This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Enterprise
Community Forums Switches
VXLAN can't ping each oth...

VXLAN can't ping each other after apply traffic policy

Latest reply: Dec 29, 2018 12:18:27 531 13 11 2
display all floors #1

【ProblemDescription】

 

Please help to check since we can’t ping the same subnet between VXLAN after applytraffic-policy, but other different subnet is fine.

 


Below sample of config:

 

[~switch-COR01-acl4-advance-3024]dis this

#

aclnumber 3024

rule5 permit ip vpn-instance vrf_global destination 10.2.30.0 0.0.0.15

rule6 permit icmp vpn-instance vrf_global

rule9

 

bridge-domain 24

traffic-policy P3024 inbound                                      “we apply this one”


【ProblemAnalysis】

ask customer to explain the issue in details and feedback network topo diagnose information

customer request for remote troubleshooting and help

【Root Cause】

It is configuration issue and ACL deny the XVLAN underlay traffic

【SolutionDescription】

It is configuration issue and ACL deny the XVLAN underlay traffic

acl number 3024

 rule 9 deny ip vpn-instance vrf_global destination 172.16.0.0 0.15.255.255


acl 3024

undo rule 9


  • x
  • convention:

Helpful (11) Favorite(2) Share Report
Skay
Created Dec 22, 2018 05:53:01 Helpful(0) Helpful(0)

Good example and learned a lot .
  • x
  • convention:
yiyi0519
Created Dec 22, 2018 08:43:27 Helpful(0) Helpful(0)

VXLAN is used on the data center, can you introduce more about it?
  • x
  • convention:
Finn92
Created Dec 22, 2018 09:33:33 Helpful(0) Helpful(0)

so it's a traffic policy issue , maybe you can introduce VXlan more , i wonder to know it's feature .
  • x
  • convention:
wissal
MVE Created Dec 22, 2018 17:49:02 Helpful(0) Helpful(0)

Detailed description of the problem and how to solve it.
  • x
  • convention:
Telecommunications%20engineer%2C%20currently%20senior%20project%20manager%20at%20an%20operator%2C%20partner%20of%20Huawei%2C%20in%20the%20radio%20access%20network%20department%2C%20for%2020%20years%20I%20managed%20several%20types%20of%20projects%2C%20for%20the%20different%20nodes%20of%20the%20network.
wissal
MVE Created Dec 22, 2018 17:50:03 Helpful(0) Helpful(0)

useful
  • x
  • convention:
Telecommunications%20engineer%2C%20currently%20senior%20project%20manager%20at%20an%20operator%2C%20partner%20of%20Huawei%2C%20in%20the%20radio%20access%20network%20department%2C%20for%2020%20years%20I%20managed%20several%20types%20of%20projects%2C%20for%20the%20different%20nodes%20of%20the%20network.
yechao99
Created Dec 25, 2018 02:48:52 Helpful(0) Helpful(0)

VXLAN is new tech, study and hope for more
  • x
  • convention:
yjhd
Created Dec 26, 2018 02:59:01 Helpful(0) Helpful(0)

rule 9 deny ip vpn-instance vrf_global destination 172.16.0.0 0.15.255.255
  • x
  • convention:
No.9527
Created Dec 26, 2018 03:07:15 Helpful(0) Helpful(0)

Defined in RFC 7348, Virtual eXtensible Local Area Network (VXLAN) is a Network Virtualization over Layer 3 (NVO3) technology that uses MAC-in-UDP encapsulation.
  • x
  • convention:
GongXiaochuan
Created Dec 26, 2018 07:57:50 Helpful(0) Helpful(0)

customer the rule 9 has empty ,add below rule is working fine, good to know

rule 9 deny ip vpn-instance vrf_global destination 172.16.0.0 0.15.255.255
  • x
  • convention:
Good Good Study Day Day Up
12
Back to list

Reply

Reply
Advanced
B Color Image Link Quote Code Smilies
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy Terms of Use
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

APP