Wired Intelligent Edge

 View Only
  • 1.  ArubaCX and EVPN/VXLAN

    Posted Dec 05, 2022 12:36 PM

    Hi everyone,

    I'm struggling with EVPN VXLAN config on my Aruba CX Switches.


    I do have 2 VSX Pairs for Server Distribution (SDSW) and 2 VSX Pairs for Client Distribution (CDSW), even as 2 VSX Pairs for Core Usage (CSW).

    Network Topology


    I want to implement EVPN/VXLAN to get my VLANs from one building to the other without the need for configuring the VLANs on the core.

    I would do it by MPLS, but the Aruba-CX 8325 does not support it in the way I need (like on Cisco Catalyst).

    But I also did not find a guide to configure a EVPN/VXLAN between to VSX Pairs. The Guides do only refer to a spine and leaf topology.

    I also tried some config variation from the exsiting guides, but it does not work as intended.
    Actually the config is with BGP as underlay and overlay transport layer, using loopbacks for evpn overlay and physical IPs for underlay.
    The Core layer is iBGP (Both VSX Pairs in same BGP AS 65000), and eBGP to all all Distribution VSX Pairs, with different AS for all VSX Pairs.


    For example, from one side all Pings looks fine (host-to-host, and host-to-all-Switches), BUT doing a Broadcast Ping I'm getting a DUP! message.
    As Broadcast will be expected in productive environment (like DHCP) Duplicates are not wanted....

    vw-2og-b221# ping 172.18.99.1
    PING 172.18.99.1 (172.18.99.1) 100(128) bytes of data.
    108 bytes from 172.18.99.1: icmp_seq=1 ttl=64 time=0.333 ms
    108 bytes from 172.18.99.1: icmp_seq=2 ttl=64 time=0.445 ms
    108 bytes from 172.18.99.1: icmp_seq=3 ttl=64 time=0.429 ms
    108 bytes from 172.18.99.1: icmp_seq=4 ttl=64 time=0.421 ms
    108 bytes from 172.18.99.1: icmp_seq=5 ttl=64 time=0.335 ms
    
    --- 172.18.99.1 ping statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4200ms
    rtt min/avg/max/mdev = 0.333/0.392/0.445/0.048 ms
    vw-2og-b221# ping 172.18.99.2
    PING 172.18.99.2 (172.18.99.2) 100(128) bytes of data.
    108 bytes from 172.18.99.2: icmp_seq=1 ttl=64 time=0.348 ms
    108 bytes from 172.18.99.2: icmp_seq=2 ttl=64 time=0.338 ms
    108 bytes from 172.18.99.2: icmp_seq=3 ttl=64 time=0.331 ms
    108 bytes from 172.18.99.2: icmp_seq=4 ttl=64 time=0.312 ms
    108 bytes from 172.18.99.2: icmp_seq=5 ttl=64 time=0.384 ms
    
    --- 172.18.99.2 ping statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4124ms
    rtt min/avg/max/mdev = 0.312/0.342/0.384/0.023 ms
    vw-2og-b221# ping 172.18.99.3
    PING 172.18.99.3 (172.18.99.3) 100(128) bytes of data.
    108 bytes from 172.18.99.3: icmp_seq=1 ttl=64 time=0.363 ms
    108 bytes from 172.18.99.3: icmp_seq=2 ttl=64 time=0.353 ms
    108 bytes from 172.18.99.3: icmp_seq=3 ttl=64 time=0.422 ms
    108 bytes from 172.18.99.3: icmp_seq=4 ttl=64 time=0.403 ms
    108 bytes from 172.18.99.3: icmp_seq=5 ttl=64 time=0.373 ms
    
    --- 172.18.99.3 ping statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4084ms
    rtt min/avg/max/mdev = 0.353/0.382/0.422/0.025 ms
    vw-2og-b221# ping 172.18.99.4
    PING 172.18.99.4 (172.18.99.4) 100(128) bytes of data.
    108 bytes from 172.18.99.4: icmp_seq=1 ttl=63 time=0.394 ms
    108 bytes from 172.18.99.4: icmp_seq=2 ttl=63 time=0.373 ms
    108 bytes from 172.18.99.4: icmp_seq=3 ttl=63 time=0.395 ms
    108 bytes from 172.18.99.4: icmp_seq=4 ttl=63 time=0.450 ms
    108 bytes from 172.18.99.4: icmp_seq=5 ttl=63 time=0.345 ms
    
