Print

某局点 S5560X-54C-EI vxlan学不到网关mac

2小时前 发表

组网及说明

客户使用两台5560X-EI作为leaf配置二层手工vxlan,然后把网关设备放在underlay的华为设备上作为vxlan网络中的独立网关。


问题描述

客户使用两台5560X-EI作为leaf配置二层手工vxlan,然后把网关设备放在underlay的华为设备上,隧道正常建立,两台leaf学习底下终端的mac正常,leaf1能学习到网关的mac,leaf2上可以学习到leaf底下终端泛洪来的mac,但是学习不到网关的mac,leaf1下的终端能ping通网关。

过程分析

查看配置,leaf148口接电脑,把untag的数据包关联到vsi vlan18。此时leaf2可以通过vxlan隧道学习到这台电脑mac地址。电脑可以ping通网关。但leaf2学不到网关设备上相应vlan-interfacemac


interface GigabitEthernet1/0/48
 port link-mode bridge
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 2 7 18
 #
 service-instance 2
  encapsulation s-vid 2
  xconnect vsi vlan2
 #
 service-instance 7
  encapsulation s-vid 7
  xconnect vsi vlan7
 #
 service-instance 18
  encapsulation untag
  xconnect vsi vlan18
#

#

interface Bridge-Aggregation5

port link-type trunk

undo port trunk permit vlan 1

port trunk permit vlan 2 7 18 1015

link-aggregation mode dynamic

undo stp enable

#

service-instance 2

  encapsulation s-vid 2

  xconnect vsi vlan2

#

service-instance 7

  encapsulation s-vid 7

  xconnect vsi vlan7

#

service-instance 18

  encapsulation s-vid 18

  xconnect vsi vlan18

#

 查看隧道信息是正常建立,正常UP的

Leaf1

[S5560X_HJ_5_1L-1]display interface Tunnel 18

Tunnel18

Current state: UP

Line protocol state: UP

Description: Tunnel18 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Last clearing of counters: Never

Tunnel source 172.0.1.129, destination 172.0.1.130

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

 

Leaf2

[S5560X_HJ_6_3L-1]display interface Tunnel 7

Tunnel7

Current state: UP

Line protocol state: UP

Description: Tunnel18 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Last clearing of counters: Never

Tunnel source 172.0.1.130, destination 172.0.1.129

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops


display l2vpn vsi verbose查看vsi内ac口的情况,都是一一对应的,未发现异常。


Leaf01


[S5560X_HJ_5_1L-1]display l2vpn vsi verbose

VSI Name: vlan18

  VSI Index               : 0

  VSI Description         : to-vlan 18

  VSI State               : Up

  MTU                     : 1500

  Bandwidth               : -

  Broadcast Restrain      : -

  Multicast Restrain      : -

  Unknown Unicast Restrain: -

  MAC Learning            : Enabled

  MAC Table Limit         : -

  MAC Learning rate       : -

  Drop Unknown            : -

  Flooding                : Enabled

  Statistics              : Disabled

  VXLAN ID                : 18

  Tunnels:

    Tunnel Name          Link ID    State    Type        Flood proxy

    Tunnel18             0x5000012  UP       Manual      Disabled

  ACs:

    AC                               Link ID  State       Type   

    BAGG5 srv18                      0        Up          Manual 

    GE1/0/48 srv18                   1        up        Manual 

               

VSI Name: vlan2

  VSI Index               : 2

  VSI State               : Up

  MTU                     : 1500

  Bandwidth               : -

  Broadcast Restrain      : -

  Multicast Restrain      : -

  Unknown Unicast Restrain: -

  MAC Learning            : Enabled

  MAC Table Limit         : -

  MAC Learning rate       : -

  Drop Unknown            : -

  Flooding                : Enabled

  Statistics              : Disabled

  VXLAN ID                : 2

  Tunnels:

    Tunnel Name          Link ID    State    Type        Flood proxy

    Tunnel18             0x5000012  UP       Manual      Disabled

  ACs:

