2 Experiment 2: Implementing Cisco VxLAN & centralized gateway based on Multicast

1. Description

Same as the previous article “1 Experiment 1: Implementing Cisco VxLAN & centralized gateway based on static Ingress Replication”, implementing VxLAN based on Multicast also uses traffic-driven MAC address flooding learning and VTEP neighbor establishment. , there is no control level;
Unlike implementing VxLAN based on Static Ingress Replication, implementing VxLAN based on Multicast does not require manual configuration of peers for each VNI;
The tunnel between VTEPs will be automatically established when traffic is triggered, that is, data-driven;
Different from using Static Ingress Replication to forward BUM (broadcast, unknown unicast, multicast) traffic, forwarding BUM traffic based on Multicast can effectively save the bandwidth of the VTEP uplink (see multicast network characteristics for details).

2. VxLAN experiment based on Multicast

2.1 Experimental environment

Tools	Version	Remarks
EVE-NG	2.0.3-105	Emulator
Cisco Nexus 9000v	7.0. 3.I7.8	Switches that support VxLAN, N9K1, N9K-2, N9K-3 and N9K-4 in the topology
Wireshark	3.2.2	Packet capture software

2.2 Experimental topology

image.png

N9K1, N9K-2, N9K-3 and N9K-4 run the OSPF protocol;
N9K1, N9K-2, N9K-3 and N9K-4 run PIM Sparse Mode, where the PIM RP is 1.1.1.1;
Enable PC1, PC2 and PC3 to communicate with each other.

2.3 Experimental configuration

2.3.1 Configuring Underlay three-layer network

The interconnection interface and loopback interface of the device are advertised into OSPF Area 0.

N9K-1 Configuration:

feature ospf
router ospf n9k-1
  router-id 1.1.1.1

interface Ethernet1/1
  no switchport
  mtu 9216
  IP address 10.1.1.1/30
  ip ospf network point-to-point
  ip router ospf n9k-1 area 0.0.0.0
  no shutdown

interface Ethernet1/2
  no switchport
  mtu 9216
  IP address 10.1.1.5/30
  ip ospf network point-to-point
  ip router ospf n9k-1 area 0.0.0.0
  no shutdown

interface Ethernet1/3
  no switchport
  mtu 9216
  IP address 10.1.1.9/30
  ip ospf network point-to-point
  ip router ospf n9k-1 area 0.0.0.0
  no shutdown

interface loopback0
  ip address 1.1.1.1/32
  ip router ospf n9k-1 area 0.0.0.0

N9K-2 Configuration:

vlan 10
featureospf
router ospf n9k-2
  router-id 2.2.2.2

interface Ethernet1/1
  no switchport
  mtu 9216
  IP address 10.1.1.2/30
  ip ospf network point-to-point
  ip router ospf n9k-2 area 0.0.0.0
  no shutdown

interface loopback0
  IP address 2.2.2.2/32
  ip router ospf n9k-2 area 0.0.0.0

interface Ethernet1/2
  switchport access vlan 10
  spanning-tree port type edge

N9K-3 Configuration:

vlan 10
featureospf
router ospf n9k-3
  router-id 3.3.3.3

interface Ethernet1/1
  no switchport
  mtu 9216
  IP address 10.1.1.6/30
  ip ospf network point-to-point
  ip router ospf n9k-3 area 0.0.0.0
  no shutdown

interface loopback0
  IP address 3.3.3.3/32
  ip router ospf n9k-3 area 0.0.0.0

interface Ethernet1/2
  switchport access vlan 10
  spanning-tree port type edge

N9K-4 Configuration:

vlan 10
featureospf
router ospf n9k-4
  router-id 4.4.4.4

interface Ethernet1/1
  no switchport
  mtu 9216
  IP address 10.1.1.10/30
  ip ospf network point-to-point
  ip router ospf n9k-4 area 0.0.0.0
  no shutdown

interface loopback0
  IP address 4.4.4.4/32
  ip router ospf n9k-4 area 0.0.0.0

interface Ethernet1/2
  switchport access vlan 10
  spanning-tree port type edge

Configuration verification:
View the N9K-1 OSPF routing table:

N9K-1# show ip route ospf
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

2.2.2.2/32, ubest/mbest: 1/0
    *via 10.1.1.2, Eth1/1, [110/41], 2d10h, ospf-n9k-1, intra
3.3.3.3/32, ubest/mbest: 1/0
    *via 10.1.1.6, Eth1/2, [110/41], 2d10h, ospf-n9k-1, intra
4.4.4.4/32, ubest/mbest: 1/0
    *via 10.1.1.10, Eth1/3, [110/41], 2d10h, ospf-n9k-1, intra