    --- 172.18.99.4 ping statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4191ms
    rtt min/avg/max/mdev = 0.345/0.391/0.450/0.034 ms
    vw-2og-b221# ping 172.18.99.5
    PING 172.18.99.5 (172.18.99.5) 100(128) bytes of data.
    108 bytes from 172.18.99.5: icmp_seq=1 ttl=63 time=0.381 ms
    108 bytes from 172.18.99.5: icmp_seq=2 ttl=63 time=0.365 ms
    108 bytes from 172.18.99.5: icmp_seq=3 ttl=63 time=0.349 ms
    108 bytes from 172.18.99.5: icmp_seq=4 ttl=63 time=0.568 ms
    108 bytes from 172.18.99.5: icmp_seq=5 ttl=63 time=0.398 ms
    
    --- 172.18.99.5 ping statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4167ms
    rtt min/avg/max/mdev = 0.349/0.412/0.568/0.079 ms
    vw-2og-b221# ping 172.18.99.255
    WARNING: pinging broadcast address
    PING 172.18.99.255 (172.18.99.255) 100(128) bytes of data.
    108 bytes from 172.18.99.100: icmp_seq=1 ttl=64 time=0.180 ms
    108 bytes from 172.18.99.5: icmp_seq=1 ttl=63 time=0.617 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=1 ttl=64 time=0.856 ms (DUP!)
    108 bytes from 172.18.99.3: icmp_seq=1 ttl=64 time=1.02 ms (DUP!)
    108 bytes from 172.18.99.4: icmp_seq=1 ttl=63 time=1.22 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=1 ttl=63 time=1.39 ms (DUP!)
    108 bytes from 172.18.99.3: icmp_seq=1 ttl=64 time=1.51 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=1 ttl=64 time=1.62 ms (DUP!)
    108 bytes from 172.18.99.4: icmp_seq=1 ttl=63 time=1.74 ms (DUP!)
    108 bytes from 172.18.99.100: icmp_seq=2 ttl=64 time=0.137 ms
    108 bytes from 172.18.99.3: icmp_seq=2 ttl=64 time=0.490 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=2 ttl=64 time=0.615 ms (DUP!)
    108 bytes from 172.18.99.4: icmp_seq=2 ttl=63 time=0.734 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=2 ttl=63 time=0.862 ms (DUP!)
    108 bytes from 172.18.99.3: icmp_seq=2 ttl=64 time=0.987 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=2 ttl=64 time=1.15 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=2 ttl=63 time=1.26 ms (DUP!)
    108 bytes from 172.18.99.4: icmp_seq=2 ttl=63 time=1.38 ms (DUP!)
    108 bytes from 172.18.99.100: icmp_seq=3 ttl=64 time=0.136 ms
    108 bytes from 172.18.99.2: icmp_seq=3 ttl=64 time=0.588 ms (DUP!)
    108 bytes from 172.18.99.3: icmp_seq=3 ttl=64 time=0.810 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=3 ttl=63 time=0.987 ms (DUP!)
    108 bytes from 172.18.99.4: icmp_seq=3 ttl=63 time=1.15 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=3 ttl=64 time=1.29 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=3 ttl=63 time=1.40 ms (DUP!)
    108 bytes from 172.18.99.4: icmp_seq=3 ttl=63 time=1.52 ms (DUP!)
    108 bytes from 172.18.99.3: icmp_seq=3 ttl=64 time=1.64 ms (DUP!)
    108 bytes from 172.18.99.100: icmp_seq=4 ttl=64 time=0.145 ms
    108 bytes from 172.18.99.3: icmp_seq=4 ttl=64 time=0.463 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=4 ttl=64 time=0.586 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=4 ttl=63 time=0.717 ms (DUP!)
    108 bytes from 172.18.99.4: icmp_seq=4 ttl=63 time=0.837 ms (DUP!)
    108 bytes from 172.18.99.3: icmp_seq=4 ttl=64 time=0.954 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=4 ttl=64 time=1.07 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=4 ttl=63 time=1.19 ms (DUP!)
    108 bytes from 172.18.99.4: icmp_seq=4 ttl=63 time=1.31 ms (DUP!)
    108 bytes from 172.18.99.100: icmp_seq=5 ttl=64 time=0.136 ms
    ​


