[c-nsp] TCP Throughput / MTU problem ? with Cisco 7304 andMPLS VPN's

Eric Kagan ekagan at axsne.com
Fri Jan 11 10:42:14 EST 2008 

> It will be easier to look into this issue if you can provide 
> the detail like
> where this router sits exactly. Like between P--P, PE--P, 
> PE--PE. I believe

It's strictly a P router, the setup is 3 POP's on a fiber ring, 2 P
routers at each side for each fiber entrance.  P's are connected on Gig
backbone to PE routers

      POP1
      P-P
     /   \
P   P     P  P
O   |     |  O
P   P-----P  P
2            3


> that if packets are passing out from this interface and being 
> labeled on the
> device very first time you need to set ip mtu too. In Cisco 
> mpls mtu command
> only work for labeled packets. 


One thing I did forget to mention.  The 7206 has physical interface MTU
= 1500, MPLS MTU 1546 and works fine on over 20 routers.  Its just the
one 7304 that is having an issue.  Currently, I have not changed
physical interface MTU on 7304, its 1500.  I have tried MPLS MTU 1546
(and yes I got the error msg setting MTU above physical can cause
problems....) and MPLS MTU 1520


7304:


> interface GigabitEthernet1
>  mpls mtu 1520
>  mpls label protocol ldp
>  mpls ip

GigabitEthernet1 is up, line protocol is up
  Hardware is BCM1250 Internal MAC, address is 001c.5881.7001 (bia
001c.5881.7001)
  MTU 1500 bytes, BW 1000000 Kbit, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255



7206: (Working fine along this path)

interface GigabitEthernet0/2
 mpls label protocol ldp
 tag-switching mtu 1546
 tag-switching ip
!

ma.wstr2.core1#show int g0/2
GigabitEthernet0/2 is up, line protocol is up
  Hardware is BCM1250 Internal MAC, address is 0018.1819.851a (bia
0018.1819.851a)
  MTU 1500 bytes, BW 50 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Full-duplex, 1000Mb/s, link type is autonegotiation, media type is SX


> 
> Second if there are some gre tunnels involved along with mpls 
> thn you may
> need to further tweak mtu settings.

