[c-nsp] SITE-2-SITE GRE Tunnel Problem with 7600 in Core Network

Shoaib Farhan farhan.shoaib at gmail.com
Mon Dec 12 05:19:24 EST 2016


Hi Ted,

enabling "mls mpls tunnel-recir" doesn't solved the problem.

On Mon, Dec 12, 2016 at 2:36 PM, Ted Johansson <ted.johansson at tele2.com>
wrote:

> Hi Shoaib,
>
> Have you tried enabling "mls mpls tunnel-recir" in your 7600?
>
> Best Regards
> Ted
>
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Shoaib Farhan
> Sent: den 12 december 2016 04:36
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] SITE-2-SITE GRE Tunnel Problem with 7600 in Core Network
>
> Hi,
>
> We are having a strange issue after deploying 7604 Router in our Network.
> When we connect our customer to 7604 Router theirGRE tunnel never got up.
> But if we use 7200 router then it is working fine. Here is topology
> diagram:
>
> *CE1==>PE1-SWITCH==>PE1-ROUTER===MPLS CORE
> NETWORK=====PE2-ROUTER===>PE2-SWITCH====>CE2*
>
> Problem is at PE1-ROUTER where 7604 is in use. Tunnel showing UP/Down at
> CE1 and UP/UP at CE2.
>
> sh module
> Mod Ports Card Type                              Model              Serial
> No.
> --- ----- -------------------------------------- ------------------
> -----------
>   1    5  Route Switch Processor 720 10GE (Activ RSP720-3CXL-10GE
> JAE144907ZS
>   2   11  7600 ES+                               76-ES+XC-20G3CXL
> JAE1342LP0L
>
> Mod MAC addresses                       Hw   Fw            Sw
> Status
> --- ---------------------------------- ----- ------------- ------------
> -------
>   1  68ef.bdd3.5e20 to 68ef.bdd3.5e27  1.0   12.2(33r)SRD  15.3(3)S     Ok
>   2  0024.f94f.1530 to 0024.f94f.154f  1.3   12.2(33r)SRE  15.3(3)S     Ok
>
> Mod  Sub-Module                  Model              Serial       Hw
> Status
> ---- --------------------------- ------------------ ----------- -------
> -------
>   1  Policy Feature Card 3       7600-PFC3CXL-10GE  JAE144906SY  1.2    Ok
>   1  C7600 MSFC4 Daughterboard   7600-MSFC4         JAE14450XVI  2.2    Ok
>   2  7600 ES+ DFC XL             7600-ES+3CXL       JAE131885KB  1.1    Ok
>   2  ES+ 1xTGE XFP 10xGE SFP     7600-ES+20C        JAE1343LYS4  1.0    Ok
>
> Mod  Online Diag Status
> ---- -------------------
>   1  Pass
>   2  Pass
>
> sh version
> Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M),
> Version 15.3(3)S6, RELEASE SOFTWARE
> (fc1)
> Technical Support: http://www.cisco.com/techsupport Copyright (c)
> 1986-2015 by Cisco Systems, Inc.
> Compiled Thu 30-Jul-15 22:35 by prod_rel_team
>
> ROM: System Bootstrap, Version 12.2(33r)SRD6, RELEASE SOFTWARE (fc1)
> BOOTLDR: Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M),
> Version 15.3(3)S6, RELEASE SOFTWARE
> (fc1)
>
> DHANMONDI-RTR uptime is 1 week, 6 days, 19 hours, 22 minutes Uptime for
> this control processor is 1 week, 6 days, 19 hours, 22 minutes System
> returned to ROM by  power cycle (SP by power on) System restarted at
> 13:55:49 BDT Mon Nov 28 2016 System image file is
> "sup-bootdisk:c7600rsp72043-advipservicesk9-mz.153-3.S6.bin"
> Last reload type: Normal Reload
> Last reload reason: power-on
>
>
>
> This product contains cryptographic features and is subject to United
> States and local country laws governing import, export, transfer and use.
> Delivery of Cisco cryptographic products does not imply third-party
> authority to import, export, distribute or use encryption.
> Importers, exporters, distributors and users are responsible for
> compliance with U.S. and local country laws. By using this product you
> agree to comply with applicable laws and regulations. If you are unable to
> comply with U.S. and local laws, return this product immediately.
>
> A summary of U.S. laws governing Cisco cryptographic products may be found
> at:
> http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
>
> If you require further assistance please contact us by sending email to
> export at cisco.com.
>
> Cisco CISCO7604 (M8500) processor (revision 2.0) with 1900544K/131072K
> bytes of memory.
> Processor board ID FOX11270UFX
>  BASEBOARD: RSP720-10GE
>  CPU: MPC8548_E, Version: 2.1, (0x80390021)
>  CORE: E500, Version: 2.2, (0x80210022)
>  CPU:1200MHz, CCB:400MHz, DDR:200MHz,
>  L1:    D-cache 32 kB enabled
>         I-cache 32 kB enabled
>
> Last reset from power-on
> 1 Virtual Ethernet interface
> 13 Gigabit Ethernet interfaces
> 3 Ten Gigabit Ethernet interfaces
> 3964K bytes of non-volatile configuration memory.
>
> 507024K bytes of Internal ATA PCMCIA card (Sector size 512 bytes).
