[c-nsp] EVPN/VXLAN on ASR9001 - MACs not installed

Gert Doering gert at greenie.muc.de
Tue Mar 31 07:51:40 EDT 2020 

Hi,

On Sun, Mar 29, 2020 at 11:52:03AM +0200, Gert Doering wrote:
> I'm trying to make EVPN via VXLAN encapsulation work between two ASR9001
> (with the goal of eventually making it work between ASR9001 and Arista
> boxes, but right now I'm failing ASR9001 <-> ASR9001 already).

Just to keep you amused... it's the simple things that make a difference.

After experimenting around for many hours, with and without explicit
RDs and RTs, I'm back to a very basic config with "everything on auto",
with one significant difference:

interface nve1
 member vni 102799
  host-reachability protocol bgp
 !
 overlay-encapsulation vxlan
 source-interface Loopback30
 ingress-replication protocol bgp   <<<< this!
!

so now I see BGP peers talking and exchanging type 1, 2, 3, 4 routes
(great!), and "show evpn evi" and "show evpn evi mac" confirms "yes,
we have MAC addresses and VXLAN transport, with the right VNI"

RP/0/RSP0/CPU0:M52#sh evpn evi mac
Tue Mar 31 13:24:28.939 MEDST

VPN-ID     Encap  MAC address    IP address                               Nexthop                                 Label   
---------- ------ -------------- ---------------------------------------- --------------------------------------- --------
2799       MPLS   3cfd.febd.7835 ::                                       TenGigE0/0/2/2.2799                     24022   
2799       MPLS   3cfd.febd.7835 10.27.99.2                               TenGigE0/0/2/2.2799                     24022   
2799       MPLS   a80c.0d56.503f ::                                       BVI2799                                 24022   
65535      N/A    a80c.0d56.503d ::                                       Local                                   0       
102799     VXLAN  0050.569c.338e ::                                       195.30.3.251                            102799  
102799     VXLAN  0050.569c.338e 10.27.99.10                              195.30.3.251                            102799  
102799     VXLAN  00c1.6465.920f ::                                       195.30.3.251                            102799  
102799     VXLAN  9803.9b97.8f36 ::                                       195.30.3.249                            102799  


... but now the next major puzzlement is hitting me - only MAC addresses
that point to singlehomed ES (ESI 0) get installed:

RP/0/RSP0/CPU0:M52#show l2vpn forw bridge-domain vlandb:v2799 mac loc 0/0/CPU0 
..
Mac Address    Type    Learned from/Filtered on    LC learned Resync Age/Last Change Mapped to       
-------------- ------- --------------------------- ---------- ---------------------- --------------  
3cfd.febd.7835 dynamic Te0/0/2/2.2799              N/A        31 Mar 12:33:28        N/A             
9803.9b97.8f36 EVPN    BD id: 0(nve1)              N/A        N/A                    195.30.3.249    
a80c.0d56.503f routed  BD id: 0                    N/A        N/A                    N/A             

though the other addresses *should* be fine, according to "show evpn":

RP/0/RSP0/CPU0:M52#sh evpn evi mac 00c1.6465.920f det                          
Tue Mar 31 13:26:11.520 MEDST

VPN-ID     Encap  MAC address    IP address                               Nexthop                                 Label   
---------- ------ -------------- ---------------------------------------- --------------------------------------- --------
102799     VXLAN  00c1.6465.920f ::                                       195.30.3.251                            102799  
   Ethernet Tag                            : 0
   Multi-paths Resolved                    : True
   Multi-paths Internal label              : 24031
   Local Static                            : No
   Remote Static                           : Yes
   Local Ethernet Segment                  : N/A
   Remote Ethernet Segment                 : 0034.0000.0000.0000.00ff
   Local Sequence Number                   : N/A
   Remote Sequence Number                  : 0
   Local Encapsulation                     : N/A
   Remote Encapsulation                    : VXLAN


I see "Multi-paths Resolved : True" as indication that it knows which
router is forwarder for 0034.0000.0000.0000.00ff and the route should
be eligible for installation.


Those hosts that have MACs that are in the L2FIB can talk to each other,
but only if I setup static ARP entries - flooding (broadcast) from
"local attachment circuit" to "vtep" still does not work.

So, next question :-)

 - should I be seeing peers sending IMET routes in "show nve peers"
   (output is empty)

 - how to figure out why it's not flooding?

   (Type 3 routes are there for :102799 and look reasonable)

 - how to figure out why it's not installing non-0 EVI routes?

documentation is out there, but there's way too many knobs... :-/

gert
-- 
"If was one thing all people took for granted, was conviction that if you 
 feed honest figures into a computer, honest figures come out. Never doubted 
 it myself till I met a computer with a sense of humor."
                             Robert A. Heinlein, The Moon is a Harsh Mistress

Gert Doering - Munich, Germany                             gert at greenie.muc.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20200331/b81c9cf8/attachment-0001.sig>

More information about the cisco-nsp mailing list