There are currently no GRE tunnels


> 
> Regards,
> Masood Ahmad Shah
> 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Eric Kagan
> Sent: Friday, January 11, 2008 7:51 PM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] TCP Throughput / MTU problem ? with Cisco 
> 7304 and MPLS
> VPN's
> 
> I am running in to a strange problem and hopfeully someone 
> here can help.  I
> did open a Cisco TAC case but I don't think they understand 
> the issue or
> maybe I didn't explain it well.
>  
> We have MPLS enabled through the core of our network for customer MPLS
> VPN's.   Until now, all devices have been 7206VXR's w/ 
> NPE-G1's and we are
> only using the 3 internal Gig ports on the Processor.  I 
> upgraded one of the
> VXR's to a 7304 and configured it the same as the 7206.  The 
> router itself
> is working fine, BGP is working, regular IP traffic / 
> throughout is fine
> (iperf tests have no issues).  I have confirmed interface 
> MTU's, switch
> MTU's and everything is configured the same as before.  When 
> VPN traffic
> goes through this link, I get reports of TCP requests 
> starting and then
> stopping (i.e. SSH makes connection but can't pass data, or 
> do an 'ls', etc
> or HTTP Get seems to connect but doesn't pass data back).  It 
> all sounds
> very similar to MTU issues I experienced and read about on 
> MPLS interfaces.
> If I reroute the traffic around the ring away from the 7304 
> everything works
> fine again - and the problem connections are resolved in seconds.  I
> originally had the MTU set to 1546 on the 7304 (I used to use 
> 1524 but some
> of the L2 VPN's needed more so I bumped them up).  I came across the
> document MPLS MTU Command Changes
> (http://www.cisco.com/en/US/products/ps6566/products_feature_g
> uide09186a0080
> 629db0.html) which I found interesting so I set the MPLS MTU 
> to 1520 with no
> avail.  Below is show ver and config clips along with a few 
> show commands.
> I am hoping someone has seen this and knows how to resolve.
> 
> Thanks
> Eric
>  
>  
>  
>  
>  
> Cisco IOS Software, 7300 Software (C7300-K91P-M), Version 12.2(31)SB6,
> RELEASE SOFTWARE (fc1)
> System image file is "disk0:c7300-k91p-mz.122-31.SB6.bin"
> cisco 7300 (NPEG100) processor (revision B) with 
> 983040K/65536K bytes of
> memory.
> 
>  
> mpls label protocol ldp
> !
> interface Loopback0
>  ip address 10.11.12.214 255.255.255.255
> !
> interface GigabitEthernet0
>  desc Backbone Switch
>  ip address 10.11.13..1 255.255.255.224
>  ip flow ingress
>  load-interval 30
>  media-type rj45
>  speed auto
>  duplex auto
>  negotiation auto
>  mpls mtu 1520
>  mpls label protocol ldp
>  mpls ip
> !
> interface GigabitEthernet1
>  description Fiber to POP1
>  ip address 10.11.14.26 255.255.255.252
>  ip flow ingress
>  load-interval 30
>  delay 10000
>  media-type gbic
>  speed auto
>  duplex auto
>  negotiation auto
>  mpls mtu 1520
>  mpls label protocol ldp
>  mpls ip
> !
> interface GigabitEthernet2
>  description Backbone Failover
>  bandwidth 50
>  ip address 10.11.14.253 255.255.255.248
>  ip flow ingress
>  load-interval 30
>  media-type rj45
>  speed auto
>  duplex auto
>  negotiation auto
>  mpls mtu 1520
>  mpls label protocol ldp
>  mpls ip
> !
> router bgp xxxxx
>  no synchronization
>  bgp log-neighbor-changes
>  neighbor RR_SERVER peer-group
>  neighbor RR_SERVER remote-as xxxxx
>  neighbor RR_SERVER update-source Loopback0
>  neighbor RR_SERVER next-hop-self
>  neighbor RR_SERVER send-community both
>  neighbor 10.11.12.201 peer-group RR_SERVER
>  neighbor 10.11.12.201 description pecore-mma
>  neighbor 10.11.12.203 peer-group RR_SERVER
>  neighbor 10.11.12.203 description pecore-wma
>  no auto-summary
>  !
>  
> #show mpls int
> Interface              IP            Tunnel   BGP Static Operational
> GigabitEthernet0       Yes (ldp)     No       No  No     Yes
> GigabitEthernet1       Yes (ldp)     No       No  No     Yes
> GigabitEthernet2       Yes (ldp)     No       No  No     Yes
> 
>  
>  
>  
> #show mpls ldp disc
>  Local LDP Identifier:
>    10.11.12.214:0
>     Discovery Sources:
>     Interfaces:
>         GigabitEthernet0 (ldp): xmit/recv
>             LDP Id: 10.11.12.216:0
>             LDP Id: 10.11.12.215:0
>             LDP Id: 10.11.12.217:0
>         GigabitEthernet1 (ldp): xmit/recv
>             LDP Id: 10.11.12.203:0
>         GigabitEthernet2 (ldp): xmit/recv
>             LDP Id: 10.11.12.215:0
>             LDP Id: 10.11.12.217:0
>             LDP Id: 10.11.12.216:0
> 
>  
> Also, show mpls ldp binding and show mpls ldp nei show all 
> the proper info.
> I sent an update back to Cisco on the TAC case but think 
> someone here may
> understand and help quicker. Any help or insight would be appreciated.
>  
> Thanks
> Eric
>  
>  
> 
>  
> Eric Kagan
> 
>  
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
>

More information about the cisco-nsp mailing list