> Configuration register is 0x2102
>
> *Debug Output at CE1 with 7604*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Dec 11 12:10:57.535: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=252 tos=0x0)*Dec 11
> 12:10:57.535: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:10:57.547: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=252 tos=0x0)*Dec 11
> 12:10:57.547: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:10:58.231: Tunnel1: sending keepalive,
> 172.100.50.30->172.100.50.34 (len=24 ttl=255), counter=6*Dec 11
> 12:10:58.231: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=48)*Dec 11 12:10:58.539: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=252 tos=0x0)*Dec 11
> 12:10:58.539: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:10:58.551: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=252 tos=0x0)*Dec 11
> 12:10:59.231: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1,
> changed state to down*Dec 11 12:10:59.539: Tunnel1: GRE/IP classify
> 172.100.50.30->172.100.50.34 failed, tunnel down*Dec 11 12:10:59.539:
> Tunnel1: GRE/IP to decaps 172.100.50.30->172.100.50.34 (len=74 ttl=252)*Dec
> 11 12:10:59.567: Tunnel1: GRE/IP classify 172.100.50.30->172.100.50.34
> failed, tunnel down*Dec 11 12:10:59.567: Tunnel1: GRE/IP to decaps
> 172.100.50.30->172.100.50.34 (len=74 ttl=252)*Dec 11 12:11:00.555: Tunnel1:
> GRE/IP classify 172.100.50.30->172.100.50.34 failed, tunnel down*Dec 11
> 12:11:00.555: Tunnel1: GRE/IP to decaps 172.100.50.30->172.100.50.34
> (len=74 ttl=252)*Dec 11 12:11:00.587: Tunnel1: GRE/IP classify
> 172.100.50.30->172.100.50.34 failed, tunnel down*Dec 11 12:11:00.587:
> Tunnel1: GRE/IP to decaps 172.100.50.30->172.100.50.34 (len=74 ttl=252)*Dec
> 11 12:11:01.575: Tunnel1: GRE/IP classify 172.100.50.30->172.100.50.34
> failed, tunnel down*Dec 11 12:11:01.575: Tunnel1: GRE/IP to decaps
> 172.100.50.30->172.100.50.34 (len=74 ttl=252)*Dec 11 12:11:01.607: Tunnel1:
> GRE/IP classify 172.100.50.30->172.100.50.34 failed, tunnel down*Dec 11
> 12:11:01.607: Tunnel1: GRE/IP to decaps 172.100.50.30->172.100.50.34
> (len=74 ttl=252)*
>
> *Debug Output at CE1 with 7200*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> **Dec 11 12:08:04.231: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Tunnel1, changed state to up*Dec 11 12:08:05.051: Tunnel1: GRE/IP to
> classify 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250
> tos=0x0)*Dec 11 12:08:05.051: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:05.051: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:06.059: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:06.059: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:06.079: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:06.079: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:07.059: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:07.059: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:07.079: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:07.079: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:08.059: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:08.059: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:08.079: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:08.079: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:08.231: Tunnel1: sending keepalive,
> 172.100.50.30->172.100.50.34 (len=24 ttl=255), counter=1*Dec 11
> 12:08:08.231: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=48)*Dec 11 12:08:08.231: Tunnel1: GRE/IP to decaps
> 172.100.50.30->172.100.50.34 (len=24 ttl=249)*Dec 11 12:08:08.231: Tunnel1:
> keepalive received, 172.100.50.30->172.100.50.34 (len=24 ttl=249),
> resetting counter*Dec 11 12:08:09.067: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:09.067: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:09.079: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:09.079: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*
>
> We use this two command in 7604 but no luck.
>
> mls rate-limit all ttl-failure 70000 150 mls rate-limit all mtu-failure
> 50000 150
>
> sh mls rate-limit usage
>                              Rate Limiter Type     Packets/s   Burst
>                            ---------------------   ---------   -----
> Layer3 Rate Limiters:
>              RL# 0: Free                       -           -       -
>              RL# 1: Free                       -           -       -
>              RL# 2: Free                       -           -       -
