[c-nsp] VSS1440 to ASR1002 - MEC issues
Tassos Chatzithomaoglou
achatz at forthnet.gr
Sat May 2 04:09:56 EDT 2009
Alasdair McWilliam wrote on 02/05/2009 10:01:
> Even if ASR only supports GEC, surely my apparent 'one way' traffic
> symptoms aren't right? I only have one Gigabit Ethernet link in the
> Port-Channel, between the ASR and the active chassis within the VSS.
> When the channel-group command is removed from the ASR's GE interface,
> and the config moved onto the GE interface, it starts to work a treat,
> despite the VSS still thinking it's an EtherChannel !
>
I think that's expected behavior since you have "on" on the VSS side (there aren't any
negotiable protocols used between VSS and ASR).
--
Tassos
> Also, the 'switch accept mode virtual' command was run on the active
> node when the switches were first converted to VSS and rebooted.
>
> Many thanks
> Alasdair
>
>
>
> On 2 May 2009, at 01:43, Daniel de la Rosa (ddelaros) wrote:
>
>> That's correct, ASR1000 GEC only support static VLAN LB at the moment
>> and not LACP. So this can only work if you are ok on just using GEC with
>> VLANs on both sides as Tassos mentioned. Since you are deploying GEC for
>> redundancy, this VLAN static LB should be able to give you what you
>> need. Also you need to have the VSS on GEC mode on.
>>
>> HTH
>>
>>
>> -------------
>> Daniel de la Rosa
>> CCIE # 4622
>> Technical Marketing Engineer
>> ERBU, Cisco Systems
>>
>>
>>
>>>
>>>
>>> ASR1000 doesn't -yet- support the well-known EtherChannel/LACP. If i
>>> remember right, RLS5
>>> will have it.
>>>
>>> There is a feature called VLAN Mapping to Gigabit EtherChannel (GEC)
>>> Member Links, but i
>>> don't think it would help you much, since you have L3 portchannels on
>>> both sides.
>>>
>> http://www.cisco.com/en/US/docs/ios/lanswitch/configuration/guide/lsw_c
>>> fg_gecvlan.html
>>>
>>> --
>>> Tassos
>>>
>>> Alasdair McWilliam wrote on 01/05/2009 18:29:
>>>> Hello,
>>>>
>>>> I'm currently deploying two Cisco 6509-E chassis with VS-Sup720-10GE
>>> (in
>>>> a VSS 1440 cluster/configuration) with dual ASR 1002 routers to
>>> provide
>>>> aggregation of multiple upstream links (running multiple BGP and
>>> EIGRP
>>>> sessions).
>>>>
>>>> I wanted to utilize MEC between each ASR and each 6509 chassis to
>>> build
>>>> in as much resilience as possible. However this configuration seems
>>> to
>>>> be playing up and so I thought I'd ask the experts!
>>>>
>>>> Physical Topology:
>>>>
>>>> ASR Gi0/0/0 into 6509 Chassis 1 Module 1 Port 1
>>>> ASR Gi0/1/0 into 6509 Chassis 2 Module 1 Port 1
>>>>
>>>> The ASR is running IOS-XE 2.3.0 (IOS 12.2(33)XNC) AISK9 with dual
>> IOS
>>>> processes.
>>>> The VSS chassis are running IOS 12.2(33)SXI1 ISK9 with a 4x 10GE VSL
>>> (2
>>>> supervisor 10GE interfaces, 2 10GE interfaces on a 6708-10GE line
>>> card).
>>>> I'm just using CAT6 between the ASR and the 6748-GE-TX line cards in
>>> the
>>>> VSS boxes.
>>>>
>>>> ASR configuration:
>>>>
>>>> interface Port-Channel1
>>>> ip address x.x.x.5 255.255.255.252
>>>> ip hello-interval eigrp 100 2
>>>> ip hold-time eigrp 100 6
>>>> ip authentication mode eigrp 100 md5
>>>> ip authentication key-chian eigrp 100 vcoresw1-chain
>>>> ip summary-address eigrp 100 0.0.0.0 0.0.0.0 255
>>>> no ip redirects
>>>> no ip unreachables
>>>> no ip proxy-arp
>>>> no shut
>>>> !
>>>>
>>>> interface Gi0/0/0
>>>> channel-group 1
>>>> no shut
>>>>
>>>> interface Gi0/1/0
>>>> channel-group 1
>>>> no shut
>>>>
>>>> Cisco VSS configuration:
>>>>
>>>> int Gi1/1/1
>>>> no switchport
>>>> channel-group 3 mode on
>>>>
>>>> int Gi2/1/1
>>>> no switchport
>>>> channel-group 3 mode on
>>>>
>>>> int Po3
>>>> desc *** MEC to br1-po1 ***
>>>> no ip redirects
>>>> no ip unreachables
>>>> no ip proxy-arp
>>>> ip vrf forwarding edge-vrf
>>>> ip address x.x.x.6 255.255.255.252
>>>> ip hello-interval eigrp 100 2
>>>> ip hold-time eigrp 100 6
>>>> ip authentication mode eigrp 100 md5
>>>> ip authentication key-chain eigrp 100 br1-chain
>>>> no shut
>>>> !
>>>>
>>>>
>>>>
>>>> The problem I am experiencing seems to be one way traffic between
>> the
>>>> VSS cluster and the Border Router. Pinging across this /30 subnet
>>> does
>>>> not work in either direction. EIGRP relationships build when the Po
>>>> interfaces first come online and then immediately time out moments
>>>> later. The VSS cluster then does not see any further EIGRP traffic
>>> from
>>>> the ASR. However the ASR seems to think it's successfully building
>> an
>>>> adjacency to the VSS. However this times out due to 'retry limit
>>>> exceeded' every minute or so, but seems to think it re-establishes
>>> again.
>>>>
>>>> This problem persists if we drop the PortChannel to just one Gigabit
>>>> Ethernet interface. The second interface can be shut down or
>> actually
>>>> removed from the Po config (eg. no channel-group 1).
>>>>
>>>> The really interesting thing is, with one link, if we remove the
>>>> channel-group comand from the one remaining ASR interface, all of a
>>>> sudden the link springs to life. Pings between the ASR Gi0/0/0
>>> interface
>>>> and the Po3 VSS interface are successful. EIGRP relationship comes
>> up
>>>> immediately and is stable, and routes are exchanged as you'd expect.
>>>>
>>>> How does this work? With the ASR thinking it's a non-etherchannel
>>>> interface, but the VSS thinking it IS an EtherChannel (with 1
>>> member),
>>>> surely it should just fail?
>>>>
>>>> Am I doing something wrong or could this be a bug in either VSS or
>>> the ASR?
>>>>
>>>> It's not earth shattering, we could just configure 2 EIGRP sessions
>>>> between the VSS and the ASR (4 in total with 2 ASRs) but don't think
>>>> this is as clean an implementation as MEC across fully redundant
>>> chassis
>>>> and line cards (one of the big selling points of the VSS !!)
>>>>
>>>> Any help would be much appreciated!
>>>>
>>>> Thanks
>>>> Alasdair
>>>>
>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>
>>> _______________________________________________
>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
More information about the cisco-nsp
mailing list