[c-nsp] NX-OS MPLS not answering to traces
Tóth András
diosbejgli at gmail.com
Wed Mar 13 07:18:23 EDT 2013
Hi Bernhard,
It could be CoPP related as well if that's dropping packets arriving to the
control-plane. If you have upgraded the N7k from an older release (4.x or
5.1) you might not have all the latest and necessary CoPP rules in the
policy-map and class-maps matching MPLS. These were added in 5.2(1) but
during an ISSU or classic upgrade the CoPP policies are not updated
automatically.
One example is the "match protocol mpls" line in
the copp-system-p-class-l2-default class.
"5.2(1) - Updated the default class maps with support for MPLS LDP, MPLS
OAM, MPLS RSVP, DHCP relay, and OTV-AS." Please see the following link for
details and default copp templates.
http://www.cisco.com/en/US/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6.x_chapter_011001.html
You can re-apply the latest factory default CoPP profile with the "copp
profile" global configuration command and choose between strict, moderate
and lenient profiles.
Best regards,
Andras
On Wed, Mar 13, 2013 at 8:06 AM, Bernhard Schmidt <berni at birkenwald.de>wrote:
> Hello Andras,
>
>
> Long shot but you might need to change the revision for echo packets on
>> NX-OS to revision 3 (default is 4).
>>
>> 1.configure terminal
>> 2.mpls oam
>> 3.echo revision {3 | 4}
>> 4.echo vendor-extension
>> 5.exit
>>
>> http://www.cisco.com/en/US/**docs/switches/datacenter/sw/5_**
>> x/nx-os/mpls/configuration/**guide/mp_mpls_ping.html#**wp1078363<http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/mpls/configuration/guide/mp_mpls_ping.html#wp1078363>
>>
>
> Interesting read, thanks. But unfortunately that does not change the
> behaviour.
>
> Best Regards,
> Bernhard
>
> On Tue, Mar 12, 2013 at 6:57 PM, Bernhard Schmidt <berni at birkenwald.de
>> <mailto:berni at birkenwald.de>> wrote:
>>
>> Hey everyone,
>>
>> just a quick question, can anyone confirm or deny that NX-OS 6.1(2)
>> (or
>> (3)) MPLS P-Routers do not answer to normal traces with propagate-ttl
>> set (which is the default)?
>>
>> csr1-kra# traceroute 129.187.0.9
>> traceroute to 129.187.0.9 (129.187.0.9), 30 hops max, 40 byte packets
>> 1 * * *
>> 2 129.187.0.142 (129.187.0.142) (AS 12816) 1.172 ms 1.404 ms
>> 0.981 ms
>> [Label=1151 E=0 TTL=1 S=1]
>> 3 * * *
>> 4 129.187.0.130 (129.187.0.130) (AS 12816) 1.252 ms * 1.735 ms
>>
>> csr1-kra# traceroute mpls ipv4 129.187.0.9/32 <http://129.187.0.9/32>
>>
>>
>> Tracing MPLS Label Switched Path to 129.187.0.9/32
>> <http://129.187.0.9/32>, timeout is 2 seconds
>>
>>
>> Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
>> 'L' - labeled output interface, 'B' - unlabeled output interface,
>> 'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
>> 'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
>> 'P' - no rx intf label prot, 'p' - premature termination of LSP,
>> 'R' - transit router, 'I' - unknown upstream index,
>> 'X' - unknown return code, 'x' - return code 0
>>
>> Type Ctrl-C to abort.
>> 0 129.187.0.162 MRU 9216 [Labels: 71 Exp: 0]
>> . 1 *
>> L 2 129.187.0.142 MRU 9216 [Labels: 65 Exp: 0] 194 ms
>> . 3 *
>> ! 4 129.187.0.130 2 ms
>>
>> Hops 0, 1 and 3 are NX-OS, Hops 2 and 4 are IOS (6500).
>>
>> Thanks,
>> Bernhard
>>
>> ______________________________**_________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> <mailto:cisco-nsp at puck.nether.**net <cisco-nsp at puck.nether.net>>
>>
>> https://puck.nether.net/**mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
>> archive at http://puck.nether.net/**pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/>
>>
>>
>>
>
More information about the cisco-nsp
mailing list