[c-nsp] l2vpn me3600X to ASR9k
Claes Jansson
claes at gastabud.com
Tue Nov 27 07:50:11 EST 2012
Hi!
I have stumpled across a wierd problem, and would like some input on
where to dig for the answer :-)
My setup looks like this... All links are routed directly on the
interface (/31), no MPLS over SVI.
XX-ro-test-02 (ME3600X) <--> XX-ro-test-01 (ME3600X) <-->
XX-ro-core-01 (ASR9K) <--> XX-ro-core-02 (ASR9K) <--> XX-ro-core-10
(ME3600X)
The problem is that when i do a xconnect from ME3600 (tried from test-02
and test-01) to core-02 it fail's. But when connecting them to core-01
or core-10 it works.
I also have connected the l2vpn bridge-domain "vlan10" between core-01
and core-02 by VFI/VPLS.
Both the ASR9K and ME3600 shows the xconnect as status "UP".
# Software and hardware
ASR9K, running 4.2.1 no SMU's
RSP440, LineCard, MOD80 (AIP), MPAs 1x20GE, 1x4TE
ME3600X, running 15.2(4)S1 (AdvIP)
# All devices can reach eachother through lo0
# OSPF, MP-BGP and LDP running.
# l3 vpn works, even from XX-ro-core-02
#
------------------------------------------------------------------------------------
#
# XX-ro-core-01
# lo0 = 1.1.1.1
l2vpn
bridge group cd
bridge-domain vlan10
neighbor 1.1.1.222 pw-id 555
!
vfi cd
neighbor 1.1.1.2 pw-id 10
!
#
# XX-ro-core-02
# lo0 = 1.1.1.2
l2vpn
bridge group cd
bridge-domain vlan10
interface Bundle-Ether1.10
!
neighbor 1.1.1.222 pw-id 444
!
vfi cd
neighbor 1.1.1.1 pw-id 10
!
# Looped to bundle-ethernet1.10
RP/0/RSP0/CPU0:XX-ro-core-02#sh run int bundle-ether101.10
Tue Nov 27 10:16:44.368 CET
interface Bundle-Ether101.10
vrf cd
ipv4 mtu 1500
ipv4 helper-address vrf mgmt 10.0.10.12
ipv4 address 10.10.95.1 255.255.255.128
encapsulation dot1q 10
!
# Looped to bundle-ethernet101.10
RP/0/RSP0/CPU0:XX-ro-core-02#sh run int bundle-ether1.10
Tue Nov 27 10:16:49.155 CET
interface Bundle-Ether1.10 l2transport
encapsulation dot1q 10 exact
rewrite ingress tag pop 1 symmetric
!
# XX-ro-test-02
#lo0 1.1.1.222
interface GigabitEthernet0/11
switchport trunk allowed vlan none
switchport mode trunk
service instance 444 ethernet
description test
encapsulation dot1q 444
rewrite ingress tag pop 1 symmetric
bridge-domain 444
!
## TEST SETUP, FAILING!
interface Vlan444
no ip address
xconnect 1.1.1.2 444 encapsulation mpls
!
XX-ro-test-01#sh mac address-table vlan 444
....
444 0025.9065.1de8 DYNAMIC Gi0/11+Efp444
444 0025.906e.73c5 DYNAMIC Gi0/11+Efp444
444 6c9c.ed3f.a842 DYNAMIC 1.137.102.28, 258821064 # This
ALWAYS show as a seemingly random ip and pw-id...
Although ping fails, I can see packets (ping) from the ASR to the
end-host (tcpdump).
And ARP records shows up as they should in both the ASR and the end host.
But!
Every 4-minutes, 7 (Seven), ICMP ping replies goes through...
64 bytes from 10.10.95.1: icmp_req=6144 ttl=255 time=0.811 ms
64 bytes from 10.10.95.1: icmp_req=6145 ttl=255 time=0.974 ms
64 bytes from 10.10.95.1: icmp_req=6146 ttl=255 time=0.841 ms
64 bytes from 10.10.95.1: icmp_req=6147 ttl=255 time=0.890 ms
64 bytes from 10.10.95.1: icmp_req=6148 ttl=255 time=0.835 ms
64 bytes from 10.10.95.1: icmp_req=6149 ttl=255 time=0.871 ms
64 bytes from 10.10.95.1: icmp_req=6150 ttl=255 time=0.825 ms
!
64 bytes from 10.10.95.1: icmp_req=6400 ttl=255 time=0.914 ms
64 bytes from 10.10.95.1: icmp_req=6401 ttl=255 time=0.846 ms
64 bytes from 10.10.95.1: icmp_req=6402 ttl=255 time=0.866 ms
64 bytes from 10.10.95.1: icmp_req=6403 ttl=255 time=2.12 ms
64 bytes from 10.10.95.1: icmp_req=6404 ttl=255 time=0.837 ms
64 bytes from 10.10.95.1: icmp_req=6405 ttl=255 time=0.903 ms
64 bytes from 10.10.95.1: icmp_req=6406 ttl=255 time=0.801 ms
Wierd or what..?
# TEST SETUP, WORKING!
interface Vlan444
no ip address
xconnect 1.1.1.1 555 encapsulation mpls
!
XX-ro-test-01#sh mac address-table vlan 444
444 0025.9065.1de8 DYNAMIC Gi0/11+Efp444
444 0025.906e.73c5 DYNAMIC Gi0/11+Efp444
444 6c9c.ed3f.a842 DYNAMIC 1.1.1.1, 555 # This sometimes
show as a seemingly random ip and pw-id. But can be reset by removing
int vlan444 and adding it again with the exact same config. Although
even with a random ip/pw-id traffic flows...
Tnx!
//Claes
More information about the cisco-nsp
mailing list