    AC                               Link ID  State       Type   

    GE1/0/48 srv2                    0        up       Manual 

    BAGG5 srv2                       1        Up          Manual 

               

VSI Name: vlan7

  VSI Index               : 1

  VSI State               : Up

  MTU                     : 1500

  Bandwidth               : -

  Broadcast Restrain      : -

  Multicast Restrain      : -

  Unknown Unicast Restrain: -

  MAC Learning            : Enabled

  MAC Table Limit         : -

  MAC Learning rate       : -

  Drop Unknown            : -

  Flooding                : Enabled

  Statistics              : Disabled

  VXLAN ID                : 7

  Tunnels:

    Tunnel Name          Link ID    State    Type        Flood proxy

    Tunnel18             0x5000012  UP       Manual      Disabled

  ACs:

    AC                               Link ID  State       Type   

    GE1/0/48 srv7                    0        up        Manual 

    BAGG5 srv7                       1        Up          Manual 

 

Leaf2

[S5560X_HJ_6_3L-1]display l2vpn vsi verbose

VSI Name: 18

  VSI Index               : 2

  VSI State               : Up

  MTU                     : 1500

  Bandwidth               : -

  Broadcast Restrain      : -

  Multicast Restrain      : -

  Unknown Unicast Restrain: -

  MAC Learning            : Enabled

  MAC Table Limit         : -

  MAC Learning rate       : -

  Drop Unknown            : -

  Flooding                : Enabled

  Statistics              : Disabled

  VXLAN ID                : 18

  Tunnels:

    Tunnel Name          Link ID    State    Type        Flood proxy

    Tunnel18             0x5000012  UP       Manual      Disabled

  ACs:

    AC                               Link ID  State       Type   

    BAGG1 srv18                      0        Up          Manual   聚合1是和二层交换机做的聚合,作为AC接入

 

 

VSI Name: vlan2

  VSI Index               : 0

  VSI State               : Up

  MTU                     : 1500

  Bandwidth               : -

  Broadcast Restrain      : -

  Multicast Restrain      : -

  Unknown Unicast Restrain: -

  MAC Learning            : Enabled

  MAC Table Limit         : -

  MAC Learning rate       : -

  Drop Unknown            : -

  Flooding                : Enabled

  Statistics              : Disabled

  VXLAN ID                : 2

  Tunnels:

    Tunnel Name          Link ID    State    Type        Flood proxy

    Tunnel18             0x5000012  UP       Manual      Disabled

  ACs:

    AC                               Link ID  State       Type   

    BAGG1 srv2                       0        Up          Manual 

 

VSI Name: vlan7

  VSI Index               : 1

  VSI State               : Up

  MTU                     : 1500

  Bandwidth               : -

  Broadcast Restrain      : -

  Multicast Restrain      : -

  Unknown Unicast Restrain: -

  MAC Learning            : Enabled

  MAC Table Limit         : -

  MAC Learning rate       : -

  Drop Unknown            : -

  Flooding                : Enabled

  Statistics              : Disabled

  VXLAN ID                : 7

  Tunnels:

    Tunnel Name          Link ID    State    Type        Flood proxy

    Tunnel18             0x5000012  UP       Manual      Disabled

  ACs:

    AC                               Link ID  State       Type   

    BAGG1 srv7                       0        Up          Manual


目前看设备上的配置和vxlan隧道情况都是正常的,那为什么leaf2学不到网关的arp呢,反馈研发分析,原因是S5560X-EI不支持隧道口和AC口共用一个物理口,此时只会有一个生效,所以导致leaf1上连独立网关的聚合5口,只能生效一个角色,比如从leaf2来的报文从聚合5进来解封装后,无法再从聚合5这个AC口发出去,因为此时只有隧道口生效,或者说聚合5口作为AC口,独立网关发来的报文从聚合5口上来做VXLAN封装,但是无法再从聚合5口这个隧道口发出去,此时只有AC口生效。


解决方法

S5560X-EI不支持隧道口和AC口共用一个物理口,该限制为硬件限制,建议现场调整组网,避免该情况出现。