Cannot ping from routed port to device on VLAN

SN2100 running Onyx 3.10.2002
I have a device connected to an ethernet port which is part of a vlan.
This vlan has an interface with an assigned ip address.
Locally on the switch I can ping the device without any issue.

I also have an external switch (Arista) that is connected to the SN2100 via a L3 connection.
From that switch I can the vlan interface but not the device that is on that vlan.

Looking at tcpdump I can see the ICMP echo request coming in but no reply is coming.
I have no idea why this doesn’t work.
Any help would be appreciated.

Settings on SN2100 switch:
mlnx-sn2100 [standalone: master] (config) # show interfaces vlan 130

Vlan 130:
Admin state : Enabled
Operational state: Up
Autostate : Enabled
Mac Address : b8:59:9f:74:01:08
DHCP client : Disabled
PBR route-map : N/A

IPv4 address:
10.54.31.91/24 [primary]

Broadcast address:
10.54.31.255 [primary]

MTU : 2000 bytes
Arp timeout : 1500 seconds
Arp responder : Disabled
Arp cache-update: garp
Icmp redirect : Enabled
Description : N/A
VRF : default
IP Enable : Enabled
Counters : Disabled

Ping to device works:
mlnx-sn2100 [standalone: master] (config) # ping 10.54.31.191
PING 10.54.31.191 (10.54.31.191) 56(84) bytes of data.
64 bytes from 10.54.31.191: icmp_seq=1 ttl=255 time=0.343 ms
64 bytes from 10.54.31.191: icmp_seq=2 ttl=255 time=0.189 ms
64 bytes from 10.54.31.191: icmp_seq=3 ttl=255 time=0.172 ms

Routing table:
mlnx-sn2100 [standalone: master] (config) # show ip route

Flags:
F: Failed to install in H/W
B: BFD protected (static route)
i: BFD session initializing (static route)
x: protecting BFD session failed (static route)
c: consistent hashing
p: partial programming in H/W

VRF Name default:

Destination Mask Flag Gateway Interface Source AD/M

192.168.1.0 255.255.255.0 0.0.0.0 mgmt0 direct 0/0
1.1.1.1 255.255.255.255 20.1.1.6 po2 bgp 200/0
3.3.3.3 255.255.255.255 20.1.1.8 po1 bgp 200/0
4.4.4.4 255.255.255.255 0.0.0.0 loopback1 direct 0/0
10.54.31.0 255.255.255.0 0.0.0.0 vlan130 direct 0/0
20.1.1.6 255.255.255.254 0.0.0.0 po2 direct 0/0
20.1.1.8 255.255.255.254 0.0.0.0 po1 direct 0/0
20.2.10.2 255.255.255.254 20.1.1.6 po2 bgp 200/0
20.2.10.4 255.255.255.254 20.1.1.6 po2 bgp 200/0

On external switch ping to interface vlan 130 works:
Arista25G-1(config)#ping 10.54.31.91
PING 10.54.31.91 (10.54.31.91) 72(100) bytes of data.
80 bytes from 10.54.31.91: icmp_seq=1 ttl=64 time=0.133 ms
80 bytes from 10.54.31.91: icmp_seq=2 ttl=64 time=0.189 ms
80 bytes from 10.54.31.91: icmp_seq=3 ttl=64 time=0.065 ms
80 bytes from 10.54.31.91: icmp_seq=4 ttl=64 time=0.071 ms
80 bytes from 10.54.31.91: icmp_seq=5 ttl=64 time=0.122 ms

But ping to device fails:
Arista25G-1(config)#ping 10.54.31.191
PING 10.54.31.191 (10.54.31.191) 72(100) bytes of data.

— 10.54.31.191 ping statistics —
5 packets transmitted, 0 received, 100% packet loss, time 40ms

On SN2100 tcpdump -i po1 shows:
09:52:56.947956 IP 20.1.1.8 > 10.54.31.191: ICMP echo request, id 20761, seq 1, length 80

When the echo request is received by the SN2100 an entry in the ARP table is added, but no echo reply is send.

Hey robert

Could you add the running configuration of the Onyx switch and the arista device?

Your TCPdump shows the ICMP source IP being 20.1.1.8. Have you tried sourcing the ping in arista to interface Vlan130?

Hi Robert,

Excellent work isolating the behavior so far! This looks to be a bit more involved for debugging so I’d recommend opening a support case in the event developer input is needed. You can open a support case by visiting this link: https://support.mellanox.com/s/contact-support-page

Thank you!
Ryan

Hi,
20.1.1.8 is the portchannel (po1) on which the arista is connected.
And yes, I could ping the interface vlan 130, this is shown above as “ping 10.54.31.91”.

I will open a case.
Thanks.