Wired Intelligent Edge

 View Only
  • 1.  VXLAN LAB thru ESXI

    Posted Jun 21, 2023 05:07 PM

    I created 3 aruba cx vms. I have all configure for ospf/vxlan/evpn/ibgp looks good.

    I can see the local & remote mac address.

    vm1 & vm3

    -can see local & remote mac addresses from this cli show evpn mac-ip

    vm2

    • can see both remote mac address from this cli show evpn mac-ip

    The interface vlan is in vm1 for vm 2-3 it just a vlan only with assigned access interface.

    The issue is I cannot ping a device from device vm3 to vm1 and vice-versa.

    Firewall on both device is turn off.

    What am I missing?

    Thanks.



  • 2.  RE: VXLAN LAB thru ESXI

    Posted Jun 22, 2023 01:45 AM

    Can you ping the device gateway?




  • 3.  RE: VXLAN LAB thru ESXI

    Posted Jun 22, 2023 07:58 AM

    Yes, from VM 1 where the pc1 is located interface 8 (vlan access 3103)

    -VM1 is where interface vlan is created (x.x.x.1/24)

    No, from VM 3 where the pc2 is located interface 6 (vlan access 3103).

    -only vlan 3103




  • 4.  RE: VXLAN LAB thru ESXI

    Posted Jun 22, 2023 02:26 AM

    Have you enabled the Vswitch promiscuous mode?

    https://kb.vmware.com/s/article/1004099

     

    Regards,

    Matijs Busman






  • 5.  RE: VXLAN LAB thru ESXI

    Posted Jun 22, 2023 08:25 AM

    YES

    Under Virtual switches

    Interface

    Security

    All accept

    In port groups

    Security Inherit from vswitch




  • 6.  RE: VXLAN LAB thru ESXI

    Posted Jun 22, 2023 05:45 AM
    Edited by ArneO Jun 22, 2023 05:52 AM
      |   view attached

    Hi, it's not so easy to understand what you try to do.

    On all VMs you need dedicated L3 interfaces connected to the two other devices. With routing enabled. Can you ping all your "physical" interfaces? Then you need to have loopback interfaces for routing and VXLAN interface. Can you ping all of the loopbacks from everywhere? 

    L3  VTEPs are not supported. Jumboframes is not supported in the simulator.

    My simple EVPN-VXLAN lab in EVE-NG, configs and a drawing is attached.



    ------------------------------
    Arne Opdal
    ------------------------------



  • 7.  RE: VXLAN LAB thru ESXI

    Posted Jun 22, 2023 05:51 AM

    Here are the configs, they would not attach...

    hostname z1ArubaCX
    banner motd !
    All tilgang til dette systemet er begrenst og monitorert. Kun autorisert tilgang er akseptert.!
    !
    user admin group administrators password plaintext Pass0rd123!
    !
    aruba-central
        disable
    ssh server vrf mgmt
    !
    clock timezone europe/oslo
    !
    ntp server klokke.opdal.net
    ntp server h1-rpi1.opdal.net
    ntp enable
    ntp vrf mgmt
    !
    !
    vlan 1
    vlan 20
        name z1 VLAN 20 - EVPN
    vlan 40
        name z1 VLAN 40 - EVPN
    vlan 60
        name z1 VLAN 60 - EVPN
    !
    evpn
        vlan 20
            rd auto
            route-target export auto
            route-target import auto
        vlan 40
            rd auto
            route-target export auto
            route-target import auto
        vlan 60
            rd auto
            route-target export auto
            route-target import auto
    !
    !
    interface mgmt
       ip static 172.18.0.2/24
       default-gateway 172.18.0.1
       nameserver 91.90.45.8
    !
    !
    interface 1/1/1
       no shutdown
       ip address 172.18.1.10/31
       l3-counters
       ip ospf 1 area 0.0.0.0
    interface 1/1/2
       no shutdown
       ip address 172.18.1.12/31
       l3-counters
       ip ospf 1 area 0.0.0.0
    interface 1/1/3
       no shutdown
       no routing
       vlan access 20
    interface 1/1/4
       no shutdown
       no routing
       vlan access 40
    interface 1/1/5
       no shutdown
    interface 1/1/6
       no shutdown
    !
    interface loopback 0
       ip address 172.18.1.1/32
       ip ospf 1 area 0.0.0.0
    !
    !
    interface vxlan 1
        source ip 172.18.1.1
        no shutdown
        vni 20
            vlan 20
        vni 40
            vlan 40
        vni 60
            vlan 60
    !
    !
    router ospf 1 vrf default
        router-id 172.18.1.1
        area 0.0.0.0
    !
    router bgp 65001
        bgp router-id 172.18.1.1
        neighbor 172.18.1.2 remote-as 65001
        neighbor 172.18.1.2 update-source loopback 0
        neighbor 172.18.1.3 remote-as 65001
        neighbor 172.18.1.3 update-source loopback 0
        neighbor 172.18.1.4 remote-as 65001
        neighbor 172.18.1.4 update-source loopback 0
        address-family l2vpn evpn
            neighbor 172.18.1.2 activate
            neighbor 172.18.1.2 route-reflector-client
            neighbor 172.18.1.2 send-community extended
            neighbor 172.18.1.3 activate
            neighbor 172.18.1.3 route-reflector-client
            neighbor 172.18.1.3 send-community extended
            neighbor 172.18.1.4 activate
            neighbor 172.18.1.4 route-reflector-client
            neighbor 172.18.1.4 send-community extended
        exit-address-family
    !
    https-server vrf mgmt
    https-server rest access-mode read-write
    
