[c-nsp] Problems with secondary ip address on subinterfaces

Paul Cairney lists at cairney.me.uk
Sun Dec 17 07:32:28 EST 2006 

Hi,

I am having some odd issues with secondary IP addresses configured on a couple of 2821's running c2800nm-spservicesk9-mz.124-7b.bin.

Basically I have an MPLS link between two sites and will have a pair of 2800's at each end. Until the second site is up and running I have got the provider to add some SVI's on their kit at each end with RFC1918 ip's to allow me to verify connectivity. Both 2821's have Gi0/0 into a 3560G and the provider circuit also termiates on this (the 3560 is not doing any layer3 for the time being).

When these ip's are configured as the primary ip's on this subinterface (either standalone or with my own ip's as secondarys) then I can ping the providers ip's no problem (10.0.25.2 and 10.0.25.3) however when these address are configured as secondarys it doesnt want to work.

I currently have router1 with the desired configuration of my own ip's as the primary and the provider issued rfc1918 ip's as secondary, the plan being to remove these when I have my own kit at the other end of the link. To try and establish the cause of the issue I configured things the other way arround on route2 (see below for configs) and this appears to work fine; I can ping both the providers remote ip's and I can also ping between my own IP's (blah1 and blah2).

The really weird thing is that my own IP's work fine regardless of which way round they are configured as does pings between these two routers using the 10.0.25.4/10.0.25.05 address (which will not touch the providers network). I have also tried reversing the configuration on both routers so the 10.0.25.0/24 ip's are primary and secondary on both routers to no avail... it just doesnt want to work at all on a router when configured as a secondary.


Hopefully there is a known issue and I am not trying to do anything silly, I know secondarys can cause issues with OSPF but I have never had any real issues with seconary ip's at this low a level.


I have tried to include as much relevant info as I can think of; if anyone can suggest further information that may assist in diagnosis then please let me know.


Thanks,

Paul





CONFIGS SNIPPETS:

router1:

interface GigabitEthernet0/0.1025
 encapsulation dot1Q 1025
 ip address 10.0.25.4 255.255.255.0 secondary
 ip address <blah1> 255.255.255.240
end

router2:

interface GigabitEthernet0/0.1025
 encapsulation dot1Q 1025
 ip address <blah2> 255.255.255.240 secondary
 ip address 10.0.25.5 255.255.255.0
end

ROUTES:

router1#sh ip route 10.0.25.2
Routing entry for 10.0.25.0/24
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Redistributing via ospf 65071
  Routing Descriptor Blocks:
  * directly connected, via GigabitEthernet0/0.1025
      Route metric is 0, traffic share count is 1

router2#sh ip route 10.0.25.2
Routing entry for 10.0.25.0/24
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Redistributing via ospf 65071
  Routing Descriptor Blocks:
  * directly connected, via GigabitEthernet0/0.1025
      Route metric is 0, traffic share count is 1

CEF:

router1#sh ip cef gi0/0.1025
Prefix              Next Hop             Interface
10.0.25.0/24        attached             GigabitEthernet0/0.1025
10.0.25.2/32        10.0.25.2            GigabitEthernet0/0.1025
10.0.25.3/32        10.0.25.3            GigabitEthernet0/0.1025
10.0.25.5/32        10.0.25.5            GigabitEthernet0/0.1025

router2#sh ip cef gi0/0.1025
Prefix              Next Hop             Interface
10.0.25.0/24        attached             GigabitEthernet0/0.1025
10.0.25.2/32        10.0.25.2            GigabitEthernet0/0.1025
10.0.25.3/32        10.0.25.3            GigabitEthernet0/0.1025
10.0.25.4/32        10.0.25.4            GigabitEthernet0/0.1025

PINGS:

router1#ping <blah2>
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to <blah2>, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

router1#ping 10.0.25.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.25.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

router1#ping 10.0.25.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.25.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

router1#ping 10.0.25.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.25.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms


router2#ping <blah1>
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to <blah1>, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

router2#ping 10.0.25.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.25.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/76/76 ms

router2#ping 10.0.25.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.25.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

router2#ping 10.0.25.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.25.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

More information about the cisco-nsp mailing list