[c-nsp] IP arp VRF weird issue

Rodney Dunn rodunn at cisco.com
Wed Nov 19 09:24:05 EST 2008


We will update the arp timer when you receive a request for an
arp source/mac combination. That appears to be why your
timers stay at 0 because you have arp's coming in from those
sources frequently. That is not a real issue that would cause a forwarding
problem normally, although you should look at those end stations to see
why they are arping so much.

You did a ping to this station:

> Internet  192.168.61.82           0   0008.da54.7f92  ARPA   FastEthernet0/1.3

so if you check 'sh adj detail' you should see the corresponding CEF
adjacency to forward the frame.

You would need a sniffer to prove the router sent the packet out.

If it's a software forwarding box that has this you could use it:

http://supportwiki.cisco.com/ViewWiki/index.php/Tech_Insights:Utilizing_the_New_Packet_Capture_Feature

Or do a 'debug ip packet <acl> detail' to show the router generating the
packet and forwarding it. But the only 100% way to know is a sniffer
on the wire.

Rodney



On Tue, Nov 18, 2008 at 04:31:50AM -0800, Bruno Filipe wrote:
> Hi there,...
> 
> I'm facing a problem between a CE to PE that I'm not really sure the reason for this behavior...
> 
> The link to the customer is perfect (NO PROBLEMS AT ALL) but the Service is going up and down (from times to times).
> 
> I suspect that there must be something preventing the arp counters to increase which might be the reason for the counters to get stuck.
> 
> 
> # Here's the relevant Configuration from the PE router#
> !
> ip vrf customerXYZ-vpn
>  rd 100:244100
>  route-target export 100:244100
>  route-target import 100:244100
>  route-target import 100:20
> !
> interface FastEthernet0/1.357
>  encapsulation dot1Q 357
>  ip vrf forwarding customerXYZ-vpn
>  ip address 192.168.61.81 255.255.255.252
>  ip verify unicast source reachable-via rx
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  no snmp trap link-status
>  no cdp enable
>  service-policy output reg1024
> 
> # Here's some show commands
> 
> PE-ROUTER#sh ip vrf customerXYZ-vpn
>   Name                             Default RD          Interfaces
>   customerXYZ-vpn                    100:244100        Fa0/0.355
>                                                        Fa0/0.580
>                                                        Fa0/0.702
>                                                        Fa0/0.706
>                                                        Fa0/1.356
>                                                        Fa0/1.357
>                                                        Fa0/1.361
>                                                        Fa0/0.44
>                                                        Fa0/1.312
>                                                        Fa0/0.719
>                                                        Fa0/0.718
> PE-ROUTER#sh ip arp vrf customerXYZ-vpn
> Protocol  Address          Age (min)  Hardware Addr   Type   Interface
> Internet  172.16.41.190         114   001b.7858.2ef7  ARPA   FastEthernet0/0.355
> Internet  192.168.61.37           -   0014.698c.3bfc  ARPA   FastEthernet0/0.718
> Internet  192.168.61.39           -   0014.698c.3bfc  ARPA   FastEthernet0/0.719
> Internet  192.168.61.38           0   Incomplete      ARPA   
> Internet  192.168.60.121          -   0014.698c.3bfc  ARPA   FastEthernet0/0.44
> Internet  192.168.60.122          0   0008.da56.7300  ARPA   FastEthernet0/0.44
> Internet  192.168.61.65           -   0014.698c.3bfc  ARPA   FastEthernet0/0.355
> Internet  192.168.61.66           0   001b.7858.2ef7  ARPA   FastEthernet0/0.355
> Internet  192.168.61.69           -   0014.698c.3bfc  ARPA   FastEthernet0/0.580
> Internet  192.168.61.70           0   0008.da54.7ff2  ARPA   FastEthernet0/0.580
> Internet  192.168.61.73           -   0014.698c.3bfc  ARPA   FastEthernet0/0.702
> Internet  192.168.61.74           0   0008.da54.7fbf  ARPA   FastEthernet0/0.702
> Internet  192.168.61.77           -   0014.698c.3bfd  ARPA   FastEthernet0/1.356
> Internet  192.168.61.78           0   0008.da54.7f7a  ARPA   FastEthernet0/1.356
> Internet  192.168.61.81           -   0014.698c.3bfd  ARPA   FastEthernet0/1.357
> Internet  192.168.61.82           0   0008.da54.7f92  ARPA   FastEthernet0/1.357
> Internet  192.168.61.85           -   0014.698c.3bfd  ARPA   FastEthernet0/1.361
> Internet  192.168.61.86           0   Incomplete      ARPA   
> Internet  192.168.61.89           -   0014.698c.3bfc  ARPA   FastEthernet0/0.706
> Internet  192.168.61.90           0   001b.785d.74ef  ARPA   FastEthernet0/0.706
> Internet  192.168.61.93           -   0014.698c.3bfd  ARPA   FastEthernet0/1.312
> Internet  192.168.61.94           0   Incomplete      ARPA   
> PE-ROUTER#
> 
> 
> # Here's the debug output
> PE-ROUTER#debug arp 
> ARP packet debugging is on
> PE-ROUTER#
> 
> Nov 18 13:16:38.273 GMT+1: IP ARP: rcvd req src 196.216.60.122 0008.da56.7300, dst 196.216.60.121 FastEthernet0/0.44
> Nov 18 13:16:38.273 GMT+1: IP ARP: sent rep src 196.216.60.121 0014.698c.3bfc,
>                  dst 196.216.60.122 0008.da56.7300 FastEthernet0/0.44
> Nov 18 13:21:11.705 GMT+1: IP ARP: rcvd req src 196.216.61.66 001b.7858.2ef7, dst 196.216.61.65 FastEthernet0/0.355
> Nov 18 13:21:11.705 GMT+1: IP ARP: sent rep src 196.216.61.65 0014.698c.3bfc,
>                  dst 196.216.61.66 001b.7858.2ef7 FastEthernet0/0.355
> Nov 18 13:24:18.564 GMT+1: IP ARP: rcvd req src 196.216.61.82 0008.da54.7f92, dst 196.216.61.81 FastEthernet0/1.357
> Nov 18 13:24:18.564 GMT+1: IP ARP: sent rep src 196.216.61.81 0014.698c.3bfd,
>                  dst 196.216.61.82 0008.da54.7f92 FastEthernet0/1.357
> 
> PE-ROUTER#ping vrf customerXYZ-vpn 196.216.61.82
> 
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 196.216.61.82, timeout is 2 seconds:
> .....
> Success rate is 0 percent (0/5)
> PE-ROUTER#
> PE-ROUTER#sh vlans dot1q fastEthernet 0/1.357
> FastEthernet0/1.357 (0)
>    121420932 packets, 21505176184 bytes input
>    193767899 packets, 237095028833 bytes output
> PE-ROUTER#
> 
> 
> 
>       
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list