[c-nsp] SITE-2-SITE GRE Tunnel Problem with 7600 in Core Network

Shoaib Farhan farhan.shoaib at gmail.com
Mon Dec 12 01:50:08 EST 2016


Hi Richard,

We have some acls but none are applied to Backbone or to customer who are
facing problem. Customer facing interface has default MTU and MPLS core
facing MTU is varied as per optics few port have 9216 and few have 4470.

what is shutting down the interface on the receiving side? Up/down...

Sorry but I don't understand the question. could you be more specific.


On Mon, Dec 12, 2016 at 10:56 AM, Richard Golodner <
rgolodner at infratection.com> wrote:

> Sir, what acl s
> Are you running? Have you changed any mtu values? Curious, might be
> heading down the wrong path but what is shutting down the interface on the
> receiving side? Up/down...
>
>
> Richard Golodner
> Infratection.com
>
> -------- Original message --------
> From: Shoaib Farhan <farhan.shoaib at gmail.com>
> Date: 12/11/16 21:35 (GMT-06:00)
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] SITE-2-SITE GRE Tunnel Problem with 7600 in Core Network
>
> Hi,
>
> We are having a strange issue after deploying 7604 Router in our Network.
> When we connect our customer to 7604 Router theirGRE tunnel never got up.
> But if we use 7200 router then it is working fine. Here is topology
> diagram:
>
> *CE1==>PE1-SWITCH==>PE1-ROUTER===MPLS CORE
> NETWORK=====PE2-ROUTER===>PE2-SWITCH====>CE2*
>
> Problem is at PE1-ROUTER where 7604 is in use. Tunnel showing UP/Down at
> CE1 and UP/UP at CE2.
>
> sh module
> Mod Ports Card Type                              Model              Serial
> No.
> --- ----- -------------------------------------- ------------------
> -----------
>   1    5  Route Switch Processor 720 10GE (Activ RSP720-3CXL-10GE
> JAE144907ZS
>   2   11  7600 ES+                               76-ES+XC-20G3CXL
> JAE1342LP0L
>
> Mod MAC addresses                       Hw   Fw            Sw
> Status
> --- ---------------------------------- ----- ------------- ------------
> -------
>   1  68ef.bdd3.5e20 to 68ef.bdd3.5e27  1.0   12.2(33r)SRD  15.3(3)S     Ok
>   2  0024.f94f.1530 to 0024.f94f.154f  1.3   12.2(33r)SRE  15.3(3)S     Ok
>
> Mod  Sub-Module                  Model              Serial       Hw
> Status
> ---- --------------------------- ------------------ ----------- -------
> -------
>   1  Policy Feature Card 3       7600-PFC3CXL-10GE  JAE144906SY  1.2    Ok
>   1  C7600 MSFC4 Daughterboard   7600-MSFC4         JAE14450XVI  2.2    Ok
>   2  7600 ES+ DFC XL             7600-ES+3CXL       JAE131885KB  1.1    Ok
>   2  ES+ 1xTGE XFP 10xGE SFP     7600-ES+20C        JAE1343LYS4  1.0    Ok
>
> Mod  Online Diag Status
> ---- -------------------
>   1  Pass
>   2  Pass
>
> sh version
> Cisco IOS Software, c7600rsp72043_rp Software
> (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 15.3(3)S6, RELEASE SOFTWARE
> (fc1)
> Technical Support: http://www.cisco.com/techsupport
> Copyright (c) 1986-2015 by Cisco Systems, Inc.
> Compiled Thu 30-Jul-15 22:35 by prod_rel_team
>
> ROM: System Bootstrap, Version 12.2(33r)SRD6, RELEASE SOFTWARE (fc1)
> BOOTLDR: Cisco IOS Software, c7600rsp72043_rp Software
> (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 15.3(3)S6, RELEASE SOFTWARE
> (fc1)
>
> DHANMONDI-RTR uptime is 1 week, 6 days, 19 hours, 22 minutes
> Uptime for this control processor is 1 week, 6 days, 19 hours, 22 minutes
> System returned to ROM by  power cycle (SP by power on)
> System restarted at 13:55:49 BDT Mon Nov 28 2016
> System image file is
> "sup-bootdisk:c7600rsp72043-advipservicesk9-mz.153-3.S6.bin"
> Last reload type: Normal Reload
> Last reload reason: power-on
>
>
>
> This product contains cryptographic features and is subject to United
> States and local country laws governing import, export, transfer and
> use. Delivery of Cisco cryptographic products does not imply
> third-party authority to import, export, distribute or use encryption.
> Importers, exporters, distributors and users are responsible for
> compliance with U.S. and local country laws. By using this product you
> agree to comply with applicable laws and regulations. If you are unable
> to comply with U.S. and local laws, return this product immediately.
>
> A summary of U.S. laws governing Cisco cryptographic products may be found
> at:
> http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
>
> If you require further assistance please contact us by sending email to