>              RL# 3: Used
>                                      MTU FAILURE       50000     150
>              RL# 4: Used
>                                      TTL FAILURE       70000     150
>              RL# 5: Used
>                                   IP RPF FAILURE         100      10
>                            ICMP UNREAC. NO-ROUTE         100      10
>                            ICMP UNREAC. ACL-DROP         100      10
>                                        IP ERRORS         100      10
>              RL# 6: Used
>                                     ACL VACL LOG        2000       1
>              RL# 7: Used
>                                   MCAST DFLT ADJ      100000     100
>              RL# 8: Rsvd for capture           -           -       -
>
> Layer2 Rate Limiters:
>              RL# 9: Reserved
>              RL#10: Reserved
>              RL#11: Free                       -           -       -
>              RL#12: Free                       -           -       -
>
> sh mls statistics
>
> Statistics for Earl in Module 1
>
> L2 Forwarding Engine
>   Total packets Switched                : 14636946657
>
> L3 Forwarding Engine
>   Total packets Processed               : 6640024385 @ 1691 pps
>   Total packets L3 Switched             : 3097388219 @ 1463 pps
>
>   Total Packets Bridged                 : 3402523472
>   Total Packets FIB Switched            : 3097388219
>   Total Packets ACL Routed              : 0
>   Total Packets Netflow Switched        : 0
>   Total Mcast Packets Switched/Routed   : 105330584
>   Total ip packets with TOS changed     : 2
>   Total ip packets with COS changed     : 2
>   Total non ip packets COS changed      : 0
>   Total packets dropped by ACL          : 2
>   Total packets dropped by Policing     : 0
>   Total packets exceeding CIR           : 0
>   Total packets exceeding PIR           : 0
>
> Errors
>   MAC/IP length inconsistencies         : 0
>   Short IP packets received             : 0
>   IP header checksum errors             : 0
>   No-route packet drops                 : 5601100
>   TTL failures                          : 103801
>   MTU failures                          : 0
>
>
> Statistics for Earl in Module 2
>
> L2 Forwarding Engine
>   Total packets Switched                : 58230404626
>
> L3 Forwarding Engine
>   Total packets Processed               : 52957685770 @ 48401 pps
>   Total packets L3 Switched             : 46315161966 @ 45363 pps
>
>   Total Packets Bridged                 : 3565174847
>   Total Packets FIB Switched            : 46114733327
>   Total Packets ACL Routed              : 200428638
>   Total Packets Netflow Switched        : 1
>   Total Mcast Packets Switched/Routed   : 320855999
>   Total ip packets with TOS changed     : 0
>   Total ip packets with COS changed     : 0
>   Total non ip packets COS changed      : 0
>   Total packets dropped by ACL          : 3348174
>   Total packets dropped by Policing     : 0
>   Total packets exceeding CIR           : 0
>   Total packets exceeding PIR           : 0
>
> Errors
>   MAC/IP length inconsistencies         : 434
>   Short IP packets received             : 0
>   IP header checksum errors             : 272
>   No-route packet drops                 : 144096606
>   TTL failures                          : 10553306
>   MTU failures                          : 6462854
>
> Total packets L3 Processed by all Modules: 59597710155 @ 50092 pps Any
> help would be appreciated.
>
> --
>
> Regards,
>
> Md. Shoaib Farhan
> <http://www.telnet.com.bd>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/
> mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> ******** IMPORTANT NOTICE ********
> The content of this e-mail is intended for the addressee(s) only and may
> contain information that is confidential and/or otherwise protected from
> disclosure. If you are not the intended recipient, please note that any
> copying, distribution or any other use or dissemination of the information
> contained in this e-mail (and its attachments) is strictly prohibited. If
> you have received this e-mail in error, kindly notify the sender
> immediately by replying to this e-mail and delete the e-mail and any copies
> thereof.
>
> Tele2 AB (publ) and its subsidiaries (“Tele2 Group”) accepts no
> responsibility for the consequences of any viruses, corruption or other
> interference transmitted by e-mail.
>



-- 

Regards,

Md. Shoaib Farhan
<http://www.telnet.com.bd>


More information about the cisco-nsp mailing list