    From the other Building the Pings are not complety good, and I also get DUP! messages.
    Withe Broadcast Ping I get answer from .2 and .3 (Switches in Peer Building), but direct Ping to these addresses does not work.

    kaba-bu-r02# ping 172.18.99.255
    WARNING: pinging broadcast address
    PING 172.18.99.255 (172.18.99.255) 100(128) bytes of data.
    108 bytes from 172.18.99.200: icmp_seq=1 ttl=64 time=0.159 ms
    108 bytes from 172.18.99.4: icmp_seq=1 ttl=64 time=0.606 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=1 ttl=64 time=1.08 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=1 ttl=63 time=1.39 ms (DUP!)
    108 bytes from 172.18.99.4: icmp_seq=1 ttl=64 time=1.53 ms (DUP!)
    108 bytes from 172.18.99.3: icmp_seq=1 ttl=63 time=1.69 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=1 ttl=63 time=1.82 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=1 ttl=64 time=1.97 ms (DUP!)
    108 bytes from 172.18.99.3: icmp_seq=1 ttl=63 time=2.10 ms (DUP!)
    108 bytes from 172.18.99.100: icmp_seq=1 ttl=64 time=2.23 ms (DUP!)
    108 bytes from 172.18.99.200: icmp_seq=2 ttl=64 time=0.152 ms
    108 bytes from 172.18.99.4: icmp_seq=2 ttl=64 time=0.966 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=2 ttl=64 time=1.35 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=2 ttl=63 time=1.56 ms (DUP!)
    108 bytes from 172.18.99.4: icmp_seq=2 ttl=64 time=1.77 ms (DUP!)
    108 bytes from 172.18.99.3: icmp_seq=2 ttl=63 time=1.99 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=2 ttl=63 time=2.20 ms (DUP!)
    108 bytes from 172.18.99.3: icmp_seq=2 ttl=63 time=2.38 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=2 ttl=64 time=2.54 ms (DUP!)
    108 bytes from 172.18.99.100: icmp_seq=2 ttl=64 time=2.72 ms (DUP!)
    108 bytes from 172.18.99.200: icmp_seq=3 ttl=64 time=0.160 ms
    108 bytes from 172.18.99.4: icmp_seq=3 ttl=64 time=0.716 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=3 ttl=64 time=1.07 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=3 ttl=63 time=1.42 ms (DUP!)
    108 bytes from 172.18.99.4: icmp_seq=3 ttl=64 time=1.63 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=3 ttl=63 time=1.84 ms (DUP!)
    108 bytes from 172.18.99.3: icmp_seq=3 ttl=63 time=2.00 ms (DUP!)
    108 bytes from 172.18.99.3: icmp_seq=3 ttl=63 time=2.14 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=3 ttl=64 time=2.27 ms (DUP!)
    108 bytes from 172.18.99.100: icmp_seq=3 ttl=64 time=2.41 ms (DUP!)
    108 bytes from 172.18.99.200: icmp_seq=4 ttl=64 time=0.143 ms
    108 bytes from 172.18.99.4: icmp_seq=4 ttl=64 time=0.623 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=4 ttl=64 time=1.06 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=4 ttl=63 time=1.41 ms (DUP!)
    108 bytes from 172.18.99.4: icmp_seq=4 ttl=64 time=1.63 ms (DUP!)
    108 bytes from 172.18.99.3: icmp_seq=4 ttl=63 time=1.83 ms (DUP!)
    108 bytes from 172.18.99.2: icmp_seq=4 ttl=63 time=2.02 ms (DUP!)
    108 bytes from 172.18.99.5: icmp_seq=4 ttl=64 time=2.24 ms (DUP!)
    108 bytes from 172.18.99.3: icmp_seq=4 ttl=63 time=2.41 ms (DUP!)
    108 bytes from 172.18.99.100: icmp_seq=4 ttl=64 time=2.58 ms (DUP!)
    108 bytes from 172.18.99.200: icmp_seq=5 ttl=64 time=0.144 ms
    
