Hey folks, having an issue that doesn't seem like it should happen and wondering if this is a design requirement for VXLAN or a bug, hopefully someone has seen this before.
I have two Nexus 9Ks (N9K-C93108TC-EX) on NX-OS 9.2(3). This is a lab setup. I was doing a proof of concept of VXLAN through an ASA<->ASA IPsec tunnel and got everything working. I am using BGP as an underlay for L2VNI. Each N9K has a routed port on a VLAN behind an ASA, with the ASAs static routing the Loopback IP to the routed interface of the N9K. Then each N9K has the VXLAN network off an access port. I wanted to add something else into my lab environment (unrelated to VXLAN: BGP route-based IKEv2 tunnels and AnyConnect). The rub was I wanted to push another VLAN to one of my N9Ks and tried moving the routed port to an SVI and then trunking that VLAN. All of a sudden I lost end-to-end connectivity through VXLAN. Loopbacks can still hit each other, and I can even see the end devices advertised correctly in show l2route evpn mac-ip all. I ripped the config apart and also tried setting the port on the N9K as an access port to my SVI, still no dice. As soon as I change the access port to a routed port and move the IP from the SVI to the port I get connectivity again. It's bonkers because all of the control plane works for the underlay. Please tell me I'm missing one command somewhere.
Topology:
No comments:
Post a Comment