客户使用两台5560X-EI作为leaf配置二层手工vxlan,然后把网关设备放在underlay的华为设备上作为vxlan网络中的独立网关。
客户使用两台5560X-EI作为leaf配置二层手工vxlan,然后把网关设备放在underlay的华为设备上,隧道正常建立,两台leaf学习底下终端的mac正常,leaf1能学习到网关的mac,leaf2上可以学习到leaf底下终端泛洪来的mac,但是学习不到网关的mac,leaf1下的终端能ping通网关。
查看配置,leaf1的48口接电脑,把untag的数据包关联到vsi vlan18。此时leaf2可以通过vxlan隧道学习到这台电脑mac地址。电脑可以ping通网关。但leaf2学不到网关设备上相应vlan-interface的mac
interface
GigabitEthernet1/0/48
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 7 18
#
service-instance 2
encapsulation s-vid 2
xconnect vsi vlan2
#
service-instance 7
encapsulation s-vid 7
xconnect vsi vlan7
#
service-instance 18
encapsulation untag
xconnect vsi vlan18
#
#
interface Bridge-Aggregation5
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 7 18 1015
link-aggregation mode dynamic
undo stp enable
#
service-instance 2
encapsulation s-vid 2
xconnect vsi vlan2
#
service-instance 7
encapsulation s-vid 7
xconnect vsi vlan7
#
service-instance 18
encapsulation s-vid 18
xconnect vsi vlan18
#
查看隧道信息是正常建立,正常UP的
Leaf1:
[S5560X_HJ_5_1L-1]display interface Tunnel 18
Tunnel18
Current state: UP
Line protocol state: UP
Description: Tunnel18 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 172.0.1.129, destination 172.0.1.130
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Leaf2:
[S5560X_HJ_6_3L-1]display interface Tunnel 7
Tunnel7
Current state: UP
Line protocol state: UP
Description: Tunnel18 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 172.0.1.130, destination 172.0.1.129
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
display l2vpn vsi verbose查看vsi内ac口的情况,都是一一对应的,未发现异常。
Leaf01:
[S5560X_HJ_5_1L-1]display l2vpn vsi verbose
VSI Name: vlan18
VSI Index : 0
VSI Description : to-vlan 18
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 18
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel18 0x5000012 UP Manual Disabled
ACs:
AC Link ID State Type
BAGG5 srv18 0 Up Manual
GE1/0/48 srv18 1 up Manual
VSI Name: vlan2
VSI Index : 2
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 2
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel18 0x5000012 UP Manual Disabled
ACs:
AC Link ID State Type
GE1/0/48 srv2 0 up Manual
BAGG5 srv2 1 Up Manual
VSI Name: vlan7
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 7
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel18 0x5000012 UP Manual Disabled
ACs:
AC Link ID State Type
GE1/0/48 srv7 0 up Manual
BAGG5 srv7 1 Up Manual
Leaf2:
[S5560X_HJ_6_3L-1]display l2vpn vsi verbose
VSI Name: 18
VSI Index : 2
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 18
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel18 0x5000012 UP Manual Disabled
ACs:
AC Link ID State Type
BAGG1 srv18 0 Up Manual 聚合1是和二层交换机做的聚合,作为AC接入
VSI Name: vlan2
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 2
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel18 0x5000012 UP Manual Disabled
ACs:
AC Link ID State Type
BAGG1 srv2 0 Up Manual
VSI Name: vlan7
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 7
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel18 0x5000012 UP Manual Disabled
ACs:
AC Link ID State Type
BAGG1
srv7 0
Up Manual
目前看设备上的配置和vxlan隧道情况都是正常的,那为什么leaf2学不到网关的arp呢,反馈研发分析,原因是S5560X-EI不支持隧道口和AC口共用一个物理口,此时只会有一个生效,所以导致leaf1上连独立网关的聚合5口,只能生效一个角色,比如从leaf2来的报文从聚合5进来解封装后,无法再从聚合5这个AC口发出去,因为此时只有隧道口生效,或者说聚合5口作为AC口,独立网关发来的报文从聚合5口上来做VXLAN封装,但是无法再从聚合5口这个隧道口发出去,此时只有AC口生效。
S5560X-EI不支持隧道口和AC口共用一个物理口,该限制为硬件限制,建议现场调整组网,避免该情况出现。