On Wed, 8 Aug 2001, Zaheer Aziz wrote:
> >We just noticed that if we traceroute from the internet to certain (not
> >all) non-VPN DSL customers terminated on a 3640 that happens to be one of
> >the PE's on the right, the last hop the traceroute sees is the 7500.
> >Packet debugging shows the P and PE routers are seeing and at least
> >claiming to respond with ttl exceeded, but the packets don't make it back
> >through the 7500.
>
> Was the debugging through a sniffer or debug outputs?
debug ip icmp on the routers and an access-list:
Extended IP access list debug_icmp
permit icmp any z.y.x.0 0.0.0.255 time-exceeded log-input (72 matches)
permit ip any any (21901116 matches)
where z.y.x.0 is the remote network I was doing the traceroutes from, and
the access-list was applied to the egress interface on each router other
than the 7500.
> If you have the luxury the enable tag-switching back I like to get the
> following output from
>
> 7500,P,3600
>
> sh ip cef non-vpn customer route
> sh ip cef internet source
>
> if 7500 is running distributed cef then
> above sh ip cef output from the line card facing P router and facing internet
> (if-con to the interface).
(7500)
7500#sh ip cef 209.208.24.212
209.208.24.212/32, version 4306327, cached adjacency to Serial1/1/1
0 packets, 0 bytes
tag information set
local tag: 203
fast tag rewrite with Se1/1/1, point2point, tags imposed: {204}
via 209.208.2.38, Serial1/1/1, 0 dependencies
next hop 209.208.2.38, Serial1/1/1
valid cached adjacency
tag rewrite with Se1/1/1, point2point, tags imposed: {204}
VIP-Slot1>sh ip cef 209.208.24.212
209.208.24.212/32, version 760883, cached adjacency to Serial1/1
0 packets, 0 bytes
tag information set
local tag: 203
fast tag rewrite with Se1/1, point2point, tags imposed: {204}
via 209.208.2.38, Serial1/1/1, 0 dependencies
next hop 209.208.2.38, Serial1/1/1
valid cached adjacency
tag rewrite with Se1/1, point2point, tags imposed: {204}
7500#sh ip cef 208.152.224.2
208.152.224.0/24, version 3844861, cached adjacency to Serial2/0/0
0 packets, 0 bytes
tag information from 144.232.154.20/30, shared
local tag: implicit-null
via 144.232.154.21, 0 dependencies, recursive
next hop 144.232.154.21, Serial2/0/0 via 144.232.154.20/30
valid cached adjacency
VIP-Slot2>sh ip cef 208.152.224.2
208.152.224.0/24, version 299417, cached adjacency to Serial0/0
0 packets, 0 bytes
via 144.232.154.21, 0 dependencies, recursive
next hop 144.232.154.21, Serial2/0/0 via 144.232.154.20/30
valid cached adjacency
(P)
gsvlflma-br-1-7200#sh ip cef 209.208.24.212
209.208.24.212/32, version 3750633, cached adjacency to Serial1/0
0 packets, 0 bytes
tag information set
local tag: 204
fast tag rewrite with Se1/0, point2point, tags imposed: {484}
via 209.208.6.126, Serial1/0, 0 dependencies
next hop 209.208.6.126, Serial1/0
valid cached adjacency
tag rewrite with Se1/0, point2point, tags imposed: {484}
gsvlflma-br-1-7200#sh ip cef 208.152.224.2
0.0.0.0/0, version 3730210, cached adjacency to Serial1/1
0 packets, 0 bytes
tag information set
local tag: 540
via 209.208.2.37, Serial1/1, 0 dependencies
next hop 209.208.2.37, Serial1/1
valid cached adjacency
tag rewrite with Se1/1, point2point, tags imposed: {}
(PE)
gsvlfl-office-co#sh ip cef 209.208.24.212
209.208.24.212/32, version 2927, attached, connected, cached adjacency to
Virtual-Access50
0 packets, 0 bytes
tag information set
local tag: 484
via Virtual-Access50, 0 dependencies
valid cached adjacency
tag rewrite with Vi50, point2point, tags imposed: {}
gsvlfl-office-co#sh ip cef 208.152.224.2
0.0.0.0/0, version 148, cached adjacency to Hssi1/0
0 packets, 0 bytes
tag information set
local tag: 97
fast tag rewrite with Hs1/0, point2point, tags imposed: {540}
via 209.208.6.125, Hssi1/0, 0 dependencies
next hop 209.208.6.125, Hssi1/0
valid cached adjacency
tag rewrite with Hs1/0, point2point, tags imposed: {540}
> In addition if you could provide the debugging information from P and PE
> that you mention, would be nice.
I can't mess around with this particular PE right now...it's become wildly
unstable and crashes every few hours...more frequently if we mess around
with it. I think it's 3640 MPLS bugs...TAC thinks our chassis has gone
bad. It's case B711175. From P:
(with deb ip icmp)
*Aug 10 08:21:01: ICMP: time exceeded (time to live) sent to 208.152.224.2
(dest was 209.208.24.212)
*Aug 10 08:21:06: ICMP: time exceeded (time to live) sent to 208.152.224.2
(dest was 209.208.24.212)
*Aug 10 08:21:11: ICMP: time exceeded (time to live) sent to 208.152.224.2
(dest was 209.208.24.212)
-- ---------------------------------------------------------------------- Jon Lewis *jlewis@lewis.org*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:49 EDT