    --- 172.18.99.255 ping statistics ---
    5 packets transmitted, 5 received, +36 duplicates, 0% packet loss, time 4006ms
    rtt min/avg/max/mdev = 0.143/1.559/2.722/0.741 ms
    kaba-bu-r02#
    kaba-bu-r02# ping 172.18.99.1
    PING 172.18.99.1 (172.18.99.1) 100(128) bytes of data.
    108 bytes from 172.18.99.1: icmp_seq=1 ttl=64 time=0.534 ms
    108 bytes from 172.18.99.1: icmp_seq=2 ttl=64 time=0.337 ms
    108 bytes from 172.18.99.1: icmp_seq=3 ttl=64 time=0.306 ms
    108 bytes from 172.18.99.1: icmp_seq=4 ttl=64 time=0.358 ms
    108 bytes from 172.18.99.1: icmp_seq=5 ttl=64 time=0.327 ms
    
    --- 172.18.99.1 ping statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4136ms
    rtt min/avg/max/mdev = 0.306/0.372/0.534/0.082 ms
    kaba-bu-r02# ping 172.18.99.2
    PING 172.18.99.2 (172.18.99.2) 100(128) bytes of data.
    From 172.18.99.200 icmp_seq=1 Destination Host Unreachable
    From 172.18.99.200 icmp_seq=2 Destination Host Unreachable
    From 172.18.99.200 icmp_seq=3 Destination Host Unreachable
    
    --- 172.18.99.2 ping statistics ---
    5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4100ms
    
    kaba-bu-r02# ping 172.18.99.3
    PING 172.18.99.3 (172.18.99.3) 100(128) bytes of data.
    From 172.18.99.200 icmp_seq=1 Destination Host Unreachable
    From 172.18.99.200 icmp_seq=2 Destination Host Unreachable
    From 172.18.99.200 icmp_seq=3 Destination Host Unreachable
    
    --- 172.18.99.3 ping statistics ---
    5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4104ms
    
    kaba-bu-r02# ping 172.18.99.4
    PING 172.18.99.4 (172.18.99.4) 100(128) bytes of data.
    108 bytes from 172.18.99.4: icmp_seq=1 ttl=64 time=0.333 ms
    108 bytes from 172.18.99.4: icmp_seq=2 ttl=64 time=0.420 ms
    108 bytes from 172.18.99.4: icmp_seq=3 ttl=64 time=0.333 ms
    108 bytes from 172.18.99.4: icmp_seq=4 ttl=64 time=0.317 ms
    108 bytes from 172.18.99.4: icmp_seq=5 ttl=64 time=0.404 ms
    
    --- 172.18.99.4 ping statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4153ms
    rtt min/avg/max/mdev = 0.317/0.361/0.420/0.042 ms
    kaba-bu-r02# ping 172.18.99.5
    PING 172.18.99.5 (172.18.99.5) 100(128) bytes of data.
    108 bytes from 172.18.99.5: icmp_seq=1 ttl=64 time=0.372 ms
    108 bytes from 172.18.99.5: icmp_seq=2 ttl=64 time=0.371 ms
    108 bytes from 172.18.99.5: icmp_seq=3 ttl=64 time=0.358 ms
    108 bytes from 172.18.99.5: icmp_seq=4 ttl=64 time=0.367 ms
    108 bytes from 172.18.99.5: icmp_seq=5 ttl=64 time=0.352 ms
    
