[c-nsp] SITE-2-SITE GRE Tunnel Problem with 7600 in Core Network
Shoaib Farhan
farhan.shoaib at gmail.com
Mon Dec 12 05:19:24 EST 2016
Hi Ted,
enabling "mls mpls tunnel-recir" doesn't solved the problem.
On Mon, Dec 12, 2016 at 2:36 PM, Ted Johansson <ted.johansson at tele2.com>
wrote:
> Hi Shoaib,
>
> Have you tried enabling "mls mpls tunnel-recir" in your 7600?
>
> Best Regards
> Ted
>
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Shoaib Farhan
> Sent: den 12 december 2016 04:36
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] SITE-2-SITE GRE Tunnel Problem with 7600 in Core Network
>
> Hi,
>
> We are having a strange issue after deploying 7604 Router in our Network.
> When we connect our customer to 7604 Router theirGRE tunnel never got up.
> But if we use 7200 router then it is working fine. Here is topology
> diagram:
>
> *CE1==>PE1-SWITCH==>PE1-ROUTER===MPLS CORE
> NETWORK=====PE2-ROUTER===>PE2-SWITCH====>CE2*
>
> Problem is at PE1-ROUTER where 7604 is in use. Tunnel showing UP/Down at
> CE1 and UP/UP at CE2.
>
> sh module
> Mod Ports Card Type Model Serial
> No.
> --- ----- -------------------------------------- ------------------
> -----------
> 1 5 Route Switch Processor 720 10GE (Activ RSP720-3CXL-10GE
> JAE144907ZS
> 2 11 7600 ES+ 76-ES+XC-20G3CXL
> JAE1342LP0L
>
> Mod MAC addresses Hw Fw Sw
> Status
> --- ---------------------------------- ----- ------------- ------------
> -------
> 1 68ef.bdd3.5e20 to 68ef.bdd3.5e27 1.0 12.2(33r)SRD 15.3(3)S Ok
> 2 0024.f94f.1530 to 0024.f94f.154f 1.3 12.2(33r)SRE 15.3(3)S Ok
>
> Mod Sub-Module Model Serial Hw
> Status
> ---- --------------------------- ------------------ ----------- -------
> -------
> 1 Policy Feature Card 3 7600-PFC3CXL-10GE JAE144906SY 1.2 Ok
> 1 C7600 MSFC4 Daughterboard 7600-MSFC4 JAE14450XVI 2.2 Ok
> 2 7600 ES+ DFC XL 7600-ES+3CXL JAE131885KB 1.1 Ok
> 2 ES+ 1xTGE XFP 10xGE SFP 7600-ES+20C JAE1343LYS4 1.0 Ok
>
> Mod Online Diag Status
> ---- -------------------
> 1 Pass
> 2 Pass
>
> sh version
> Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M),
> Version 15.3(3)S6, RELEASE SOFTWARE
> (fc1)
> Technical Support: http://www.cisco.com/techsupport Copyright (c)
> 1986-2015 by Cisco Systems, Inc.
> Compiled Thu 30-Jul-15 22:35 by prod_rel_team
>
> ROM: System Bootstrap, Version 12.2(33r)SRD6, RELEASE SOFTWARE (fc1)
> BOOTLDR: Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M),
> Version 15.3(3)S6, RELEASE SOFTWARE
> (fc1)
>
> DHANMONDI-RTR uptime is 1 week, 6 days, 19 hours, 22 minutes Uptime for
> this control processor is 1 week, 6 days, 19 hours, 22 minutes System
> returned to ROM by power cycle (SP by power on) System restarted at
> 13:55:49 BDT Mon Nov 28 2016 System image file is
> "sup-bootdisk:c7600rsp72043-advipservicesk9-mz.153-3.S6.bin"
> Last reload type: Normal Reload
> Last reload reason: power-on
>
>
>
> This product contains cryptographic features and is subject to United
> States and local country laws governing import, export, transfer and use.
> Delivery of Cisco cryptographic products does not imply third-party
> authority to import, export, distribute or use encryption.
> Importers, exporters, distributors and users are responsible for
> compliance with U.S. and local country laws. By using this product you
> agree to comply with applicable laws and regulations. If you are unable to
> comply with U.S. and local laws, return this product immediately.
>
> A summary of U.S. laws governing Cisco cryptographic products may be found
> at:
> http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
>
> If you require further assistance please contact us by sending email to
> export at cisco.com.
>
> Cisco CISCO7604 (M8500) processor (revision 2.0) with 1900544K/131072K
> bytes of memory.
> Processor board ID FOX11270UFX
> BASEBOARD: RSP720-10GE
> CPU: MPC8548_E, Version: 2.1, (0x80390021)
> CORE: E500, Version: 2.2, (0x80210022)
> CPU:1200MHz, CCB:400MHz, DDR:200MHz,
> L1: D-cache 32 kB enabled
> I-cache 32 kB enabled
>
> Last reset from power-on
> 1 Virtual Ethernet interface
> 13 Gigabit Ethernet interfaces
> 3 Ten Gigabit Ethernet interfaces
> 3964K bytes of non-volatile configuration memory.
