VXLAN LAB testing on summit 670 G2 switches

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
  • (Edited)
Hi

We are currently playing around with vxlan in a lab enviroment.



We have a ospf routed enviroment as seen in the diagram.
We are trying to extend a L2 vlan across the network from one pc to the next using VXLAN (VPLS replacement)

The config for the switch on the left is as follows:

configure virtual-network local-endpoint ipaddress 172.16.1.1 vr "VR-Default"
create virtual-network "VNET1" flooding standard
configure virtual-network "VNET1" vxlan vni 1
configure virtual-network "VNET1" add vlan tenant1
configure virtual-network "VNET1" monitor on

The config for the switch on the right is as follows

configure virtual-network local-endpoint ipaddress 172.16.1.4 vr "VR-Default"
create virtual-network "VNET1" flooding standard
configure virtual-network "VNET1" vxlan vni 1
configure virtual-network "VNET1" add vlan tenant1
configure virtual-network "VNET1" monitor on

If we run the following show commands it would seem that the vxlan link up and running:

Lefthand Switch:

show virtual-network vxlan vni 1
Name : VNET1
Created By : CLI Tenant VRF : VR-Default
Tenant VLAN : tenant1
Local Endpoint : 172.16.1.1 Endpoint VRF : VR-Default
Stats Monitor : On
Flooding : Standard
== VXLAN Information ==
VNI : 1 (0.0.1)
Group IP : Inner Tag : Exclude
Remote Endpoints : 172.16.1.4 (VR-Default)
== End VXLAN Information ==

show virtual-network
Virtual Network Tenant VLAN
Encap ID Encap Flags
================================================================================
VNET1 tenant1
VXLAN 1 LRX
================================================================================
Encap Flags: (L) Local Endpoints Configured,
(R) Remote Endpoints Associated,
(X) Exclude Tag
----------------------------------------
Total number of Virtual Networks : 1
Local Endpoints : 172.16.1.1 (VR-Default)
Network Ports [VXLAN] : 1-64

******************************************************************************************************
Righthand Swith:

show virtual-network vxlan vni 1
Name : VNET1
Created By : CLI Tenant VRF : VR-Default
Tenant VLAN : tenant1
Local Endpoint : 172.16.1.4 Endpoint VRF : VR-Default
Stats Monitor : On
Flooding : Standard
== VXLAN Information ==
VNI : 1 (0.0.1)
Group IP : Inner Tag : Exclude
Remote Endpoints : 172.16.1.1 (VR-Default)
== End VXLAN Information ==

show virtual-network
Virtual Network Tenant VLAN
Encap ID Encap Flags
================================================================================
VNET1 tenant1
VXLAN 1 LRX
================================================================================
Encap Flags: (L) Local Endpoints Configured,
(R) Remote Endpoints Associated,
(X) Exclude Tag
----------------------------------------
Total number of Virtual Networks : 1
Local Endpoints : 172.16.1.4 (VR-Default)
Network Ports [VXLAN] : 1-64

If we look at the FDB we see the locally connected device MAC learned in the Tenant Vlan but never the remote connected client.
It would seem that broadcast traffic (ARP) is not sent across.

Any ideas??
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,192 Points 5k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,284 Points 10k badge 2x thumb
Hi,


Did you enable ospf vxlan extensions? If not you need to configure the remote vtep as well.
(Edited)
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,182 Points 5k badge 2x thumb
Hi Stephane, yes we have ospf vxlan extensions enabled. If you look at the above show virtual-networks output you will notice the remote peer is the opposite switch. This was automatically discovered via the ospf extensions
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,284 Points 10k badge 2x thumb
Indeed, LRX flag is good. Hard to read on a smartphone. You must be missing a basic thing on some other config. Jumbo frame maybe? Can you share ospf config on all routers?
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,170 Points 10k badge 2x thumb
Hi,

according to the documentation it should suffice to statically configure the remote VTEPs if the OSPF VLAN extension is not used. Sadly I have no X670s available to test this.

Erik
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,192 Points 5k badge 2x thumb
Hi Erik.... Lucky for me I have four 670's in my lab that needs configuration for a client, I am taking the opportunity to play before shipping the kit ;)
Photo of JS

JS, Employee

  • 630 Points 500 badge 2x thumb
hi,

maybe the following can help. [Single VXLAN Service-Single Tenant VLAN – Vlan ID 200 ]

JS




Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,192 Points 5k badge 2x thumb
Thx Guys

Not sure what the exact problem was the config matched everything from JS's post... (I had MPLS with VPLS ect also running)

I factory reset all the switch, rebuilt the OSPF network and then added the VXLAN config and all is working.

Thx for the quick response
All working
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,192 Points 5k badge 2x thumb
So I think I found my previous problem.

On the middle two 670's we did not enable the OSPF VXLAN extension.

As soon as we did this we have full access.

The funny thing is that if we looked at the virtual network it did discover each other and everything looked fine.


Lessons learned:

Enable OSPF vxlan extentions on all switches in the OSPF Network.

If this is not supported by the Core OSPF devices, use static remote peers and not OSPF for vxlan discovery


Thx
(Edited)
Photo of Grosjean, Stephane

Grosjean, Stephane, Employee

  • 13,284 Points 10k badge 2x thumb
That shouldn't be the case. What EXOS release are you using? Did you validate that when VPLS was also running or not?
Photo of Andre Brits Kannemeyer

Andre Brits Kannemeyer

  • 5,192 Points 5k badge 2x thumb
Mmmm ok I have tested this again and you are correct I have disabled the OSPF VXLAN Ext on the core and it is still going.

Thx
Photo of Erik Auerswald

Erik Auerswald, Embassador

  • 13,170 Points 10k badge 2x thumb
Without OSPF VXLAN extensions the respective LSAs should still be generated and flooded as "Opaque LSAs". Thus the information needed for endpoint discovery should cross OSPF routers that do not know how to interpret them.

Andre, do you see the VXLAN related LSAs in the LSDB?
show ospf lsdb detail
If there is a problem with flooding those LSAs it would take some time for them to age out before you would see an effect after disabling the OSPX VXLAN feature on the middle switches. But creating new VXLANs should show the problem.