[c-nsp] Dynamic ARP timeout on ASR 1001

Chris Gibbs Chris.Gibbs at gosford.nsw.gov.au
Tue Oct 15 21:30:19 EDT 2013 

Hey all,

Having a bit of an issue with bridge-domains on ASR 1001 and dynamic ARP entries.

Looking through the packet captures, I see the following events


1.       DHCP request from CPE

2.       DHCP ACK and assignment from DHCP server to CPE

3.       Gratuitous ARP sent from CPE.

4.       Packets flow as normal.

5.       Something triggers dynamic ARP entry to timeout on the BNG (Cisco ASR 1001).

a.       Suspect this may be triggered by the DHCP Request renew or the following gratuitous ARP received.

b.      See the debug message on the ASR:

*Oct 15 18:18:29.376: IP ARP: rcvd rep src 10.0.30.11 5475.d0df.7f48, dst 10.0.30.11 BDI100
*Oct 15 18:18:29.376: ARP DB: ARP entry of key 10.0.30.11 found
*Oct 15 18:18:29.376: ARP TABLE: modifying entry 10.0.30.11/5475.d0df.7f48 on BD100 for Dynamic
*Oct 15 18:18:29.376: ARP DYNAMIC[N]: Dynamic timeout occurredtimeout = 14400000, refresh_token = 2,refresh_timeout = 60000
*Oct 15 18:18:29.376: ARP DB: ARP entry of key 10.0.30.11 found



6.       DHCP client on the CPE eventually sends through a DHCP request for the IP 10.0.30.11.

7.       DHCP server replies with ACK.

8.       Gratuitous ARP sent from CPE.

9.       Dynamic ARP entry is populated.

10.   Packets flow as normal.

If I attempt to ping manually from the CPE, the dynamic arp entry is restored on the ASR.

Further details:

                Platform: ASR 1001
                Software: 3.10a (asr1001-universalk9.03.10.00a.S.153-3.S0a-ext.bin)
                Interfaces:

                interface Port-channel2
description Uplink - <redacted>
mtu 2000
ip dhcp relay information option-insert
 ip dhcp relay information check-reply none
no ip address
no ip unreachables
no negotiation auto
lacp fast-switchover
lacp max-bundle 1
service instance 1101 ethernet
  encapsulation dot1q 80 second-dot1q 1101
  rewrite ingress tag pop 2 symmetric
  ip dhcp relay information option subscriber-id GCC-CPE-1-1
  service-policy output pm_BNG-WAN-wVoice-Out-12Mbps
  bridge-domain 100
!
service instance 1102 ethernet
  encapsulation dot1q 80 second-dot1q 1102
  rewrite ingress tag pop 2 symmetric
  ip dhcp relay information option subscriber-id GCC-CPE-2-1
  service-policy output pm_BNG-WAN-wVoice-Out-25Mbps
  bridge-domain 100
                interface BDI100
ip address 10.0.30.1 255.255.255.0
ip helper-address 2.2.1.2

GCC-BNG-1#sh run | i bridge
bridge-domain 100
bridge-domain 912
bridge irb
  bridge-domain 100
  bridge-domain 100
bridge 100 protocol vlan-bridge
bridge 100 route ip

Any ideas?

Cheers,


[X]<http://www.gosford.nsw.gov.au/>

Chris Gibbs
Network and Security Engineer | Information Management & Technology
Gosford City Council
www.gosford.nsw.gov.au<http://www.gosford.nsw.gov.au/>

PO Box 21 Gosford NSW 2250
Phone: (02) 4325 8888
Mobile: 0408 222 496
Fax:    (02) 4323 2477
chris.gibbs at gosford.nsw.gov.au<mailto:chris.gibbs at gosford.nsw.gov.au>




The information contained in this email may be confidential. 
You should only disclose, re-transmit, copy, distribute, 
act in reliance on or commercialise the information if you 
are authorised to do so. Gosford City Council does not 
represent, warrant or guarantee that the communication is 
free of errors, virus or interference.

Gosford City Council complies with the Privacy and 
Personal Information Protection Act (1998). 
See Council's Privacy Statement at 
http://www.gosford.nsw.gov.au/council/privacy.html

More information about the cisco-nsp mailing list