[c-nsp] VSS1440 to ASR1002 - MEC issues

Tassos Chatzithomaoglou achatz at forthnet.gr
Fri May 1 12:01:18 EDT 2009 

ASR1000 doesn't -yet- support the well-known EtherChannel/LACP. If i remember right, RLS5 
will have it.

There is a feature called VLAN Mapping to Gigabit EtherChannel (GEC) Member Links, but i 
don't think it would help you much, since you have L3 portchannels on both sides.
http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_cfg_gecvlan.html

-- 
Tassos

Alasdair McWilliam wrote on 01/05/2009 18:29:
> Hello,
> 
> I'm currently deploying two Cisco 6509-E chassis with VS-Sup720-10GE (in 
> a VSS 1440 cluster/configuration) with dual ASR 1002 routers to provide 
> aggregation of multiple upstream links (running multiple BGP and EIGRP 
> sessions).
> 
> I wanted to utilize MEC between each ASR and each 6509 chassis to build 
> in as much resilience as possible. However this configuration seems to 
> be playing up and so I thought I'd ask the experts!
> 
> Physical Topology:
> 
> ASR Gi0/0/0 into 6509 Chassis 1 Module 1 Port 1
> ASR Gi0/1/0 into 6509 Chassis 2 Module 1 Port 1
> 
> The ASR is running IOS-XE 2.3.0 (IOS 12.2(33)XNC) AISK9 with dual IOS 
> processes.
> The VSS chassis are running IOS 12.2(33)SXI1 ISK9 with a 4x 10GE VSL (2 
> supervisor 10GE interfaces, 2 10GE interfaces on a 6708-10GE line card).
> I'm just using CAT6 between the ASR and the 6748-GE-TX line cards in the 
> VSS boxes.
> 
> ASR configuration:
> 
> interface Port-Channel1
> ip address x.x.x.5 255.255.255.252
> ip hello-interval eigrp 100 2
> ip hold-time eigrp 100 6
> ip authentication mode eigrp 100 md5
> ip authentication key-chian eigrp 100 vcoresw1-chain
> ip summary-address eigrp 100 0.0.0.0 0.0.0.0 255
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> no shut
> !
> 
> interface Gi0/0/0
> channel-group 1
> no shut
> 
> interface Gi0/1/0
> channel-group 1
> no shut
> 
> Cisco VSS configuration:
> 
> int Gi1/1/1
> no switchport
> channel-group 3 mode on
> 
> int Gi2/1/1
> no switchport
> channel-group 3 mode on
> 
> int Po3
> desc *** MEC to br1-po1 ***
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip vrf forwarding edge-vrf
> ip address x.x.x.6 255.255.255.252
> ip hello-interval eigrp 100 2
> ip hold-time eigrp 100 6
> ip authentication mode eigrp 100 md5
> ip authentication key-chain eigrp 100 br1-chain
> no shut
> !
> 
> 
> 
> The problem I am experiencing seems to be one way traffic between the 
> VSS cluster and the Border Router. Pinging across this /30 subnet does 
> not work in either direction. EIGRP relationships build when the Po 
> interfaces first come online and then immediately time out moments 
> later. The VSS cluster then does not see any further EIGRP traffic from 
> the ASR. However the ASR seems to think it's successfully building an 
> adjacency to the VSS. However this times out due to 'retry limit 
> exceeded' every minute or so, but seems to think it re-establishes again.
> 
> This problem persists if we drop the PortChannel to just one Gigabit 
> Ethernet interface. The second interface can be shut down or actually 
> removed from the Po config (eg. no channel-group 1).
> 
> The really interesting thing is, with one link, if we remove the 
> channel-group comand from the one remaining ASR interface, all of a 
> sudden the link springs to life. Pings between the ASR Gi0/0/0 interface 
> and the Po3 VSS interface are successful. EIGRP relationship comes up 
> immediately and is stable, and routes are exchanged as you'd expect.
> 
> How does this work? With the ASR thinking it's a non-etherchannel 
> interface, but the VSS thinking it IS an EtherChannel (with 1 member), 
> surely it should just fail?
> 
> Am I doing something wrong or could this be a bug in either VSS or the ASR?
> 
> It's not earth shattering, we could just configure 2 EIGRP sessions 
> between the VSS and the ASR (4 in total with 2 ASRs) but don't think 
> this is as clean an implementation as MEC across fully redundant chassis 
> and line cards (one of the big selling points of the VSS !!)
> 
> Any help would be much appreciated!
> 
> Thanks
> Alasdair
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list