fine. We check the ARP entry on server, the ARP entry is learned normally
And check the ARP entry on the gateway, it is also normal.
Root Cause
The configuration of GRE tunnel and VxLAN tunnel forwarding modes are mutually exclusive on CE12800 switch. it must be configured to VxLAN tunnel mode for VxLAN business, if it is GRE mode, the traffic flow will be dropped on the switch.
