[c-nsp] TCP Throughput / MTU problem ? with Cisco 7304 and MPLS VPN's

Masood Ahmad Shah masood at nexlinx.net.pk
Fri Jan 11 10:17:26 EST 2008 

It will be easier to look into this issue if you can provide the detail like
where this router sits exactly. Like between P--P, PE--P, PE--PE. I believe
that if packets are passing out from this interface and being labeled on the
device very first time you need to set ip mtu too. In Cisco mpls mtu command
only work for labeled packets. 

Second if there are some gre tunnels involved along with mpls thn you may
need to further tweak mtu settings.

Regards,
Masood Ahmad Shah


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Eric Kagan
Sent: Friday, January 11, 2008 7:51 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] TCP Throughput / MTU problem ? with Cisco 7304 and MPLS
VPN's

I am running in to a strange problem and hopfeully someone here can help.  I
did open a Cisco TAC case but I don't think they understand the issue or
maybe I didn't explain it well.
 
We have MPLS enabled through the core of our network for customer MPLS
VPN's.   Until now, all devices have been 7206VXR's w/ NPE-G1's and we are
only using the 3 internal Gig ports on the Processor.  I upgraded one of the
VXR's to a 7304 and configured it the same as the 7206.  The router itself
is working fine, BGP is working, regular IP traffic / throughout is fine
(iperf tests have no issues).  I have confirmed interface MTU's, switch
MTU's and everything is configured the same as before.  When VPN traffic
goes through this link, I get reports of TCP requests starting and then
stopping (i.e. SSH makes connection but can't pass data, or do an 'ls', etc
or HTTP Get seems to connect but doesn't pass data back).  It all sounds
very similar to MTU issues I experienced and read about on MPLS interfaces.
If I reroute the traffic around the ring away from the 7304 everything works
fine again - and the problem connections are resolved in seconds.  I
originally had the MTU set to 1546 on the 7304 (I used to use 1524 but some
of the L2 VPN's needed more so I bumped them up).  I came across the
document MPLS MTU Command Changes
(http://www.cisco.com/en/US/products/ps6566/products_feature_guide09186a0080
629db0.html) which I found interesting so I set the MPLS MTU to 1520 with no
avail.  Below is show ver and config clips along with a few show commands.
I am hoping someone has seen this and knows how to resolve.

Thanks
Eric
 
 
 
 
 
Cisco IOS Software, 7300 Software (C7300-K91P-M), Version 12.2(31)SB6,
RELEASE SOFTWARE (fc1)
System image file is "disk0:c7300-k91p-mz.122-31.SB6.bin"
cisco 7300 (NPEG100) processor (revision B) with 983040K/65536K bytes of
memory.

 
mpls label protocol ldp
!
interface Loopback0
 ip address 10.11.12.214 255.255.255.255
!
interface GigabitEthernet0
 desc Backbone Switch
 ip address 10.11.13..1 255.255.255.224
 ip flow ingress
 load-interval 30
 media-type rj45
 speed auto
 duplex auto
 negotiation auto
 mpls mtu 1520
 mpls label protocol ldp
 mpls ip
!
interface GigabitEthernet1
 description Fiber to POP1
 ip address 10.11.14.26 255.255.255.252
 ip flow ingress
 load-interval 30
 delay 10000
 media-type gbic
 speed auto
 duplex auto
 negotiation auto
 mpls mtu 1520
 mpls label protocol ldp
 mpls ip
!
interface GigabitEthernet2
 description Backbone Failover
 bandwidth 50
 ip address 10.11.14.253 255.255.255.248
 ip flow ingress
 load-interval 30
 media-type rj45
 speed auto
 duplex auto
 negotiation auto
 mpls mtu 1520
 mpls label protocol ldp
 mpls ip
!
router bgp xxxxx
 no synchronization
 bgp log-neighbor-changes
 neighbor RR_SERVER peer-group
 neighbor RR_SERVER remote-as xxxxx
 neighbor RR_SERVER update-source Loopback0
 neighbor RR_SERVER next-hop-self
 neighbor RR_SERVER send-community both
 neighbor 10.11.12.201 peer-group RR_SERVER
 neighbor 10.11.12.201 description pecore-mma
 neighbor 10.11.12.203 peer-group RR_SERVER
 neighbor 10.11.12.203 description pecore-wma
 no auto-summary
 !
 
#show mpls int
Interface              IP            Tunnel   BGP Static Operational
GigabitEthernet0       Yes (ldp)     No       No  No     Yes
GigabitEthernet1       Yes (ldp)     No       No  No     Yes
GigabitEthernet2       Yes (ldp)     No       No  No     Yes

 
 
 
#show mpls ldp disc
 Local LDP Identifier:
   10.11.12.214:0
    Discovery Sources:
    Interfaces:
        GigabitEthernet0 (ldp): xmit/recv
            LDP Id: 10.11.12.216:0
            LDP Id: 10.11.12.215:0
            LDP Id: 10.11.12.217:0
        GigabitEthernet1 (ldp): xmit/recv
            LDP Id: 10.11.12.203:0
        GigabitEthernet2 (ldp): xmit/recv
            LDP Id: 10.11.12.215:0
            LDP Id: 10.11.12.217:0
            LDP Id: 10.11.12.216:0

 
Also, show mpls ldp binding and show mpls ldp nei show all the proper info.
I sent an update back to Cisco on the TAC case but think someone here may
understand and help quicker. Any help or insight would be appreciated.
 
Thanks
Eric
 
 

 
Eric Kagan

 
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list