No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Dynamic VxLAN using BGP EVPN does not work over IPSEC tunnel

Publication Date:  2019-02-15 Views:  614 Downloads:  0

Issue Description

Dynamic VxLAN tunnel can not be established using BGP EVPN through an IPSEC tunnel between sites.  only static VxLAN tunnel can be established.

Handling Process

BGP EVPN peer is established.


<CE6850U-HI>disp bgp instance myEVPN evpn peer

 BGP local router ID        : 172.16.1.16

 Local AS number            : 64512

 Total number of peers      : 3

 Peers in established state : 3


  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv

  172.16.1.1      4       64512     1835     1845     0 0026h34m Established        3

  192.168.21.1    4       64512       30       29     0 00:21:33 Established        2

  192.168.23.3    4       64512      219      203     0 02:41:33 Established        3



however, EVPN mac-route says next hop is invalid.

[~CE6850U-HI-Nve1]display bgp instance myEVPN evpn all routing-table mac-route 0:48:9c71-3a67-4321:0:0.0.0.0


 BGP local router ID : 172.16.1.16
 Local AS number : 64512

 Total routes of Route Distinguisher(5891:268437466): 1
 BGP routing table entry information of 0:48:9c71-3a67-4321:0:0.0.0.0:
 Label information (Received/Applied): 2010/NULL
 From: 192.168.23.3 (192.168.23.3)
 Route Duration: 0d00h22m35s
 Relay IP Nexthop: 0.0.0.0
 Relay Tunnel Out-Interface:
 Original nexthop: 192.168.23.3
 Qos information : 0x0
 Ext-Community: RT <2 : 2>, Tunnel Type <VxLan>, Mac Mobility <flag:1 seq:0 res:0>
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, internal, pre 255, invalid for nexthop route unreachable
 Route Type: 2 (MAC Advertisement Route)
 Ethernet Tag ID: 0, MAC Address/Len: 9c71-3a67-4321/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000
 Not advertised to any peer yet

Solution

static route needs to be added to remote sites NVE source IP address.


ip route-static 192.168.23.0 255.255.255.0 172.16.1.1


invalid message is gone after static route was configured, and VxLAN tunnel came up.

[~CE6850U-HI]display bgp instance myEVPN evpn all routing-table mac-route 0:48:9c71-3a67-4321:0:0.0.0.0


 BGP local router ID : 172.16.1.16
 Local AS number : 64512

 Total routes of Route Distinguisher(5891:268437466): 1
 BGP routing table entry information of 0:48:9c71-3a67-4321:0:0.0.0.0:
 Label information (Received/Applied): 2010/NULL
 From: 192.168.23.3 (192.168.23.3)
 Route Duration: 0d00h24m15s
 Relay IP Nexthop: 172.16.1.1
 Relay Tunnel Out-Interface: VXLAN
 Original nexthop: 192.168.23.3
 Qos information : 0x0
 Ext-Community: RT <2 : 2>, Tunnel Type <VxLan>, Mac Mobility <flag:1 seq:0 res:0>
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255
 Route Type: 2 (MAC Advertisement Route)
 Ethernet Tag ID: 0, MAC Address/Len: 9c71-3a67-4321/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000
 Not advertised to any peer yet


<CE6850U-HI>disp vxlan tunnel
Number of vxlan tunnel : 3
Tunnel ID   Source                Destination           State  Type     Uptime
-----------------------------------------------------------------------------------
4026531851  172.16.1.16           172.16.1.1            up     dynamic  02:08:30
4026531853  172.16.1.16           192.168.21.1          up     dynamic  00:26:45
4026531854  172.16.1.16           192.168.23.3          up     dynamic  00:26:45


END