    --- 172.18.99.5 ping statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4144ms
    rtt min/avg/max/mdev = 0.352/0.364/0.372/0.007 ms
    kaba-bu-r02# ping 172.18.99.100
    PING 172.18.99.100 (172.18.99.100) 100(128) bytes of data.
    108 bytes from 172.18.99.100: icmp_seq=1 ttl=64 time=0.639 ms
    108 bytes from 172.18.99.100: icmp_seq=2 ttl=64 time=0.669 ms
    108 bytes from 172.18.99.100: icmp_seq=3 ttl=64 time=0.629 ms
    108 bytes from 172.18.99.100: icmp_seq=4 ttl=64 time=0.600 ms
    108 bytes from 172.18.99.100: icmp_seq=5 ttl=64 time=0.755 ms
    
    --- 172.18.99.100 ping statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4104ms
    rtt min/avg/max/mdev = 0.600/0.658/0.755/0.053 ms
    kaba-bu-r02# ping 172.18.99.200
    PING 172.18.99.200 (172.18.99.200) 100(128) bytes of data.
    108 bytes from 172.18.99.200: icmp_seq=1 ttl=64 time=0.140 ms
    108 bytes from 172.18.99.200: icmp_seq=2 ttl=64 time=0.211 ms
    108 bytes from 172.18.99.200: icmp_seq=3 ttl=64 time=0.236 ms
    108 bytes from 172.18.99.200: icmp_seq=4 ttl=64 time=0.144 ms
    108 bytes from 172.18.99.200: icmp_seq=5 ttl=64 time=0.150 ms
    
    --- 172.18.99.200 ping statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4160ms
    rtt min/avg/max/mdev = 0.140/0.176/0.236/0.039 ms
    kaba-bu-r02#
    ​



    its even odd, that I can ping from one switch to another but not the other way.

    All configs have been atteched as txt files.

    Perhaps someone has a a idea or a guide to use EVPN/VXLAN between VSX Pairs in a classical 3-tier network topology...

    If I had to use full-mesh evpn between all Distribution switches instead of using the local core VSX Pair, that would be no problem.

    Thanks and kind regards

    Robert

    Attachment(s)

    txt
    csw-rz-r09.txt   6 KB 1 version
    txt
    csw-bu-r02.txt   6 KB 1 version
    txt
    cdsw-bu-r03.txt   12 KB 1 version
    txt
    csw-bu-r03.txt   6 KB 1 version
    txt
    csw-rz-r08.txt   6 KB 1 version
    txt
    cdsw-rz-r09.txt   12 KB 1 version
    txt
    cdsw-bu-r02.txt   12 KB 1 version
    txt
    cdsw-rz-r08.txt   11 KB 1 version


  • 2.  RE: ArubaCX and EVPN/VXLAN

    Posted Dec 06, 2022 09:11 AM
    Hi,

    The information that has been provided is not sufficient enough to troubleshoot. For example, I don't see the VRF configurations in the attachments.
    Rule of thumb for VSX is that from a routing perspective you are dealing with separate control planes, therefore you just treat each individual switch as a separate entity for dynamic routing (use different IP's for loopback on each VSX member). The best method is to start from scratch and build the setup in small steps. First, get the underlay operational (make sure that all the loopbacks are reachable, either through static routes or OSPF). Once that's done, get your BGP overlay operational. Again, start with small steps. Once all the neighbors have been established, get the initial EVPN operational for Layer 2 extensibility, you only have to configure this on the edge switches if you can reach end to end (access). If that's working get the layer 3 in overlay configured (VRF and routing instance in the vxlan interface).
    Once everything is configured then you can start to troubleshoot if things do not work.
    A very useful command on the edge switches is the "show bgp l2vpn evpn route-type x" command (x is the route-type). This will show you the MAC/IP/Subnet information that is exchanged by BGP.

    Hope this helps.



  • 3.  RE: ArubaCX and EVPN/VXLAN

    Posted Dec 06, 2022 05:55 PM
    Take a look here
    https://community.arubanetworks.com/blogs/dwan1/2020/05/11/dynamic-segmentation-virtual-network-based-tunneling-vnbt?CommunityKey=2fd943a6-8898-4dbe-915f-4f09e4d3c317

    Page 32 onwards has config samples
    The border VTEP has VSX.

    ------------------------------
    DWan
    ------------------------------