[c-nsp] l2vpn me3600X to ASR9k

Claes Jansson claes at gastabud.com
Tue Nov 27 07:50:11 EST 2012


Hi!

I have stumpled across a wierd problem, and would like some input on 
where to dig for the answer :-)


My setup looks like this... All links are routed directly on the 
interface (/31), no MPLS over SVI.

   XX-ro-test-02 (ME3600X) <--> XX-ro-test-01 (ME3600X) <--> 
XX-ro-core-01 (ASR9K) <--> XX-ro-core-02 (ASR9K) <--> XX-ro-core-10 
(ME3600X)


The problem is that when i do a xconnect from ME3600 (tried from test-02 
and test-01) to core-02 it fail's. But when connecting them to core-01 
or core-10 it works.

I also have connected the l2vpn bridge-domain "vlan10" between core-01 
and core-02 by VFI/VPLS.
Both the ASR9K and ME3600 shows the xconnect as status "UP".


# Software and hardware
ASR9K, running 4.2.1 no SMU's
  RSP440, LineCard, MOD80 (AIP), MPAs 1x20GE, 1x4TE
ME3600X, running 15.2(4)S1 (AdvIP)

# All devices can reach eachother through lo0
# OSPF, MP-BGP and LDP running.
# l3 vpn works, even from XX-ro-core-02

# 
------------------------------------------------------------------------------------

#
# XX-ro-core-01
# lo0 = 1.1.1.1
l2vpn
  bridge group cd
   bridge-domain vlan10
    neighbor 1.1.1.222 pw-id 555
    !
    vfi cd
     neighbor 1.1.1.2 pw-id 10
     !

#
# XX-ro-core-02
# lo0 = 1.1.1.2
l2vpn
  bridge group cd
   bridge-domain vlan10
    interface Bundle-Ether1.10
    !
    neighbor 1.1.1.222 pw-id 444
    !
    vfi cd
     neighbor 1.1.1.1 pw-id 10
  !
# Looped to bundle-ethernet1.10
RP/0/RSP0/CPU0:XX-ro-core-02#sh run int bundle-ether101.10
Tue Nov 27 10:16:44.368 CET
interface Bundle-Ether101.10
  vrf cd
  ipv4 mtu 1500
  ipv4 helper-address vrf mgmt 10.0.10.12
  ipv4 address 10.10.95.1 255.255.255.128
  encapsulation dot1q 10
!
# Looped to bundle-ethernet101.10
RP/0/RSP0/CPU0:XX-ro-core-02#sh run int bundle-ether1.10
Tue Nov 27 10:16:49.155 CET
interface Bundle-Ether1.10 l2transport
  encapsulation dot1q 10 exact
  rewrite ingress tag pop 1 symmetric
!


# XX-ro-test-02
#lo0 1.1.1.222

interface GigabitEthernet0/11
  switchport trunk allowed vlan none
  switchport mode trunk
  service instance 444 ethernet
   description test
   encapsulation dot1q 444
   rewrite ingress tag pop 1 symmetric
   bridge-domain 444
!
## TEST SETUP, FAILING!
interface Vlan444
  no ip address
  xconnect 1.1.1.2 444 encapsulation mpls
!

XX-ro-test-01#sh mac address-table vlan 444
....
  444    0025.9065.1de8    DYNAMIC     Gi0/11+Efp444
  444    0025.906e.73c5    DYNAMIC     Gi0/11+Efp444
  444    6c9c.ed3f.a842    DYNAMIC     1.137.102.28, 258821064  # This 
ALWAYS show as a seemingly random ip and pw-id...

Although ping fails, I can see packets (ping) from the ASR to the 
end-host (tcpdump).
And ARP records shows up as they should in both the ASR and the end host.

But!
Every 4-minutes, 7 (Seven), ICMP ping replies goes through...
64 bytes from 10.10.95.1: icmp_req=6144 ttl=255 time=0.811 ms
64 bytes from 10.10.95.1: icmp_req=6145 ttl=255 time=0.974 ms
64 bytes from 10.10.95.1: icmp_req=6146 ttl=255 time=0.841 ms
64 bytes from 10.10.95.1: icmp_req=6147 ttl=255 time=0.890 ms
64 bytes from 10.10.95.1: icmp_req=6148 ttl=255 time=0.835 ms
64 bytes from 10.10.95.1: icmp_req=6149 ttl=255 time=0.871 ms
64 bytes from 10.10.95.1: icmp_req=6150 ttl=255 time=0.825 ms
!
64 bytes from 10.10.95.1: icmp_req=6400 ttl=255 time=0.914 ms
64 bytes from 10.10.95.1: icmp_req=6401 ttl=255 time=0.846 ms
64 bytes from 10.10.95.1: icmp_req=6402 ttl=255 time=0.866 ms
64 bytes from 10.10.95.1: icmp_req=6403 ttl=255 time=2.12 ms
64 bytes from 10.10.95.1: icmp_req=6404 ttl=255 time=0.837 ms
64 bytes from 10.10.95.1: icmp_req=6405 ttl=255 time=0.903 ms
64 bytes from 10.10.95.1: icmp_req=6406 ttl=255 time=0.801 ms

Wierd or what..?


# TEST SETUP, WORKING!

interface Vlan444
  no ip address
  xconnect 1.1.1.1 555 encapsulation mpls
!
XX-ro-test-01#sh mac address-table vlan 444
  444    0025.9065.1de8    DYNAMIC     Gi0/11+Efp444
  444    0025.906e.73c5    DYNAMIC     Gi0/11+Efp444
  444    6c9c.ed3f.a842    DYNAMIC     1.1.1.1, 555  # This sometimes 
show as a seemingly random ip and pw-id. But can be reset by removing 
int vlan444 and adding it again with the exact same config. Although 
even with a random ip/pw-id traffic flows...

Tnx!

     //Claes




More information about the cisco-nsp mailing list