    hostname z1ArubaCX1
    banner motd !
    All tilgang til dette systemet er begrenst og monitorert. Kun autorisert tilgang er akseptert.!
    !
    user admin group administrators password plaintext Pass0rd123!
    !
    aruba-central
        disable
    ssh server vrf mgmt
    !
    clock timezone europe/oslo
    !
    ntp server klokke.opdal.net
    ntp server h1-rpi1.opdal.net
    ntp enable
    ntp vrf mgmt
    !
    !
    vlan 1
    vlan 20
        name z1 VLAN 20 - EVPN
    vlan 40
        name z1 VLAN 40 - EVPN
    vlan 60
        name z1 VLAN 60 - EVPN
    !
    evpn
        vlan 20
            rd auto
            route-target export auto
            route-target import auto
        vlan 40
            rd auto
            route-target export auto
            route-target import auto
        vlan 60
            rd auto
            route-target export auto
            route-target import auto
    !
    !
    interface mgmt
       ip static 172.18.0.3/24
       default-gateway 172.18.0.1
       nameserver 91.90.45.8
    !
    !
    interface 1/1/1
       no shutdown
       ip address 172.18.1.14/31
       l3-counters
       ip ospf 1 area 0.0.0.0
    interface 1/1/2
       no shutdown
       no routing
       vlan access 20
    interface 1/1/3
       no shutdown
       no routing
       vlan access 40
    interface 1/1/4
       no shutdown
       ip address 172.18.1.11/31
       l3-counters
       ip ospf 1 area 0.0.0.0
    interface 1/1/5
       no shutdown
    interface 1/1/6
       no shutdown
    !
    interface loopback 0
       ip address 172.18.1.2/32
       ip ospf 1 area 0.0.0.0
    !
    !
    interface vxlan 1
        source ip 172.18.1.2
        no shutdown
        vni 20
            vlan 20
        vni 40
            vlan 40
        vni 60
            vlan 60
    !
    !
    router ospf 1 vrf default
        router-id 172.18.1.2
        area 0.0.0.0
    !
    router bgp 65001
        bgp router-id 172.18.1.2
        neighbor 172.18.1.1 remote-as 65001
        neighbor 172.18.1.1 update-source loopback 0
        address-family l2vpn evpn
            neighbor 172.18.1.1 activate
            neighbor 172.18.1.1 send-community extended
        exit-address-family
    !
    https-server vrf mgmt
    https-server rest access-mode read-write
    
