Route advertisement received from EVPN peer is not installed on the T0-VRF routing table
search cancel

Route advertisement received from EVPN peer is not installed on the T0-VRF routing table

book

Article ID: 374319

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

After a dataplane restart or an edge reboot, you may notice that EVPN traffic is being dropped. Upon inspecting the VRF VNI on the service router, you might observe that the interface is displayed as either "downlink" or "uplink" rather than br-interface.

Example of Non-Working Configuration:

edge(tier0_sr[2])> get vrf vni

VRF              VNI    VxLAN IF    L3-SVI        State  Rmac

VRF-100      1000  vxlan-1000  br-1000        Up     02:50:56:00:00:0b
VRF-101      1001  vxlan-1001  downlink-89 Up    02:50:56:56:44:42
VRF-102      1002  vxlan-1002  br-1002        Up     02:50:56:00:00:0b
VRF-103      1003  vxlan-1003  br-1003        Up     02:50:56:00:00:0b
VRF-104      1004  vxlan-1004  br-1004        Up     02:50:56:00:00:0b

In a working EVPN VRF configuration, all SVI entries should be displayed as br-id.

Example of Working Configuration:

VRF              VNI    VxLAN IF    L3-SVI        State  Rmac

VRF-100      1000  vxlan-1000  br-1000        Up     02:50:56:00:00:0b
VRF-101      1001  vxlan-1001  br-1001        Up     02:50:56:56:44:42
VRF-102      1002  vxlan-1002  br-1002        Up     02:50:56:00:00:0b
VRF-103      1003  vxlan-1003  br-1003        Up     02:50:56:00:00:0b
VRF-104      1004  vxlan-1004  br-1004        Up     02:50:56:00:00:0b

Environment

VMware NSX

Cause

The issue occurs because the SVI interfaces of the T0-VRF are expected to use a bridge interface, such as br-1001. However, the SVI interface has been incorrectly updated to "uplink" or "downlink." This typically happens when there is a collision between the interface indexes of kni-lport-eth0 and a bridge interface.

In this scenario, kni-lport-eth0 and br-1001 have the same interface index. Interface indexes are generated by the Linux Kernel and are unique within their own namespace but not across different namespaces. kni-lport-eth0 is created in the default namespace, while user interfaces like downlinks, uplinks, VXLAN, and bridge interfaces are created in the plr_sr namespace. Since the EVPN control plane is only aware of the plr_sr namespace, it incorrectly updates the SVI interface to "downlink-89," a sub-interface of kni-lport-eth0.

To validate the issue, use the following command:

#show evpn vni detail


The SVI interface should point to a bridge interface. In cases where it points to an uplink interface, as shown below, the configuration is incorrect.

Example of Non-Working VNI Interface:

VNI: 1001
  Type: L3
  Tenant VRF: VRF-101
  Local Vtep IP: 10.196.103.130
  VxLAN Intf: vxlan-358021
  SVI If: uplink-downlink-89  -----> This should be br-1001 Interface



Example of Working VNI Interface:

VNI: 1001
  Type: L3
  Tenant VRF: VRF-101
  Local Vtep IP: 10.196.103.130
  VxLAN Intf: vxlan-358091
  SVI If: br-1001  -----> Correct Interface
  State: Up
  VNI Filter: none
  Router MAC: 02:50:56:00:74:00
  L2 VNIs: 

Resolution

Although a dataplane restart or edge reboot may resolve the issue, this is not the recommended solution. Instead, it is advisable to place the edge into maintenance mode and then exit maintenance mode. This issue has been addressed and fixed in the following releases:

3.2.4.0, 4.2.0 and 4.1.2.4

Powered by Wolken Software