VXLAN can't ping each other after apply traffic policy

Latest reply: Dec 29, 2018 12:18:27 592 13 11 2

ProblemDescription

 

Please help to check since we can’t ping the same subnet between VXLAN after applytraffic-policy, but other different subnet is fine.

 Below sample of config:

 

[~switch-COR01-acl4-advance-3024]dis this

#

aclnumber 3024

rule5 permit ip vpn-instance vrf_global destination 10.2.30.0 0.0.0.15

rule6 permit icmp vpn-instance vrf_global

rule9

 

bridge-domain 24

traffic-policy P3024 inbound                                      “we apply this one”


ProblemAnalysis

ask customer to explain the issue in details and feedback network topo diagnose information

customer request for remote troubleshooting and help


Root Cause

It is configuration issue and ACL deny the XVLAN underlay traffic


SolutionDescription

It is configuration issue and ACL deny the XVLAN underlay traffic

acl number 3024

 rule 9 deny ip vpn-instance vrf_global destination 172.16.0.0 0.15.255.255


acl 3024

undo rule 9


  • x
  • convention:

GongXiaochuan
Created Dec 26, 2018 07:57:50 Helpful(0) Helpful(0)

customer the rule 9 has empty ,add below rule is working fine, good to know

rule 9 deny ip vpn-instance vrf_global destination 172.16.0.0 0.15.255.255
  • x
  • convention:

Good Good Study Day Day Up
Torrent
Created Dec 28, 2018 06:12:28 Helpful(0) Helpful(0)

good example, thanks for sharing
  • x
  • convention:

yechao99
Created Dec 29, 2018 01:59:34 Helpful(0) Helpful(0)

If a message indicating that the service fails to be delivered because of insufficient resources is displayed on the switch when this function is configured, you are advised to configure MQC-based traffic statistics collection.

For the CE12800, traffic statistics collection on a Layer 2 sub-interface is mutually exclusive with BD traffic statistics collection and VLAN traffic statistics collection
  • x
  • convention:

SupperRobin
Created Dec 29, 2018 03:38:12 Helpful(0) Helpful(0)

The number of applied rules that contain "range" has reached or exceeded the maximum.

S7700 and S9700: The S series cards support 16 TCP or UDP port ranges and the E series cards support 32 TCP or UDP port ranges. When the number of ranges applied in the inbound direction exceeds the maximum, the preceding error is reported.
  • x
  • convention:

littlestone
Created Dec 29, 2018 12:18:27 Helpful(0) Helpful(0)

VXLAN (Virtual Extensible LAN) is a network virtualization technology, which is based on IP network and adopts two-tier VPN technology in the form of "MAC in UDP" encapsulation. Expansion issues in attempting to improve deployment of large cloud computing
  • x
  • convention:

12
Back to list

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login