View the N9K-2 OSPF routing table:

N9K-2# show ip route ospf
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

1.1.1.1/32, ubest/mbest: 1/0
    *via 10.1.1.1, Eth1/1, [110/41], 2d10h, ospf-n9k-2, intra
3.3.3.3/32, ubest/mbest: 1/0
    *via 10.1.1.1, Eth1/1, [110/81], 2d10h, ospf-n9k-2, intra
4.4.4.4/32, ubest/mbest: 1/0
    *via 10.1.1.1, Eth1/1, [110/81], 2d10h, ospf-n9k-2, intra
10.1.1.4/30, ubest/mbest: 1/0
    *via 10.1.1.1, Eth1/1, [110/80], 2d10h, ospf-n9k-2, intra
10.1.1.8/30, ubest/mbest: 1/0
    *via 10.1.1.1, Eth1/1, [110/80], 2d10h, ospf-n9k-2, intra

View the N9K-3 OSPF routing table:

N9K-3# show ip route ospf
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

1.1.1.1/32, ubest/mbest: 1/0
    *via 10.1.1.5, Eth1/1, [110/41], 2d10h, ospf-n9k-3, intra
2.2.2.2/32, ubest/mbest: 1/0
    *via 10.1.1.5, Eth1/1, [110/81], 2d10h, ospf-n9k-3, intra
4.4.4.4/32, ubest/mbest: 1/0
    *via 10.1.1.5, Eth1/1, [110/81], 2d10h, ospf-n9k-3, intra
10.1.1.0/30, ubest/mbest: 1/0
    *via 10.1.1.5, Eth1/1, [110/80], 2d10h, ospf-n9k-3, intra
10.1.1.8/30, ubest/mbest: 1/0
    *via 10.1.1.5, Eth1/1, [110/80], 2d10h, ospf-n9k-3, intra

View the N9K-4 OSPF routing table:

N9K-4# show ip route ospf
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

1.1.1.1/32, ubest/mbest: 1/0
    *via 10.1.1.9, Eth1/1, [110/41], 2d10h, ospf-n9k-4, intra
2.2.2.2/32, ubest/mbest: 1/0
    *via 10.1.1.9, Eth1/1, [110/81], 2d10h, ospf-n9k-4, intra
3.3.3.3/32, ubest/mbest: 1/0
    *via 10.1.1.9, Eth1/1, [110/81], 2d10h, ospf-n9k-4, intra
10.1.1.0/30, ubest/mbest: 1/0
    *via 10.1.1.9, Eth1/1, [110/80], 2d10h, ospf-n9k-4, intra
10.1.1.4/30, ubest/mbest: 1/0
    *via 10.1.1.9, Eth1/1, [110/80], 2d10h, ospf-n9k-4, intra

2.3.2 Configuring Underlay Multicast Network

Multicast is enabled on the device’s interconnection interface and loopback interface.

N9K-1 Configuration:

feature pim
ip pim rp-address 1.1.1.1 group-list 239.0.0.0/24

interface loopback0
  ip pim sparse-mode

interface Ethernet1/1
  ip pim sparse-mode

interface Ethernet1/2
  ip pim sparse-mode

interface Ethernet1/3
  ip pim sparse-mode

N9K-2 Configuration:

feature pim
ip pim rp-address 1.1.1.1 group-list 239.0.0.0/24

interface loopback0
  ip pim sparse-mode

interface Ethernet1/1
  ip pim sparse-mode

N9K-3 Configuration:

feature pim
ip pim rp-address 1.1.1.1 group-list 239.0.0.0/24

interface loopback0
  ip pim sparse-mode

interface Ethernet1/1
  ip pim sparse-mode

N9K-4 Configuration:

feature pim
ip pim rp-address 1.1.1.1 group-list 239.0.0.0/24

interface loopback0
  ip pim sparse-mode

interface Ethernet1/1
  ip pim sparse-mode

Configuration verification:

First, you should use the command “show ip pim neighbor” to check the multicast neighbor;
The complete multicast routing table will be available only when BUM packets trigger multicast traffic. The following multicast routing table is for reference.

