202012 Branch, When EVPN Vxlan Outer IP is the IP Adress of Loopback, Ping IP Address of Vxlan Tunnel is unreachable

sonic-net / SONiC

Landing page for Software for Open Networking in the Cloud (SONiC) - https://sonic-net.github.io/SONiC/

2.22k stars 1.12k forks source link

202012 Branch, When EVPN Vxlan Outer IP is the IP Adress of Loopback, Ping IP Address of Vxlan Tunnel is unreachable #793

Open AlanYoush opened 3 years ago

AlanYoush commented 3 years ago

When I configure EVPN Vxlan used source ip of Loopback like 1.1.1.1/32, It would learn vxlan remotevtep by bgp evpn. And then I configure the IP Address of Vxlan Tunnel like 100.1.1.1/24 and another is 100.1.1.2/24. Using command of "ping 100.1.1.2“ from "100.1.1.1"， Vxlan tunnel 100.1.1.2 would receive the arp request encapsulated by Vxlan Header in Kernel, but Vxlan tunnel 100.1.1.2 doesn't send the arp reply.

AlanYoush commented 3 years ago

I found that there is one netfilter rule 1.1.1.1 with target drop in linux kernel when I configure ip 1.1.1.1/32 on interface loopback. So vxlan packet is drop by this rule.