Re: [D] EVPN-VXLAN - IPv6 via SLAAC [cloudstack]

[via GitHub]

GitHub user tobzsc added a comment to the discussion: EVPN-VXLAN - IPv6 via 
SLAAC

I know you do ;) 

First some background information. We are using an EVPN+MPLS setup in our 
Juniper backbone which is providing connectivity. We have two gateways (MX204) 
which in this case terminate on two spines which do EVPN-MH. This is our cloud 
infrastructure based on EdgeCore devices running SONiC. Here we do EVPN+VXLAN.

We have checked several things and made some observations:
- IPv4 is running without any issues
- We cannot ping link-local addresses and made the observation that multicast 
packets (responsible for NDP and the RAs) are arriving but somehow disappearing 
on our physical links (of the KVM nodes). See tcpdump above - RAs are arriving 
on physical interface but are never seen on our vxlan or bridge interfaces
- When using unicast RAs and sending a ping requests from the router to one of 
the VM it worked for a couple of minutes. We are still trying to find out what 
is exactly wrong here. Seems to be an NDP issue which is also related to 
multicast.
- Connected a physical server directly to our Juniper backbone shows no 
problems with v4 and v6 
- We are now connecting a physical server to our EVPN+VXLAN cloud network to do 
the same tests here.

 The main configuration parts from the Juniper gear you requested:
```
trehn@fra01-pod01-a11-gw01> show configuration interfaces irb unit 200
description "CloudStack Public";
bandwidth 10g;
family inet {
    rpf-check {
        mode loose;
    }
    policer {
        arp ARP-LIMIT-DEFAULT;
    }
    address 62.x.x.1/24;
}
family inet6 {
    rpf-check {
        mode loose;
    }
    nd6-max-cache 1000;
    nd6-new-hold-limit 1000;
    address 2a00:x:x:103b::1/64;
}
mac 00:00:x:x:x:00;
```
and
```
trehn@fra01-pod01-a11-gw01> show configuration protocols router-advertisement
traceoptions {
    file ipv6-nd-trace;
    flag all;
}
interface irb.200 {
    solicit-router-advertisement-unicast;
    prefix 2a00:x:x:103b::/64;
}
```
The configuration is the same on both gateways.

To sum it up. The multicast IPv6 packets (for NDP, RAs, etc) are arriving on 
our physical interfaces (on the KVM nodes) with correct VNIs, payload, etc. But 
they never ever arrive on the vxlan nor the bridge interface. 

GitHub link: 
https://github.com/apache/cloudstack/discussions/8685#discussioncomment-8558729

----
This is an automatically sent email for users@cloudstack.apache.org.
To unsubscribe, please send an email to: users-unsubscr...@cloudstack.apache.org