[c-nsp] 7600 HFIB bug?

Matthew Huff mhuff at ox.com
Thu Jul 28 15:37:43 EDT 2011


It's very possible the fib is correct, but should be correctable by doing a "clear arp" and a "clear ip route *". What IOS are you running and what sup engine do you have? Also, what does "show ip cef exact-route source_ip dest_ip" show?

Are there anything else "interesting" configured? MPLS, PBR, i.e., what does the interface config look like?

----
Matthew Huff             | 1 Manhattanville Rd
Director of Operations   | Purchase, NY 10577
OTA Management LLC       | Phone: 914-460-4039
aim: matthewbhuff        | Fax:   914-460-4139


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Persio Pucci
Sent: Thursday, July 28, 2011 3:23 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] 7600 HFIB bug?

Hi all. I am new to the list and this is my first post. :)

Trying to get to the bottom of a situation, sans-TAC. Long story short, for
context sake, I had a 7300 that was replaced by a 7600 at my Rio de Janeiro
site connecting to SP and NY.

(SP --- RIO --- NY)

Everything was working fine by the time we were finishing replacing the box,
when our circuit to Sao Paulo was hit and stayed down for about 6 hours.
When the circuit came back up, some communication to NY was just simply not
working, the SP rotuer could not reach, for whatever reason, IP addresses
that were reachable after replacing the box, before the hit. It used to work
on a TE tunnel I had to remove and make Rio a BGP hop to put it to work
while I tried to figure wtf was going on. Ever since, I can ping NY's IP
address from Rio, but cannot from SP, altough all routing is in place
(ISIS), all CEF entries are there.

Well, after a few weeks working on this when time was allowed, I came to a
intriguing situation today, while working with the help of a friend. I was
trying to debug this by using a permit ACL with log-input on the Rio
interfaces and see what was going on. When I applied the ACL on the
interfaces (ip permit x x log-input, ip permit any any), things started
working, and I was again able to ping from SP to NY. If I remove the ACL, I
cease to ping NY from SP.

I seems like something is borked at the 7600, cause the packets won't go
through if they are CEF switched, but they will when they are punted to the
CPU for the logging. Lookis like some FIB/HFIB issue that is beyond
my comprehension.

Any ideas besides going to TAC? Tks!
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list