View the N9K-1 Multicast routing table:

N9K-1# show ip mroute
IP Multicast Routing Table for VRF "default"

(*, 232.0.0.0/8), uptime: 06:25:14, pim ip
  Incoming interface: Null, RPF nbr: 0.0.0.0
  Outgoing interface list: (count: 0)

(*, 239.0.0.1/32), uptime: 06:11:39, pim ip
  Incoming interface: loopback0, RPF nbr: 1.1.1.1
  Outgoing interface list: (count: 3)
    Ethernet1/1, uptime: 00:00:49, pim
    Ethernet1/2, uptime: 00:00:55, pim
    Ethernet1/3, uptime: 00:01:02, pim

(2.2.2.2/32, 239.0.0.1/32), uptime: 06:11:18, pim mrib ip
  Incoming interface: Ethernet1/1, RPF nbr: 10.1.1.2, internal
  Outgoing interface list: (count: 3)
    Ethernet1/1, uptime: 00:00:49, pim, (RPF)
    Ethernet1/2, uptime: 00:00:55, pim
    Ethernet1/3, uptime: 00:01:02, pim

(3.3.3.3/32, 239.0.0.1/32), uptime: 06:11:06, pim mrib ip
  Incoming interface: Ethernet1/2, RPF nbr: 10.1.1.6, internal
  Outgoing interface list: (count: 3)
    Ethernet1/1, uptime: 00:00:49, pim
    Ethernet1/2, uptime: 00:00:55, pim, (RPF)
    Ethernet1/3, uptime: 00:01:02, pim

(4.4.4.4/32, 239.0.0.1/32), uptime: 06:10:58, pim mrib ip
  Incoming interface: Ethernet1/3, RPF nbr: 10.1.1.10, internal
  Outgoing interface list: (count: 3)
    Ethernet1/3, uptime: 00:00:39, pim, (RPF)
    Ethernet1/1, uptime: 00:00:49, pim
    Ethernet1/2, uptime: 00:00:55, pim

View the N9K-2 Multicast routing table:

N9K-2# show ip mroute
IP Multicast Routing Table for VRF "default"

(*, 232.0.0.0/8), uptime: 06:26:48, pim ip
  Incoming interface: Null, RPF nbr: 0.0.0.0
  Outgoing interface list: (count: 0)

(*, 239.0.0.1/32), uptime: 06:13:07, ip pim nve
  Incoming interface: Ethernet1/1, RPF nbr: 10.1.1.1
  Outgoing interface list: (count: 1)
    nve1, uptime: 00:02:16, nve

(2.2.2.2/32, 239.0.0.1/32), uptime: 06:13:07, mrib ip pim nve
  Incoming interface: loopback0, RPF nbr: 2.2.2.2
  Outgoing interface list: (count: 1)
    Ethernet1/1, uptime: 00:02:29, pim

View the N9K-3 Multicast routing table:

N9K-3# show ip mroute
IP Multicast Routing Table for VRF "default"

(*, 232.0.0.0/8), uptime: 06:26:50, pim ip
  Incoming interface: Null, RPF nbr: 0.0.0.0
  Outgoing interface list: (count: 0)

(*, 239.0.0.1/32), uptime: 06:13:15, ip pim nve
  Incoming interface: Ethernet1/1, RPF nbr: 10.1.1.5
  Outgoing interface list: (count: 1)
    nve1, uptime: 00:02:36, nve

(3.3.3.3/32, 239.0.0.1/32), uptime: 06:13:15, mrib ip pim nve
  Incoming interface: loopback0, RPF nbr: 3.3.3.3
  Outgoing interface list: (count: 1)
    Ethernet1/1, uptime: 00:02:43, pim

View the N9K-4 Multicast routing table:

N9K-4# show ip mroute
IP Multicast Routing Table for VRF "default"

(*, 232.0.0.0/8), uptime: 06:27:20, pim ip
  Incoming interface: Null, RPF nbr: 0.0.0.0
  Outgoing interface list: (count: 0)

(*, 239.0.0.1/32), uptime: 06:13:47, ip pim nve
  Incoming interface: Ethernet1/1, RPF nbr: 10.1.1.9
  Outgoing interface list: (count: 1)
    nve1, uptime: 00:03:21, nve

(4.4.4.4/32, 239.0.0.1/32), uptime: 06:13:47, mrib ip pim nve
  Incoming interface: loopback0, RPF nbr: 4.4.4.4
  Outgoing interface list: (count: 1)
    Ethernet1/1, uptime: 00:03:14, pim

2.3.3 Configuring Overlay Network

The same VNI is added to the same multicast group. In this experiment, the multicast group is 239.0.0.1.

