Network Topology
Problem Description
in S9850/S6800 evpn/Vxlan network, leaf have the arp of end device, and end device have the arp of gateway in leaf,
but :
1. leaf cannot ping end device
2. end device cannot ping leaf gateway
At the same time, end device 1 under leaf 1 can ping end device 2 under leaf 1, and can ping end device 3 under leaf 2.
For 9850/6850 devices:
The AC port is allowed to pass through the vlan corresponding to the S-VID, but cannot be pinged
interface Bridge-Aggregation223
link-aggregation mode dynamic
# The AC interface has not been released to the corresponding vlan2022, nor has the corresponding vlan2022 been created
service-instance 2002
encapsulation s-vid 2002
xconnect vsi 18001
For 6800 devices now:
There is no problem with the same configuration as 9850/6850, and it can be pinged normally.
Process Analysis
There are related restrictions on the 9850/6850 device.
For the AC packets sent to the CPU, the device will detect the port vlan. Therefore, if the corresponding vlan is not permitted, it cannot be pinged.
For the 6800 device now, there are no relevant restrictions. For the AC packets sent from the CPU, you can also ping if the corresponding vlan is not released.
For the scenario of pass-through forwarding, no vlan check will be performed. Even if the corresponding vlan is not permitted, both devices can be pinged normally.
Solution
The S9850/S6850:
AC port allows the corresponding vlan to pass down, and the corresponding vlan is also created on the device
#
vlan xxx
#
interface Bridge-Aggregation223
port trunk permit vlan xxx
#
S6800 does not involve now. In the future, machanism of S6800 will change and the AC interface also need permit the vlan.