[c-nsp] Hardware limitations on SUP32 with LDP and full routing table

Jose lobo at allstream.net
Wed Jan 21 20:44:34 EST 2009 

I was wondering if I could get some additional opinions on a case I have 
open with Cisco.  We have recently started turning up LDP on various 
links out towards some routers that are being converted to act as PEs.  
The core is all connected together and has been running LDP on those 
particular links for over 8 months.

This past weekend we turned up LDP on a link to one of our remote cities 
and we received sporadic complaints that some customers couldn't access 
any sites/addresses if the path was via one of our P routers.  If 
traffic was through any other path on the network it was fine.  
Traceroutes to & from this P router showed were unsuccessful even though 
the routing table and LFIB all showed the correct information.  Turning 
off LDP across this link resolved the problem for the customers.

After opening up the TAC case and lots of troubleshooting they showed us 
this:

Without LDP on:
frort04#sh ip cef exact-route 172.17.0.254 68.179.73.86
172.17.0.254    -> 68.179.73.86   : Vlan2210 (next hop 67.226.181.110)  
<<<<<< the next hop is correct

With LDP on:
frort04#sh mls cef exact-route 172.17.0.254 68.179.73.86   
Interface: Vl2210, Next Hop: 224.0.0.168, Vlan: 2210, Destination Mac: 
00b0.4a5e.7419  <<<<<<<< next hop can't be a multicast IP

the CEF entry and MLS CEF entry are different, after consulting the 
LAN-SW team, it is found this router had issue of overloaded routes 
causing mls cef table become corrupted.

So basically we were told that because the SUP32 has a hardware 
limitation of 250K routes that it can hardware cef, we were getting 
corruption in our tables and in turn corrupting how LDP was building its 
forwarding table.  The core P routers currently hold the entire internet 
routing tables so yes they technically are pretty full in terms of the 
number of routes they can hold.  They want us to reload our router to 
clear the tables but they can't guarantee that this problem won't 
resurface again down the road or right away.  I'm more curious if there 
is some kind of IOS bug we might be hitting which I'm hoping one of you 
might know but they're supposed to be doing a bug scrub as well.

Any thoughts on what we're experiencing?  Should we bite the bullet and 
upgrade to SUP720-3BXLs?

Thanks.

Jose

More information about the cisco-nsp mailing list