N9K-2 Configuration:

vlan 10
  vn-segment 10010

interface nve1
  no shutdown
  source-interface loopback0
  member vni 10010
    mcast-group 239.0.0.1

N9K-3 Configuration:

vlan 10
  vn-segment 10010

interface nve1
  no shutdown
  source-interface loopback0
  member vni 10010
    mcast-group 239.0.0.1

N9K-4 Configuration:

vlan 10
  vn-segment 10010

interface nve1
  no shutdown
  source-interface loopback0
  member vni 10010
    mcast-group 239.0.0.1

Configuration verification:
Check the VNI and Peers status of N9K-2 NVE:

N9K-2# show nve vni
Codes: CP - Control Plane DP - Data Plane
       UC - Unconfigured SA - Suppress ARP
       SU - Suppress Unknown Unicast
       Xconn-Crossconnect
       MS-IR - Multisite Ingress Replication
 
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------- ---------------
nve1 10010 239.0.0.1 Up DP L2 [10]

N9K-2# show nve peers
N9K-2#

Check the VNI and Peers status of N9K-3 NVE:

N9K-3# show nve vni
Codes: CP - Control Plane DP - Data Plane
       UC - Unconfigured SA - Suppress ARP
       SU - Suppress Unknown Unicast
       Xconn-Crossconnect
       MS-IR - Multisite Ingress Replication
 
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------- ---------------
nve1 10010 239.0.0.1 Up DP L2 [10]

N9K-3# show nve peers
N9K-3#

Check the VNI and Peers status of N9K-4 NVE:

N9K-4# show nve vni
Codes: CP - Control Plane DP - Data Plane
       UC - Unconfigured SA - Suppress ARP
       SU - Suppress Unknown Unicast
       Xconn-Crossconnect
       MS-IR - Multisite Ingress Replication
 
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------- ---------------
nve1 10010 239.0.0.1 Up DP L2 [10]

N9K-4# show nve peers
N9K-4#

It can be seen from the above results that there is currently no VxLAN tunnel established between VTEPs.

2.4 Experimental verification

2.4.1 PC IP configuration

PC1 configuration:

VPCS> show ip all
NAME IP/MASK GATEWAY MAC DNS
VPCS1 172.16.1.1/24 0.0.0.0 00:50:79:66:68:05

PC2 configuration:

VPCS> show ip all
NAME IP/MASK GATEWAY MAC DNS
VPCS1 172.16.1.2/24 0.0.0.0 00:50:79:66:68:06

PC3 configuration:

VPCS> show ip all
NAME IP/MASK GATEWAY MAC DNS
VPCS1 172.16.1.3/24 0.0.0.0 00:50:79:66:68:07

2.4.2 Trigger traffic

PC1 triggers traffic:

VPCS> ping 172.16.1.2
host (172.16.1.2) not reachable

VPCS> ping 172.16.1.2
84 bytes from 172.16.1.2 icmp_seq=1 ttl=64 time=44.744 ms
84 bytes from 172.16.1.2 icmp_seq=2 ttl=64 time=49.071 ms
84 bytes from 172.16.1.2 icmp_seq=3 ttl=64 time=34.025 ms
84 bytes from 172.16.1.2 icmp_seq=4 ttl=64 time=43.254 ms
84 bytes from 172.16.1.2 icmp_seq=5 ttl=64 time=32.700 ms

VPCS> ping 172.16.1.3
84 bytes from 172.16.1.3 icmp_seq=1 ttl=64 time=45.851 ms
84 bytes from 172.16.1.3 icmp_seq=2 ttl=64 time=47.016 ms
84 bytes from 172.16.1.3 icmp_seq=3 ttl=64 time=44.488 ms
84 bytes from 172.16.1.3 icmp_seq=4 ttl=64 time=43.073 ms
84 bytes from 172.16.1.3 icmp_seq=5 ttl=64 time=65.783 ms

PC2 triggers traffic:

VPCS> ping 172.16.1.3
host (172.16.1.3) not reachable

VPCS> ping 172.16.1.3
84 bytes from 172.16.1.3 icmp_seq=1 ttl=64 time=34.228 ms
84 bytes from 172.16.1.3 icmp_seq=2 ttl=64 time=27.838 ms
84 bytes from 172.16.1.3 icmp_seq=3 ttl=64 time=62.914 ms
84 bytes from 172.16.1.3 icmp_seq=4 ttl=64 time=47.581 ms
84 bytes from 172.16.1.3 icmp_seq=5 ttl=64 time=25.724 ms

