[c-nsp] 7301 (NPE-G1) leaking L2 frames over L3

Rodney Dunn rodunn at cisco.com
Thu Aug 21 11:13:13 EDT 2008 

I saw something like this once on a GSR linecard where we didn't
rewrite the mac header correctly.

I've never seen it on a 72xx but I could have missed it.

Do they have the full frame so you can see if the dmac has
been rewritten in the frame to point to the L3 next hop of
the exchange point?

Or does the frame have the srcmac of the server and the dmac
of the Portchannel1 interface in it?

Rodney

On Thu, Aug 21, 2008 at 04:34:16PM +0200, Elmar K. Bins wrote:
> Hi knowledgeable folks,
> 
> I have a somewhat weird issue with an admittedly slightly aged IOS
> on a 7301: That router is leaking Ethernet frames from one L3 interface
> to another.
> 
> I have been alerted by the folks at the exchange (who monitor very
> closely, thanks). Since they haven't turned my port off yet,
> leaking should be minimal.
> 
> The box is a 7301 with PA-2FE-TX (f1/0 connected to the exchange),
> running IOS 12.3(14)T7.
> 
> Inside - towards some servers - is a L3 portchannel
> (via a WS-3750):
> 
> interface Port-channel1
>  description PO to sw (via g0/0 and g0/1)
>  ip address xxx.xxx.xxx.1 255.255.255.0
>  ip access-group MGT-no in
>  ip access-group acl-SERVICE-out out
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip route-cache same-interface
>  ip route-cache flow
>  load-interval 30
>  duplex full
>  hold-queue 150 in
> end
> 
> 
> Outside is a layer 3 port to the exchange fabric:
> 
> interface FastEthernet1/0
>  description exchange port
>  ip address xxx.xxx.xxx.xxx 255.255.254.0
>  ip access-group FILTER_IN-FastEthernet1-0-in-3 in
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip accounting mac-address input
>  ip accounting mac-address output
>  ip accounting access-violations
>  load-interval 30
>  duplex full
>  speed 100
>  ipv6 address xx:xx:xx:xx:xx:xx:xx:xx/64
>  ipv6 nd suppress-ra
>  no ipv6 mld router
>  no keepalive
>  no cdp enable
> end
> 
> 
> Captured frames show that Ethernet frames with source MACs
> of the server NICs make it to the exchange fabric somehow.
> 
> My questions:
> 
>   - is this some kind of misconfiguration on my part?
>   - if not: does anyone know of / remember such a bug?
>   - how could I find info, probably on cisco.com?
>   
> I'm at a loss here. Blindly upgrading to T14 or whatever
> might or might not kill the bug. I'd like to reboot as
> rarely as possible...
> 
> Thanks for any help, hints or insight.
> 
> Elmar.
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list