Got it

VXLAN can't ping each other after apply traffic policy

Latest reply: Dec 29, 2018 12:18:27 742 13 11 2

Problem description

Please help to check since we can’t ping the same subnet between VXLAN after applying traffic-policy, but another different subnet is fine.

Below a sample of config:


[~switch-COR01-acl4-advance-3024]dis this

#

aclnumber 3024

rule 5 permit ip vpn-instance vrf_global destination 10.2.30.0 0.0.0.15

rule 6 permit icmp vpn-instance vrf_global

rule 9

 

bridge-domain 24

traffic-policy P3024 inbound   “we apply this one”


Problem Analysis

Ask the customer to explain the issue in details and feedback network topo diagnose information. Customer request for remote troubleshooting and help.


Root Cause

It is a configuration issue and ACL deny the XVLAN underlay traffic.


SolutionDescription

It is a configuration issue and ACL deny the XVLAN underlay traffic.

acl number 3024

 rule 9 deny ip vpn-instance vrf_global destination 172.16.0.0 0.15.255.255

acl 3024

 undo rule 9


  • x
  • convention:

Skay
Created Dec 22, 2018 05:53:01 Helpful(0) Helpful(0)

Good example and learned a lot .
View more
  • x
  • convention:

yiyi0519
Created Dec 22, 2018 08:43:27 Helpful(0) Helpful(0)

VXLAN is used on the data center, can you introduce more about it?
View more
  • x
  • convention:

Finn92
Created Dec 22, 2018 09:33:33 Helpful(0) Helpful(0)

so it's a traffic policy issue , maybe you can introduce VXlan more , i wonder to know it's feature .
View more
  • x
  • convention:

wissal
MVE Created Dec 22, 2018 17:49:02 Helpful(0) Helpful(0)

Detailed description of the problem and how to solve it.
View more
  • x
  • convention:

I%20would%20like%20to%20share%20with%20you%20my%20experience%2C%20I'm%20telecommunications%20engineer%2C%20currently%20senior%20project%20manager%20at%20an%20operator%2C%20partner%20of%20Huawei%2C%20in%20the%20radio%20access%20network%20department%2C%20for%2020%20years%20I%20managed%20several%20types%20of%20projects%2C%20for%20the%20different%20nodes%20of%20the%20network.%3Cbr%2F%3EAt%20the%20same%20time%2C%20I%20give%20courses%20in%20universities%20as%20a%20temporary%2C%20to%20bring%20the%20operational%20side%20of%20telecommunication%20technologies%20to%20students%2C%20for%20network%20supervision%20systems%2C%20mobile%20radio%20networks%20and%20access%20networks%20et
wissal
MVE Created Dec 22, 2018 17:50:03 Helpful(0) Helpful(0)

useful
View more
  • x
  • convention:

I%20would%20like%20to%20share%20with%20you%20my%20experience%2C%20I'm%20telecommunications%20engineer%2C%20currently%20senior%20project%20manager%20at%20an%20operator%2C%20partner%20of%20Huawei%2C%20in%20the%20radio%20access%20network%20department%2C%20for%2020%20years%20I%20managed%20several%20types%20of%20projects%2C%20for%20the%20different%20nodes%20of%20the%20network.%3Cbr%2F%3EAt%20the%20same%20time%2C%20I%20give%20courses%20in%20universities%20as%20a%20temporary%2C%20to%20bring%20the%20operational%20side%20of%20telecommunication%20technologies%20to%20students%2C%20for%20network%20supervision%20systems%2C%20mobile%20radio%20networks%20and%20access%20networks%20et
yechao99
Created Dec 25, 2018 02:48:52 Helpful(0) Helpful(0)

VXLAN is new tech, study and hope for more
View more
  • x
  • convention:

yjhd
Created Dec 26, 2018 02:59:01 Helpful(0) Helpful(0)

rule 9 deny ip vpn-instance vrf_global destination 172.16.0.0 0.15.255.255
View more
  • x
  • convention:

No.9527
Created Dec 26, 2018 03:07:15 Helpful(0) Helpful(0)

Defined in RFC 7348, Virtual eXtensible Local Area Network (VXLAN) is a Network Virtualization over Layer 3 (NVO3) technology that uses MAC-in-UDP encapsulation.
View more
  • x
  • convention:

GongXiaochuan
Created Dec 26, 2018 07:57:50 Helpful(0) Helpful(0)

customer the rule 9 has empty ,add below rule is working fine, good to know

rule 9 deny ip vpn-instance vrf_global destination 172.16.0.0 0.15.255.255
View more
  • x
  • convention:

Good Good Study Day Day Up
12
Back to list

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.