2.4.3 Check VxLAN Tunnel

N9K-2 VxLAN tunnel:

N9K-2# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- ---- -------------
nve1 3.3.3.3 Up DP 00:02:30 n/a
nve1 4.4.4.4 Up DP 00:02:20 n/a

N9K-3 VxLAN tunnel:

N9K-3# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- ---- -------------
nve1 2.2.2.2 Up DP 00:02:42 n/a
nve1 4.4.4.4 Up DP 00:02:14 n/a

N9K-4 VxLAN tunnel:

N9K-4# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- ---- -------------
nve1 2.2.2.2 Up DP 00:02:55 n/a
nve1 3.3.3.3 Up DP 00:02:28 n/a

It can be seen from the above results that the VxLAN tunnel between VTEPs will be automatically established after traffic triggering.

2.4.4 Check VxLAN MAC address table

N9K-2 MAC address table:

N9K-2# show system internal l2fwder mac
Legend:
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen, + - primary entry using vPC Peer-Link,
        (T) - True, (F) - False, C - ControlPlane MAC
   VLAN MAC Address Type age Secure NTFY Ports
--------- + -------------- + -------- + --------- + --- --- + ---- + ------------------
* 10 0050.7966.6805 dynamic 00:00:58 F F Eth1/2
* 10 0050.7966.6806 dynamic 00:00:58 F F (0x47000001) nve-peer1
 3.3.3.3
* 10 0050.7966.6807 dynamic 00:00:56 F F (0x47000002) nve-peer2
 4.4.4.4

N9K-3 MAC address table:

N9K-3# show system internal l2fwder mac
Legend:
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen, + - primary entry using vPC Peer-Link,
        (T) - True, (F) - False, C - ControlPlane MAC
   VLAN MAC Address Type age Secure NTFY Ports
--------- + -------------- + -------- + --------- + --- --- + ---- + ------------------
* 10 0050.7966.6805 dynamic 00:01:25 F F (0x47000001) nve-peer1
 2.2.2.2
* 10 0050.7966.6806 dynamic 00:01:25 F F Eth1/2
* 10 0050.7966.6807 dynamic 00:01:16 F F (0x47000002) nve-peer2
 4.4.4.4

N9K-4 MAC address table:

N9K-4# show system internal l2fwder mac
Legend:
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen, + - primary entry using vPC Peer-Link,
        (T) - True, (F) - False, C - ControlPlane MAC
   VLAN MAC Address Type age Secure NTFY Ports
--------- + -------------- + -------- + --------- + --- --- + ---- + ------------------
* 10 0050.7966.6805 dynamic 00:01:28 F F (0x47000001) nve-peer1
 2.2.2.2
* 10 0050.7966.6806 dynamic 00:01:19 F F (0x47000002) nve-peer2
 3.3.3.3
* 10 0050.7966.6807 dynamic 00:01:27 F F Eth1/2

For detailed learning process of MAC address, please refer to “Experiment 1: Implementing Cisco VxLAN based on static Ingress Replication”.

2.5 Message Analysis

2.5.1 BUM message analysis

Capture packets on the E1/1 port of N9K-2;
Clear the ARP tables of PC1 and PC2, and ping PC2 from PC1.

Clear the ARP table of PC1:

VPCS> arp
00:50:79:66:68:06 172.16.1.2 expires in 118 seconds

VPCS> clear arp

VPCS>arp
arp table is empty
VPCS>

Clear the ARP table of PC2:

VPCS> arp
00:50:79:66:68:05 172.16.1.1 expires in 93 seconds

VPCS> clear arp

VPCS>arp
arp table is empty
VPCS>

BUM packet capture:
Take the ARP request message as an example

image.png

Multicast forwarding instructions:

On N9K-1, the PIM RP, for data packets from 2.2.2.2 and destined for 239.0.0.1, N9K-1 will forward the data packet to the E1/2 and E1/3 interfaces;
Similarly, if a data packet goes to 239.0.0.1 from any source, the data packet will be forwarded to all other VTEPs that join the multicast group 239.0.0.1;
Different from implementing VxLAN based on Static Ingress Replication, BUM traffic in VxLAN based on Multicast is transmitted by Underlay’s multicast network;
Best practice: Use Anycast RP to achieve load balancing and redundancy of RP (Anycast RP is not used in this experiment). The following figure is an example of Anycast RP configuration on a Cisco Nexus switch:

image.png

2.5.2 Unicast packet analysis

Capture packets on the E1/1 port of N9K-2;

Unicast packet capture:
Take ARP reply message as an example

image.png

3. Centralized gateway

Goal: N9K-2 serves as a centralized gateway and changes the IP of PC3 to 172.16.2.1 so that PC3 can communicate with PC1 and PC2;
The external routing device as a gateway is no longer demonstrated. For external routing devices as a gateway, please refer to Experiment 1;
Packet capture is no longer demonstrated.

