[c-nsp] Weird 6500 VSS + VPLS ARP problem

Sander Steffann sander at steffann.nl
Thu Mar 14 10:12:31 EDT 2013


Hi,

I am running into a weird problem in our lab. We have a 6500 VSS with Sup2T supervisors. We have connected a VLAN on this VSS to another 6500 using VPLS. When the traffic goes over the active chassis everything works fine, but when we do a switchover to the other chassis no ARP replies are forwarded anymore to/from VPLS.

Our lab setup is now as simple as I can make it:

+-------+
| c6500 |
+-------+
   |
  VPLS
   |
+-------+       +-------+
| c6500 |--VSL--| c6500 |
| VSS 1 |--VSL--| VSS 2 |
+-------+       +-------+

Our initial setup had port-channels on all sides, but that makes this a lot more difficult to debug, because it then depends on which chassis the packet arrives over the port channel...

Both sides of the VPLS have vlan480. The plain 6500 has IPv4 address 10.40.0.106, the VSS has IPv4 address 10.40.0.100 on that VLAN. The VLANs are connected with A-VPLS, manual VPLS or VPLS auto discovery. All have the same problem. Pinging from 10.40.0.106 to 10.40.0.100 works when chassis 1 is active and fails when chassis 2 is the active one.

The problem is in the ARP traffic. The plain 6500 sends an ARP request to the VSS side, which receives it but doesn't send a reply back over VPLS. When I create a static ARP entry on the plain 6500 they can ping each other. The problem also occurs when pinging a device behind the VSS. In this example I attached a c2960 to a switchport on the VSS (mode access, vlan 480). The c2960 has address 10.40.0.105:

+-------+
| c6500 |
+-------+
   |
  VPLS
   |
+-------+       +-------+
| c6500 |--VSL--| c6500 |
| VSS 1 |--VSL--| VSS 2 |
+-------+       +-------+
   |
  Eth
   |
+-------+
| c2960 |
+-------+

When I ping the c2960 from the plain 6500 it again works when chassis 1 is active but fails when chassis 2 is active. I can see the ARP request go from the plain 6500 over VPLS to the VSS, which forwards it over ethernet to the c2960. The c2960 sends back an ARP reply, which arrives on the VSS over ethernet, but the VSS doesn't forward it over VPLS (when chassis 1 is not active).

Does anybody have any idea what could be going on here? (Yes, TAC case is already created #625216197 for Cisco people who want to follow it :-)

Cheers,
Sander




More information about the cisco-nsp mailing list