    hostname z1ArubaCX2
    banner motd !
    All tilgang til dette systemet er begrenst og monitorert. Kun autorisert tilgang er akseptert.!
    !
    user admin group administrators password plaintext Pass0rd123!
    !
    aruba-central
        disable
    ssh server vrf mgmt
    !
    clock timezone europe/oslo
    !
    ntp server klokke.opdal.net
    ntp server h1-rpi1.opdal.net
    ntp enable
    ntp vrf mgmt
    !
    !
    vlan 1
    vlan 20
        name z1 VLAN 20 - EVPN
    vlan 40
        name z1 VLAN 40 - EVPN
    vlan 60
        name z1 VLAN 60 - EVPN
    !
    evpn
        vlan 20
            rd auto
            route-target export auto
            route-target import auto
        vlan 40
            rd auto
            route-target export auto
            route-target import auto
        vlan 60
            rd auto
            route-target export auto
            route-target import auto
    !
    !
    interface mgmt
       ip static 172.18.0.4/24
       default-gateway 172.18.0.1
       nameserver 91.90.45.8
    !
    !
    interface 1/1/1
       no shutdown
       ip address 172.18.1.16/31
       l3-counters
       ip ospf 1 area 0.0.0.0
    interface 1/1/2
       no shutdown
       no routing
       vlan access 20
    interface 1/1/3
       no shutdown
       no routing
       vlan access 40
    interface 1/1/4
       no shutdown
       ip address 172.18.1.13/31
       l3-counters
       ip ospf 1 area 0.0.0.0
    interface 1/1/5
       no shutdown
    interface 1/1/6
       no shutdown
    !
    interface loopback 0
       ip address 172.18.1.3/32
       ip ospf 1 area 0.0.0.0
    !
    !
    interface vxlan 1
        source ip 172.18.1.3
        no shutdown
        vni 20
            vlan 20
        vni 40
            vlan 40
        vni 60
            vlan 60
    !
    !
    router ospf 1 vrf default
        router-id 172.18.1.3
        area 0.0.0.0
    !
    router bgp 65001
        bgp router-id 172.18.1.3
        neighbor 172.18.1.1 remote-as 65001
        neighbor 172.18.1.1 update-source loopback 0
        address-family l2vpn evpn
            neighbor 172.18.1.1 activate
            neighbor 172.18.1.1 send-community extended
        exit-address-family
    !
    https-server vrf mgmt
    https-server rest access-mode read-write
    
    hostname z1ArubaCX3
    banner motd !
    All tilgang til dette systemet er begrenst og monitorert. Kun autorisert tilgang er akseptert.!
    !
    user admin group administrators password plaintext Pass0rd123!
    !
    aruba-central
        disable
    ssh server vrf mgmt
    !
    clock timezone europe/oslo
    !
    ntp server klokke.opdal.net
    ntp server h1-rpi1.opdal.net
    ntp enable
    ntp vrf mgmt
    !
    !
    vlan 1
    vlan 20
        name z1 VLAN 20 - EVPN
    vlan 40
        name z1 VLAN 40 - EVPN
    vlan 60
        name z1 VLAN 60 - EVPN
    !
    evpn
        vlan 20
            rd auto
            route-target export auto
            route-target import auto
        vlan 40
            rd auto
            route-target export auto
            route-target import auto
        vlan 60
            rd auto
            route-target export auto
            route-target import auto
    !
    !
    interface mgmt
       ip static 172.18.0.5/24
       default-gateway 172.18.0.1
       nameserver 91.90.45.8
    !
    !
    interface 1/1/1
       no shutdown
       ip address 172.18.1.15/31
       l3-counters
       ip ospf 1 area 0.0.0.0
    interface 1/1/2
       no shutdown
       ip address 172.18.1.17/31
       l3-counters
       ip ospf 1 area 0.0.0.0
    interface 1/1/3
       no shutdown
    interface 1/1/4
       no shutdown
    interface 1/1/5
       no shutdown
    interface 1/1/6
       no shutdown
    !
    interface loopback 0
       ip address 172.18.1.4/32
       ip ospf 1 area 0.0.0.0
    !
    !
    interface vxlan 1
        source ip 172.18.1.4
        no shutdown
        vni 20
            vlan 20
        vni 40
            vlan 40
        vni 60
            vlan 60
    !
    !
    router ospf 1 vrf default
        router-id 172.18.1.4
        area 0.0.0.0
    !
    router bgp 65001
        bgp router-id 172.18.1.4
        neighbor 172.18.1.1 remote-as 65001
        neighbor 172.18.1.1 update-source loopback 0
        address-family l2vpn evpn
            neighbor 172.18.1.1 activate
            neighbor 172.18.1.1 send-community extended
        exit-address-family
    !
    https-server vrf mgmt
    https-server rest access-mode read-write
    


    ------------------------------
    Arne Opdal
    ------------------------------