> export at cisco.com.
>
> Cisco CISCO7604 (M8500) processor (revision 2.0) with 1900544K/131072K
> bytes of memory.
> Processor board ID FOX11270UFX
> BASEBOARD: RSP720-10GE
> CPU: MPC8548_E, Version: 2.1, (0x80390021)
> CORE: E500, Version: 2.2, (0x80210022)
> CPU:1200MHz, CCB:400MHz, DDR:200MHz,
> L1:    D-cache 32 kB enabled
>         I-cache 32 kB enabled
>
> Last reset from power-on
> 1 Virtual Ethernet interface
> 13 Gigabit Ethernet interfaces
> 3 Ten Gigabit Ethernet interfaces
> 3964K bytes of non-volatile configuration memory.
>
> 507024K bytes of Internal ATA PCMCIA card (Sector size 512 bytes).
> Configuration register is 0x2102
>
> *Debug Output at CE1 with 7604*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Dec 11 12:10:57.535: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=252 tos=0x0)*Dec 11
> 12:10:57.535: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:10:57.547: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=252 tos=0x0)*Dec 11
> 12:10:57.547: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:10:58.231: Tunnel1: sending keepalive,
> 172.100.50.30->172.100.50.34 (len=24 ttl=255), counter=6*Dec 11
> 12:10:58.231: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=48)*Dec 11 12:10:58.539: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=252 tos=0x0)*Dec 11
> 12:10:58.539: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:10:58.551: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=252 tos=0x0)*Dec 11
> 12:10:59.231: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1,
> changed state to down*Dec 11 12:10:59.539: Tunnel1: GRE/IP classify
> 172.100.50.30->172.100.50.34 failed, tunnel down*Dec 11 12:10:59.539:
> Tunnel1: GRE/IP to decaps 172.100.50.30->172.100.50.34 (len=74 ttl=252)*Dec
> 11 12:10:59.567: Tunnel1: GRE/IP classify 172.100.50.30->172.100.50.34
> failed, tunnel down*Dec 11 12:10:59.567: Tunnel1: GRE/IP to decaps
> 172.100.50.30->172.100.50.34 (len=74 ttl=252)*Dec 11 12:11:00.555: Tunnel1:
> GRE/IP classify 172.100.50.30->172.100.50.34 failed, tunnel down*Dec 11
> 12:11:00.555: Tunnel1: GRE/IP to decaps 172.100.50.30->172.100.50.34
> (len=74 ttl=252)*Dec 11 12:11:00.587: Tunnel1: GRE/IP classify
> 172.100.50.30->172.100.50.34 failed, tunnel down*Dec 11 12:11:00.587:
> Tunnel1: GRE/IP to decaps 172.100.50.30->172.100.50.34 (len=74 ttl=252)*Dec
> 11 12:11:01.575: Tunnel1: GRE/IP classify 172.100.50.30->172.100.50.34
> failed, tunnel down*Dec 11 12:11:01.575: Tunnel1: GRE/IP to decaps
> 172.100.50.30->172.100.50.34 (len=74 ttl=252)*Dec 11 12:11:01.607: Tunnel1:
> GRE/IP classify 172.100.50.30->172.100.50.34 failed, tunnel down*Dec 11
> 12:11:01.607: Tunnel1: GRE/IP to decaps 172.100.50.30->172.100.50.34
> (len=74 ttl=252)*
>
> *Debug Output at CE1 with 7200*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> **Dec 11 12:08:04.231: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Tunnel1, changed state to up*Dec 11 12:08:05.051: Tunnel1: GRE/IP to
> classify 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250
> tos=0x0)*Dec 11 12:08:05.051: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:05.051: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:06.059: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:06.059: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:06.079: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:06.079: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:07.059: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:07.059: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:07.079: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:07.079: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:08.059: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:08.059: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:08.079: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:08.079: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:08.231: Tunnel1: sending keepalive,
> 172.100.50.30->172.100.50.34 (len=24 ttl=255), counter=1*Dec 11
> 12:08:08.231: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=48)*Dec 11 12:08:08.231: Tunnel1: GRE/IP to decaps
> 172.100.50.30->172.100.50.34 (len=24 ttl=249)*Dec 11 12:08:08.231: Tunnel1:
> keepalive received, 172.100.50.30->172.100.50.34 (len=24 ttl=249),
