[c-nsp] TCP Throughput / MTU problem ? with Cisco 7304 and MPLS VPN's

Eric Kagan eklists at axsne.com
Fri Jan 11 09:51:21 EST 2008


I am running in to a strange problem and hopfeully someone here can help.  I
did open a Cisco TAC case but I don't think they understand the issue or
maybe I didn't explain it well.
 
We have MPLS enabled through the core of our network for customer MPLS
VPN's.   Until now, all devices have been 7206VXR's w/ NPE-G1's and we are
only using the 3 internal Gig ports on the Processor.  I upgraded one of the
VXR's to a 7304 and configured it the same as the 7206.  The router itself
is working fine, BGP is working, regular IP traffic / throughout is fine
(iperf tests have no issues).  I have confirmed interface MTU's, switch
MTU's and everything is configured the same as before.  When VPN traffic
goes through this link, I get reports of TCP requests starting and then
stopping (i.e. SSH makes connection but can't pass data, or do an 'ls', etc
or HTTP Get seems to connect but doesn't pass data back).  It all sounds
very similar to MTU issues I experienced and read about on MPLS interfaces.
If I reroute the traffic around the ring away from the 7304 everything works
fine again - and the problem connections are resolved in seconds.  I
originally had the MTU set to 1546 on the 7304 (I used to use 1524 but some
of the L2 VPN's needed more so I bumped them up).  I came across the
document MPLS MTU Command Changes
(http://www.cisco.com/en/US/products/ps6566/products_feature_guide09186a0080
629db0.html) which I found interesting so I set the MPLS MTU to 1520 with no
avail.  Below is show ver and config clips along with a few show commands.
I am hoping someone has seen this and knows how to resolve.

Thanks
Eric
 
 
 
 
 
Cisco IOS Software, 7300 Software (C7300-K91P-M), Version 12.2(31)SB6,
RELEASE SOFTWARE (fc1)
System image file is "disk0:c7300-k91p-mz.122-31.SB6.bin"
cisco 7300 (NPEG100) processor (revision B) with 983040K/65536K bytes of
memory.

 
mpls label protocol ldp
!
interface Loopback0
 ip address 10.11.12.214 255.255.255.255
!
interface GigabitEthernet0
 desc Backbone Switch
 ip address 10.11.13..1 255.255.255.224
 ip flow ingress
 load-interval 30
 media-type rj45
 speed auto
 duplex auto
 negotiation auto
 mpls mtu 1520
 mpls label protocol ldp
 mpls ip
!
interface GigabitEthernet1
 description Fiber to POP1
 ip address 10.11.14.26 255.255.255.252
 ip flow ingress
 load-interval 30
 delay 10000
 media-type gbic
 speed auto
 duplex auto
 negotiation auto
 mpls mtu 1520
 mpls label protocol ldp
 mpls ip
!
interface GigabitEthernet2
 description Backbone Failover
 bandwidth 50
 ip address 10.11.14.253 255.255.255.248
 ip flow ingress
 load-interval 30
 media-type rj45
 speed auto
 duplex auto
 negotiation auto
 mpls mtu 1520
 mpls label protocol ldp
 mpls ip
!
router bgp xxxxx
 no synchronization
 bgp log-neighbor-changes
 neighbor RR_SERVER peer-group
 neighbor RR_SERVER remote-as xxxxx
 neighbor RR_SERVER update-source Loopback0
 neighbor RR_SERVER next-hop-self
 neighbor RR_SERVER send-community both
 neighbor 10.11.12.201 peer-group RR_SERVER
 neighbor 10.11.12.201 description pecore-mma
 neighbor 10.11.12.203 peer-group RR_SERVER
 neighbor 10.11.12.203 description pecore-wma
 no auto-summary
 !
 
#show mpls int
Interface              IP            Tunnel   BGP Static Operational
GigabitEthernet0       Yes (ldp)     No       No  No     Yes
GigabitEthernet1       Yes (ldp)     No       No  No     Yes
GigabitEthernet2       Yes (ldp)     No       No  No     Yes

 
 
 
#show mpls ldp disc
 Local LDP Identifier:
   10.11.12.214:0
    Discovery Sources:
    Interfaces:
        GigabitEthernet0 (ldp): xmit/recv
            LDP Id: 10.11.12.216:0
            LDP Id: 10.11.12.215:0
            LDP Id: 10.11.12.217:0
        GigabitEthernet1 (ldp): xmit/recv
            LDP Id: 10.11.12.203:0
        GigabitEthernet2 (ldp): xmit/recv
            LDP Id: 10.11.12.215:0
            LDP Id: 10.11.12.217:0
            LDP Id: 10.11.12.216:0

 
Also, show mpls ldp binding and show mpls ldp nei show all the proper info.
I sent an update back to Cisco on the TAC case but think someone here may
understand and help quicker. Any help or insight would be appreciated.
 
Thanks
Eric
 
 

 
Eric Kagan

 


More information about the cisco-nsp mailing list