[c-nsp] Weird IPv6 problem passing Layer3 traffic
Blake Dunlap
ikiris at gmail.com
Fri Jun 28 11:26:10 EDT 2013
Eh could be worse. I spent 3 days once having (carrier which shall remain
unnamed) ask for my BGP config when the circuit wasn't showing light yet.
At least it's *plausible* that it could be your BGP config, instead of, you
know, buckshot somewhere around 5th ave...
-Blake
On Fri, Jun 28, 2013 at 9:59 AM, Matthew Huff <mhuff at ox.com> wrote:
> No, I don't have any CoPP defined (at least at the moment trying to debug
> it). No ACLs or anything else like that. The ISP keeps wanting me to send
> them my BGP configuration (which I've sent to at least 3 different people),
> rarther than looking at the obvious that BGP won't ever come up if we can't
> get a TCP session established.
>
> ----
> Matthew Huff | 1 Manhattanville Rd
> Director of Operations | Purchase, NY 10577
> OTA Management LLC | Phone: 914-460-4039
>
> From: John Neiberger [mailto:jneiberger at gmail.com]
> Sent: Friday, June 28, 2013 10:56 AM
> To: Matthew Huff
> Cc: cisco-nsp (cisco-nsp at puck.nether.net); ipv6-ops at lists.cluenet.de
> Subject: Re: [c-nsp] Weird IPv6 problem passing Layer3 traffic
>
> Do you have CoPP configured? I've seen this exact behavior when I didn't
> have a permit statement for my neighbor or link address in the right ACL,
> so it was getting rate-limited to death.
>
> On Fri, Jun 28, 2013 at 8:33 AM, Matthew Huff <mhuff at ox.com<mailto:
> mhuff at ox.com>> wrote:
> Trying to bring up a new BGP peering session with a ISP. IPv4 peering is
> working fine on the same interface. The BGP peering fails early in trying
> to go active. Using "debug tcp transactions", I see the SYN going out, but
> no ACK ever returning. I can't telnet to their box on port 179 either
> (debug packet shows it doing the same, SYN begin sent, but no packets,
> including ACK). However, I can ping their interface.
>
> The interface config has been stripped, and still doesn't work. I've reset
> the interface, and even rebooted our router, with no change in behavior.
>
> We have a Cisco 7204VXR with NPE-G2, running 15.2(4)S1. I have an
> identical router with same version connected to another ISP and a tunnel to
> HE.net. It's not my first time at the rodeo. We are connected via metro
> Ethernet to a sub-interface on a JunOS box (model and version unknown). My
> suspicion is that either they have an ACL that's blocking it, or their BGP
> process isn't listening on that sub-interface. But they claim that it isn't
> their problem. I have zero JunOS experience and they seem to be flopping
> around.
>
> Anyone have any idea what else the problem might be?
>
> From our side (simplied config to test):
>
>
> interface FastEthernet2/1
> ip address 162.211.110.2 255.255.255.252
> speed auto
> duplex auto
> ipv6 address 2607:F518:15F::2/126
> ipv6 enable
> end
>
> rtr-inet2#show ipv6 cef 2607:F518:15F::1
> 2607:F518:15F::1/128
> attached to FastEthernet2/1
>
> rtr-inet2#show ipv6 cef exact-route 2607:F518:15F::2 2607:F518:15F::1
> 2607:F518:15F::2 -> 2607:F518:15F::1 => IPV6 adj out of FastEthernet2/1,
> addr 2607:F518:15F::1
>
> rtr-inet2#show ipv6 neighbors
> IPv6 Address Age Link-layer Addr State
> Interface
> 2607:F518:15F::1 0 0021.5903.1367 REACH Fa2/1
>
> rtr-inet2#ping 2607:F518:15F::1
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 2607:F518:15F::1, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
>
> ----
> Matthew Huff | 1 Manhattanville Rd
> Director of Operations | Purchase, NY 10577
> OTA Management LLC | Phone: 914-460-4039
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net<mailto:
> cisco-nsp at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list