[c-nsp] Weird IPv6 problem passing Layer3 traffic

John Neiberger jneiberger at gmail.com
Fri Jun 28 10:56:05 EDT 2013


Do you have CoPP configured? I've seen this exact behavior when I didn't
have a permit statement for my neighbor or link address in the right ACL,
so it was getting rate-limited to death.


On Fri, Jun 28, 2013 at 8:33 AM, Matthew Huff <mhuff at ox.com> wrote:

> Trying to bring up a new BGP peering session with a ISP. IPv4 peering is
> working fine on the same interface. The BGP peering fails early in trying
> to go active. Using "debug tcp transactions", I see the SYN going out, but
> no ACK ever returning. I can't telnet to their box on port 179 either
> (debug packet shows it doing the same, SYN begin sent, but no packets,
> including ACK). However, I can ping their interface.
>
> The interface config has been stripped, and still doesn't work. I've reset
> the interface, and even rebooted our router, with no change in behavior.
>
> We have a Cisco 7204VXR with NPE-G2, running 15.2(4)S1. I have an
> identical router with same version connected to another ISP and a tunnel to
> HE.net. It's not my first time at the rodeo. We are connected via metro
> Ethernet to a sub-interface on a JunOS box (model and version unknown). My
> suspicion is that either they have an ACL that's blocking it, or their BGP
> process isn't listening on that sub-interface. But they claim that it isn't
> their problem. I have zero JunOS experience and they seem to be flopping
> around.
>
> Anyone have any idea what else the problem might be?
>
> From our side (simplied config to test):
>
>
> interface FastEthernet2/1
>  ip address 162.211.110.2 255.255.255.252
>  speed auto
>  duplex auto
>  ipv6 address 2607:F518:15F::2/126
>  ipv6 enable
> end
>
> rtr-inet2#show ipv6 cef 2607:F518:15F::1
> 2607:F518:15F::1/128
>   attached to FastEthernet2/1
>
> rtr-inet2#show ipv6 cef exact-route 2607:F518:15F::2 2607:F518:15F::1
> 2607:F518:15F::2 -> 2607:F518:15F::1 => IPV6 adj out of FastEthernet2/1,
> addr 2607:F518:15F::1
>
> rtr-inet2#show ipv6 neighbors
> IPv6 Address                              Age Link-layer Addr State
> Interface
> 2607:F518:15F::1                            0 0021.5903.1367  REACH Fa2/1
>
> rtr-inet2#ping  2607:F518:15F::1
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 2607:F518:15F::1, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
>
> ----
> Matthew Huff             | 1 Manhattanville Rd
> Director of Operations   | Purchase, NY 10577
> OTA Management LLC       | Phone: 914-460-4039
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list