[c-nsp] 12.4(24)T Bug ?

Antonio Soares amsoares at netcabo.pt
Mon Mar 30 08:04:57 EDT 2009 

I found in the meanwhile that IPv6 traffic is completely broken between CE and PE:

CE1#ping 2001:10::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:10::2, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
CE1#

PE1#sh runn int f0/0
Building configuration...

Current configuration : 176 bytes
!
interface FastEthernet0/0
 vrf forwarding vrf1
 ip address 10.10.10.254 255.255.255.0
 duplex auto
 speed auto
 ipv6 address 2001:10::2/64
 service-policy input MONITOR
end

PE1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
PE1(config)#int f0/0
PE1(config-if)#no  service-policy input MONITOR
PE1(config-if)#


CE1#ping 2001:10::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:10::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/87/272 ms
CE1#
CE1#

PE1(config-if)#
PE1(config-if)#  service-policy input MONITOR  
PE1(config-if)#


CE1#
CE1#ping 2001:10::2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:10::2, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
CE1#

It seems the Service Policy breaks IPv6 ICMP ND but i still don't understand very well why.

Anyone running 12.2(24)T ?


Regards,

Antonio Soares, CCIE #18473 (R&S)
amsoares at netcabo.pt

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Antonio Soares
Sent: domingo, 29 de Março de 2009 3:10
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] 12.4(24)T Bug ?

Just to add that i found this problem in a production network and i was able to reproduce the issue with dynamips.

In both situations, i have sequences of 19 reply failures. Weird, isnt' it ?


Regards,

Antonio Soares, CCIE #18473 (R&S)
amsoares at netcabo.pt

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Antonio Soares
Sent: sábado, 28 de Março de 2009 2:50
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] 12.4(24)T Bug ?

Hello group,

I have a 7200 running 12.4(24)T ADVIPSERVICESK9-M configured for 6VPE:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++
PE1#sh runn
Building configuration...

Current configuration : 2346 bytes
!
upgrade fpd auto
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE1
!
boot-start-marker
boot-end-marker
!
vrf definition vrf1
 rd 1:1
 !
 address-family ipv4
 route-target export 1:1
 route-target import 1:1
 exit-address-family
 !
 address-family ipv6
 route-target export 1:1
 route-target import 1:1
 exit-address-family
!
logging message-counter syslog
enable password cisco
!
no aaa new-model
ip source-route
ip cef
!
!
!
!
no ip domain lookup
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!         
!
!
!
!
!
!
!
!
!
!
!
archive
 log config
  hidekeys
! 
!
!
!
!
!
class-map match-any PRECEDENCE-0
 match  precedence 0 
!         
!
policy-map MONITOR
 class PRECEDENCE-0
!
!
!
!
!
interface Loopback0
 ip address 100.100.100.1 255.255.255.255 !
interface FastEthernet0/0
 vrf forwarding vrf1
 ip address 10.10.10.254 255.255.255.0
 duplex auto
 speed auto
 ipv6 address 2001:10::2/64
 service-policy input MONITOR
!
interface FastEthernet0/1
 ip address 13.13.13.1 255.255.255.0
 duplex auto
 speed auto
 mpls ip
!
router ospf 1
 router-id 100.100.100.1
 log-adjacency-changes
 network 0.0.0.0 255.255.255.255 area 0
!
router bgp 1
 bgp router-id 100.100.100.1
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 100.100.100.2 remote-as 1
 neighbor 100.100.100.2 update-source Loopback0  !
 address-family vpnv6
  neighbor 100.100.100.2 activate
  neighbor 100.100.100.2 send-community extended  exit-address-family  !
 address-family vpnv4
  neighbor 100.100.100.2 activate
  neighbor 100.100.100.2 send-community extended  exit-address-family  !
 address-family ipv4 vrf vrf1
  redistribute connected
  redistribute static
  no synchronization
 exit-address-family
 !
 address-family ipv6 vrf vrf1
  redistribute connected
  redistribute static
  no synchronization
 exit-address-family
!
ip forward-protocol nd
ip route vrf vrf1 1.1.1.1 255.255.255.255 10.10.10.1 no ip http server no ip http secure-server !
!
!
ipv6 route vrf vrf1 2001:1::/64 2001:10::1 !
!         
!
!
!
!
control-plane
!
!
!
mgcp fax t38 ecm
!
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 stopbits 1
line vty 0 4
 password cisco
 login
!
end

PE1#
++++++++++++++++++++++++++++++++++++++++++++++++++++++++

And i have this connectivity problem between CE devices (CE1 is directly connected to PE1):

++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CE1#ping
Protocol [ip]: ipv6
Target IPv6 address: 2001:2::1
Repeat count [5]: 1000
Datagram size [100]: 
Timeout in seconds [2]: 
Extended commands? [no]: 
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 2001:2::1, timeout is 2 seconds:
....!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!......
.............!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!...................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!...................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!...................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!...................!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...................!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...................!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...................!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.............
......!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!......
.............!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!...................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!...................!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 76 percent (768/1000), round-trip min/avg/max = 48/134/400 ms CE1#
++++++++++++++++++++++++++++++++++++++++++++++++++++++++

The problem does not occur when the input service-policy facing CE1 is removed:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++
CE1#ping
Protocol [ip]: ipv6
Target IPv6 address: 2001:2::1
Repeat count [5]: 1000
Datagram size [100]: 
Timeout in seconds [2]: 
Extended commands? [no]: 
Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 2001:2::1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (1000/1000), round-trip min/avg/max = 28/133/340 ms CE1#
++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Any ideas of what could be causing this ?


Thanks.

Regards,

Antonio Soares, CCIE #18473 (R&S)
amsoares at netcabo.pt

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list