Change the configuration of N9K-2:

feature interface-vlan
vlan 20
  vn-segment 10020
interfaceVlan10
  no shutdown
  IP address 172.16.1.254/24
interfaceVlan20
  no shutdown
  IP address 172.16.2.254/24
interface nve1
  member vni 10020
    mcast-group 239.0.0.2

Change N9K-4 configuration:

vlan 20
  vn-segment 10020
interface nve1
  no member vni 10010
  member vni 10020
    mcast-group 239.0.0.2
interface Ethernet1/2
  switchport access vlan 20

Change PC1 configuration – add gateway:

VPCS>ip 172.16.1.1 255.255.255.0 172.16.1.254
Checking for duplicate address...
PC1: 172.16.1.1 255.255.255.0 gateway 172.16.1.254

Change PC2 configuration – add gateway:

VPCS>ip 172.16.1.2 255.255.255.0 172.16.1.254
Checking for duplicate address...
PC1: 172.16.1.2 255.255.255.0 gateway 172.16.1.254

Change PC3 configuration-modify IP:

VPCS>ip 172.16.2.1 255.255.255.0 172.16.2.254
Checking for duplicate address...
PC1: 172.16.2.1 255.255.255.0 gateway 172.16.2.254

Test:
Ping PC1 from PC3

VPCS> ping 172.16.1.1
84 bytes from 172.16.1.1 icmp_seq=1 ttl=63 time=44.051 ms
84 bytes from 172.16.1.1 icmp_seq=2 ttl=63 time=52.670 ms
84 bytes from 172.16.1.1 icmp_seq=3 ttl=63 time=94.949 ms
84 bytes from 172.16.1.1 icmp_seq=4 ttl=63 time=48.976 ms
84 bytes from 172.16.1.1 icmp_seq=5 ttl=63 time=50.364 ms

Ping PC2 from PC3

VPCS> ping 172.16.1.2
84 bytes from 172.16.1.2 icmp_seq=1 ttl=63 time=66.403 ms
84 bytes from 172.16.1.2 icmp_seq=2 ttl=63 time=68.189 ms
84 bytes from 172.16.1.2 icmp_seq=3 ttl=63 time=67.867 ms
84 bytes from 172.16.1.2 icmp_seq=4 ttl=63 time=86.699 ms
84 bytes from 172.16.1.2 icmp_seq=5 ttl=63 time=75.751 ms

Ping PC1 from PC2

VPCS> ping 172.16.1.1
84 bytes from 172.16.1.1 icmp_seq=1 ttl=64 time=41.983 ms
84 bytes from 172.16.1.1 icmp_seq=2 ttl=64 time=46.274 ms
84 bytes from 172.16.1.1 icmp_seq=3 ttl=64 time=40.682 ms
84 bytes from 172.16.1.1 icmp_seq=4 ttl=64 time=51.736 ms
84 bytes from 172.16.1.1 icmp_seq=5 ttl=64 time=44.748 ms

If the centralized gateway is configured and checked correctly, if the connection fails, try saving and restarting the N9K!

4. Summary

Advantages of VxLAN based on Static Ingress Replications:

Controlled deployment of VTEP;
Simplify the troubleshooting process.

Disadvantages of implementing VxLAN based on Static Ingress Replications:

Increased configuration and maintenance burden;
Each peer must be manually configured on each VTEP, which is prone to configuration errors.

Advantages of VxLAN based on Multicast:

Reduce configuration and maintenance burden;
Flexible scalability;
Effectively reduces the VTEP uplink bandwidth occupation, because the VTEP only needs to send a copy of the BUM traffic to the RP, and the RP forwards it to other VTEPs;
The configuration is simple and VxLAN tunnels are automatically established after traffic is triggered.

Disadvantages of implementing VxLAN based on Multicast:

Each VNI uses one multicast group;
Using multicast protocols increases troubleshooting complexity.