[c-nsp] Bad routes in MPLS

Tony td_miles at yahoo.com
Sat Nov 23 17:06:51 EST 2013 


> You don't seem to run BCP MLS rate-limiters

No, we don't but sounds like perhaps it would allow us pick up stuff like this sooner ? Apart from added complexity are there any reasons not to ? 



>IF you have DFC, you also need to give module number for these commands.

No DFC it the box. I did try with the module number and it told me to go away (actually it didn't I think the result was just no output).



> I would also have been interested in flags of the adjacency.

Do you means the flags as shown below (with the "detail" option), or something else ?

7609#sho mls cef adjacency entr 311374 detail

Index: 311374  smac: 0013.1abf.2280, dmac: 0012.7fee.ed40
               mtu: 1548, vlan: 1099, dindex: 0x0, l3rw_vld: 1
               format: MPLS, flags: 0x8418
               label0: 0, exp: 0, ovr: 0
               label1: 0, exp: 0, ovr: 0
               label2: 17, exp: 0, ovr: 0
               op: PUSH_LABEL2
               packets: 15, bytes: 1844



> run ELAM capture to see what platform claims to be doing to it

Possibly next time when it isn't 0700 Sunday morning and I don't have children jumping all over me :)
I'm also hoping there isn't a next time before upgrade in 3 days time...



Thanks again for your valuable input.


regards,
Tony.




________________________________
 From: Saku Ytti <saku at ytti.fi>
To: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net> 
Sent: Sunday, 24 November 2013 7:10 AM
Subject: Re: [c-nsp] Bad routes in MPLS
 

On (2013-11-23 12:35 -0800), Tony wrote:

> --- At this point my ping started responding, but CEF details look strange. MTU is set to 1036 and packets/bytes counters are zero !?

You don't seem to run BCP MLS rate-limiters :). People who don't miss out lot
of fun debugging, as 'minor' misprograms like these are not noticed.

What happens here, packet is punted from HW to SW, so SW can generate ICMP
message about too large packet. However,  SW likely had correct information,
so it just forwarded it normally. If you had ran BCP MLS rate-limiters, your
MTU-error punts would have been ratelimited to silly low values, and you'd
notice packet loss.

> --- The pings are still working and now the CEF entry "looks" correct - MTU is OK and counters are incrementing. The other slightly strange thing is that when I did it the first time the adjacency entry number changed, but the 2nd time it didn't (stayed at 311374).

IF you have DFC, you also need to give module number for these commands. I
would also have been interested in flags of the adjacency.

But maybe next time, before fixing it (as MLS CEF looked ok to me), run ELAM
capture to see what platform claims to be doing to it. Superman capture is
very very easy and useful, with Tycho you'll need some acrobatics to capture
the packet you're interested in.

-- 
  ++ytti
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list