> resetting counter*Dec 11 12:08:09.067: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:09.067: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:09.079: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:09.079: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*
>
> We use this two command in 7604 but no luck.
>
> mls rate-limit all ttl-failure 70000 150
> mls rate-limit all mtu-failure 50000 150
>
> sh mls rate-limit usage
>                              Rate Limiter Type     Packets/s   Burst
>                            ---------------------   ---------   -----
> Layer3 Rate Limiters:
>              RL# 0: Free                       -           -       -
>              RL# 1: Free                       -           -       -
>              RL# 2: Free                       -           -       -
>              RL# 3: Used
>                                      MTU FAILURE       50000     150
>              RL# 4: Used
>                                      TTL FAILURE       70000     150
>              RL# 5: Used
>                                   IP RPF FAILURE         100      10
>                            ICMP UNREAC. NO-ROUTE         100      10
>                            ICMP UNREAC. ACL-DROP         100      10
>                                        IP ERRORS         100      10
>              RL# 6: Used
>                                     ACL VACL LOG        2000       1
>              RL# 7: Used
>                                   MCAST DFLT ADJ      100000     100
>              RL# 8: Rsvd for capture           -           -       -
>
> Layer2 Rate Limiters:
>              RL# 9: Reserved
>              RL#10: Reserved
>              RL#11: Free                       -           -       -
>              RL#12: Free                       -           -       -
>
> sh mls statistics
>
> Statistics for Earl in Module 1
>
> L2 Forwarding Engine
>   Total packets Switched                : 14636946657
>
> L3 Forwarding Engine
>   Total packets Processed               : 6640024385 @ 1691 pps
>   Total packets L3 Switched             : 3097388219 @ 1463 pps
>
>   Total Packets Bridged                 : 3402523472
>   Total Packets FIB Switched            : 3097388219
>   Total Packets ACL Routed              : 0
>   Total Packets Netflow Switched        : 0
>   Total Mcast Packets Switched/Routed   : 105330584
>   Total ip packets with TOS changed     : 2
>   Total ip packets with COS changed     : 2
>   Total non ip packets COS changed      : 0
>   Total packets dropped by ACL          : 2
>   Total packets dropped by Policing     : 0
>   Total packets exceeding CIR           : 0
>   Total packets exceeding PIR           : 0
>
> Errors
>   MAC/IP length inconsistencies         : 0
>   Short IP packets received             : 0
>   IP header checksum errors             : 0
>   No-route packet drops                 : 5601100
>   TTL failures                          : 103801
>   MTU failures                          : 0
>
>
> Statistics for Earl in Module 2
>
> L2 Forwarding Engine
>   Total packets Switched                : 58230404626
>
> L3 Forwarding Engine
>   Total packets Processed               : 52957685770 @ 48401 pps
>   Total packets L3 Switched             : 46315161966 @ 45363 pps
>
>   Total Packets Bridged                 : 3565174847
>   Total Packets FIB Switched            : 46114733327
>   Total Packets ACL Routed              : 200428638
>   Total Packets Netflow Switched        : 1
>   Total Mcast Packets Switched/Routed   : 320855999
>   Total ip packets with TOS changed     : 0
>   Total ip packets with COS changed     : 0
>   Total non ip packets COS changed      : 0
>   Total packets dropped by ACL          : 3348174
>   Total packets dropped by Policing     : 0
>   Total packets exceeding CIR           : 0
>   Total packets exceeding PIR           : 0
>
> Errors
>   MAC/IP length inconsistencies         : 434
>   Short IP packets received             : 0
>   IP header checksum errors             : 272
>   No-route packet drops                 : 144096606
>   TTL failures                          : 10553306
>   MTU failures                          : 6462854
>
> Total packets L3 Processed by all Modules: 59597710155 @ 50092 pps
> Any help would be appreciated.
>
> --
>
> Regards,
>
> Md. Shoaib Farhan
> <http://www.telnet.com.bd>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>


-- 

Regards,

Md. Shoaib Farhan
<http://www.telnet.com.bd>


More information about the cisco-nsp mailing list