[c-nsp] PVLAN and trunks (for redundancy and more bandwidth), any idea?

Sven 'Darkman' Michels sven at darkman.de
Wed Feb 24 08:43:06 EST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Matt Buford schrieb:
> Have you confirmed that the problem happens to packets going through the
> switch?  What you pasted before was pings originating from the switch.
>  In general, I wouldn't assume that the behavior of pings to/from the
> switch are the same as packets through the switch.  They take a very
> different path through the switch.
> 
> For example, put one host on a non-pvlan SVI, and then put another host
> on your pvlan SVI.  Do you get the same packetloss problem?

i've tested it, again, just to be sure. The device is on the 3650 Switch
in the pvlan, 6500 does the routing and holds the svi for the pvlan. I started
pinging the testdevice which worked fine so far. Then i enabled
ip verify unicast source reachable-via rx
and got massive loss. After disableing it, the ping worked fine again:
64 bytes from x.x.x.13: icmp_seq=50 ttl=63 time=603 usec
64 bytes from x.x.x.13: icmp_seq=51 ttl=63 time=613 usec
64 bytes from x.x.x.13: icmp_seq=52 ttl=63 time=616 usec
64 bytes from x.x.x.13: icmp_seq=53 ttl=63 time=616 usec
64 bytes from x.x.x.13: icmp_seq=54 ttl=63 time=599 usec
64 bytes from x.x.x.13: icmp_seq=55 ttl=63 time=616 usec
- - enable -
64 bytes from x.x.x.13: icmp_seq=58 ttl=63 time=726 usec
64 bytes from x.x.x.13: icmp_seq=60 ttl=63 time=640 usec
64 bytes from x.x.x.13: icmp_seq=67 ttl=63 time=667 usec
64 bytes from x.x.x.13: icmp_seq=69 ttl=63 time=641 usec
- - disable -
64 bytes from x.x.x.13: icmp_seq=71 ttl=63 time=642 usec
64 bytes from x.x.x.13: icmp_seq=72 ttl=63 time=625 usec
64 bytes from x.x.x.13: icmp_seq=73 ttl=63 time=617 usec
64 bytes from x.x.x.13: icmp_seq=74 ttl=63 time=591 usec
64 bytes from x.x.x.13: icmp_seq=75 ttl=63 time=574 usec
64 bytes from x.x.x.13: icmp_seq=76 ttl=63 time=605 usec
64 bytes from x.x.x.13: icmp_seq=77 ttl=63 time=609 usec
64 bytes from x.x.x.13: icmp_seq=78 ttl=63 time=582 usec

so its definitivly a problem with the verify stuff and pvlan :(

Regards and thanks,
Sven
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkuFLOoACgkQQoCguWUBzBy88wCfXCYsR58eEM+JMUg60kQP1Vqt
sQEAoITLxOKnzAcNFDNtBS2KY1iK2w+2
=u4HR
-----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list