[c-nsp] IP arp VRF weird issue
Rodney Dunn
rodunn at cisco.com
Wed Nov 19 09:24:05 EST 2008
We will update the arp timer when you receive a request for an
arp source/mac combination. That appears to be why your
timers stay at 0 because you have arp's coming in from those
sources frequently. That is not a real issue that would cause a forwarding
problem normally, although you should look at those end stations to see
why they are arping so much.
You did a ping to this station:
> Internet 192.168.61.82 0 0008.da54.7f92 ARPA FastEthernet0/1.3
so if you check 'sh adj detail' you should see the corresponding CEF
adjacency to forward the frame.
You would need a sniffer to prove the router sent the packet out.
If it's a software forwarding box that has this you could use it:
http://supportwiki.cisco.com/ViewWiki/index.php/Tech_Insights:Utilizing_the_New_Packet_Capture_Feature
Or do a 'debug ip packet <acl> detail' to show the router generating the
packet and forwarding it. But the only 100% way to know is a sniffer
on the wire.
Rodney
On Tue, Nov 18, 2008 at 04:31:50AM -0800, Bruno Filipe wrote:
> Hi there,...
>
> I'm facing a problem between a CE to PE that I'm not really sure the reason for this behavior...
>
> The link to the customer is perfect (NO PROBLEMS AT ALL) but the Service is going up and down (from times to times).
>
> I suspect that there must be something preventing the arp counters to increase which might be the reason for the counters to get stuck.
>
>
> # Here's the relevant Configuration from the PE router#
> !
> ip vrf customerXYZ-vpn
> rd 100:244100
> route-target export 100:244100
> route-target import 100:244100
> route-target import 100:20
> !
> interface FastEthernet0/1.357
> encapsulation dot1Q 357
> ip vrf forwarding customerXYZ-vpn
> ip address 192.168.61.81 255.255.255.252
> ip verify unicast source reachable-via rx
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> no snmp trap link-status
> no cdp enable
> service-policy output reg1024
>
> # Here's some show commands
>
> PE-ROUTER#sh ip vrf customerXYZ-vpn
> Name Default RD Interfaces
> customerXYZ-vpn 100:244100 Fa0/0.355
> Fa0/0.580
> Fa0/0.702
> Fa0/0.706
> Fa0/1.356
> Fa0/1.357
> Fa0/1.361
> Fa0/0.44
> Fa0/1.312
> Fa0/0.719
> Fa0/0.718
> PE-ROUTER#sh ip arp vrf customerXYZ-vpn
> Protocol Address Age (min) Hardware Addr Type Interface
> Internet 172.16.41.190 114 001b.7858.2ef7 ARPA FastEthernet0/0.355
> Internet 192.168.61.37 - 0014.698c.3bfc ARPA FastEthernet0/0.718
> Internet 192.168.61.39 - 0014.698c.3bfc ARPA FastEthernet0/0.719
> Internet 192.168.61.38 0 Incomplete ARPA
> Internet 192.168.60.121 - 0014.698c.3bfc ARPA FastEthernet0/0.44
> Internet 192.168.60.122 0 0008.da56.7300 ARPA FastEthernet0/0.44
> Internet 192.168.61.65 - 0014.698c.3bfc ARPA FastEthernet0/0.355
> Internet 192.168.61.66 0 001b.7858.2ef7 ARPA FastEthernet0/0.355
> Internet 192.168.61.69 - 0014.698c.3bfc ARPA FastEthernet0/0.580
> Internet 192.168.61.70 0 0008.da54.7ff2 ARPA FastEthernet0/0.580
> Internet 192.168.61.73 - 0014.698c.3bfc ARPA FastEthernet0/0.702
> Internet 192.168.61.74 0 0008.da54.7fbf ARPA FastEthernet0/0.702
> Internet 192.168.61.77 - 0014.698c.3bfd ARPA FastEthernet0/1.356
> Internet 192.168.61.78 0 0008.da54.7f7a ARPA FastEthernet0/1.356
> Internet 192.168.61.81 - 0014.698c.3bfd ARPA FastEthernet0/1.357
> Internet 192.168.61.82 0 0008.da54.7f92 ARPA FastEthernet0/1.357
> Internet 192.168.61.85 - 0014.698c.3bfd ARPA FastEthernet0/1.361
> Internet 192.168.61.86 0 Incomplete ARPA
> Internet 192.168.61.89 - 0014.698c.3bfc ARPA FastEthernet0/0.706
> Internet 192.168.61.90 0 001b.785d.74ef ARPA FastEthernet0/0.706
> Internet 192.168.61.93 - 0014.698c.3bfd ARPA FastEthernet0/1.312
> Internet 192.168.61.94 0 Incomplete ARPA
> PE-ROUTER#
>
>
> # Here's the debug output
> PE-ROUTER#debug arp
> ARP packet debugging is on
> PE-ROUTER#
>
> Nov 18 13:16:38.273 GMT+1: IP ARP: rcvd req src 196.216.60.122 0008.da56.7300, dst 196.216.60.121 FastEthernet0/0.44
> Nov 18 13:16:38.273 GMT+1: IP ARP: sent rep src 196.216.60.121 0014.698c.3bfc,
> dst 196.216.60.122 0008.da56.7300 FastEthernet0/0.44
> Nov 18 13:21:11.705 GMT+1: IP ARP: rcvd req src 196.216.61.66 001b.7858.2ef7, dst 196.216.61.65 FastEthernet0/0.355
> Nov 18 13:21:11.705 GMT+1: IP ARP: sent rep src 196.216.61.65 0014.698c.3bfc,
> dst 196.216.61.66 001b.7858.2ef7 FastEthernet0/0.355
> Nov 18 13:24:18.564 GMT+1: IP ARP: rcvd req src 196.216.61.82 0008.da54.7f92, dst 196.216.61.81 FastEthernet0/1.357
> Nov 18 13:24:18.564 GMT+1: IP ARP: sent rep src 196.216.61.81 0014.698c.3bfd,
> dst 196.216.61.82 0008.da54.7f92 FastEthernet0/1.357
>
> PE-ROUTER#ping vrf customerXYZ-vpn 196.216.61.82
>
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 196.216.61.82, timeout is 2 seconds:
> .....
> Success rate is 0 percent (0/5)
> PE-ROUTER#
> PE-ROUTER#sh vlans dot1q fastEthernet 0/1.357
> FastEthernet0/1.357 (0)
> 121420932 packets, 21505176184 bytes input
> 193767899 packets, 237095028833 bytes output
> PE-ROUTER#
>
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list