>
> 507024K bytes of Internal ATA PCMCIA card (Sector size 512 bytes).
> Configuration register is 0x2102
>
> *Debug Output at CE1 with 7604*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> *Dec 11 12:10:57.535: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=252 tos=0x0)*Dec 11
> 12:10:57.535: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:10:57.547: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=252 tos=0x0)*Dec 11
> 12:10:57.547: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:10:58.231: Tunnel1: sending keepalive,
> 172.100.50.30->172.100.50.34 (len=24 ttl=255), counter=6*Dec 11
> 12:10:58.231: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=48)*Dec 11 12:10:58.539: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=252 tos=0x0)*Dec 11
> 12:10:58.539: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:10:58.551: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=252 tos=0x0)*Dec 11
> 12:10:59.231: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1,
> changed state to down*Dec 11 12:10:59.539: Tunnel1: GRE/IP classify
> 172.100.50.30->172.100.50.34 failed, tunnel down*Dec 11 12:10:59.539:
> Tunnel1: GRE/IP to decaps 172.100.50.30->172.100.50.34 (len=74 ttl=252)*Dec
> 11 12:10:59.567: Tunnel1: GRE/IP classify 172.100.50.30->172.100.50.34
> failed, tunnel down*Dec 11 12:10:59.567: Tunnel1: GRE/IP to decaps
> 172.100.50.30->172.100.50.34 (len=74 ttl=252)*Dec 11 12:11:00.555: Tunnel1:
> GRE/IP classify 172.100.50.30->172.100.50.34 failed, tunnel down*Dec 11
> 12:11:00.555: Tunnel1: GRE/IP to decaps 172.100.50.30->172.100.50.34
> (len=74 ttl=252)*Dec 11 12:11:00.587: Tunnel1: GRE/IP classify
> 172.100.50.30->172.100.50.34 failed, tunnel down*Dec 11 12:11:00.587:
> Tunnel1: GRE/IP to decaps 172.100.50.30->172.100.50.34 (len=74 ttl=252)*Dec
> 11 12:11:01.575: Tunnel1: GRE/IP classify 172.100.50.30->172.100.50.34
> failed, tunnel down*Dec 11 12:11:01.575: Tunnel1: GRE/IP to decaps
> 172.100.50.30->172.100.50.34 (len=74 ttl=252)*Dec 11 12:11:01.607: Tunnel1:
> GRE/IP classify 172.100.50.30->172.100.50.34 failed, tunnel down*Dec 11
> 12:11:01.607: Tunnel1: GRE/IP to decaps 172.100.50.30->172.100.50.34
> (len=74 ttl=252)*
>
> *Debug Output at CE1 with 7200*
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> **Dec 11 12:08:04.231: %LINEPROTO-5-UPDOWN: Line protocol on Interface
> Tunnel1, changed state to up*Dec 11 12:08:05.051: Tunnel1: GRE/IP to
> classify 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250
> tos=0x0)*Dec 11 12:08:05.051: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:05.051: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:06.059: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:06.059: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:06.079: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:06.079: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:07.059: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:07.059: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:07.079: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:07.079: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:08.059: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:08.059: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:08.079: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:08.079: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:08.231: Tunnel1: sending keepalive,
> 172.100.50.30->172.100.50.34 (len=24 ttl=255), counter=1*Dec 11
> 12:08:08.231: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=48)*Dec 11 12:08:08.231: Tunnel1: GRE/IP to decaps
> 172.100.50.30->172.100.50.34 (len=24 ttl=249)*Dec 11 12:08:08.231: Tunnel1:
> keepalive received, 172.100.50.30->172.100.50.34 (len=24 ttl=249),
> resetting counter*Dec 11 12:08:09.067: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:09.067: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*Dec 11 12:08:09.079: Tunnel1: GRE/IP to classify
> 172.100.50.30->172.100.50.34 (len=74 type=0x800 ttl=250 tos=0x0)*Dec 11
> 12:08:09.079: Tunnel1: GRE/IP encapsulated 172.100.50.34->172.100.50.30
> (linktype=7, len=74)*
>
> We use this two command in 7604 but no luck.
>
> mls rate-limit all ttl-failure 70000 150 mls rate-limit all mtu-failure
> 50000 150
>
> sh mls rate-limit usage
> Rate Limiter Type Packets/s Burst
> --------------------- --------- -----
> Layer3 Rate Limiters:
> RL# 0: Free - - -
> RL# 1: Free - - -
> RL# 2: Free - - -
> RL# 3: Used
> MTU FAILURE 50000 150
> RL# 4: Used
> TTL FAILURE 70000 150
> RL# 5: Used
> IP RPF FAILURE 100 10
> ICMP UNREAC. NO-ROUTE 100 10
> ICMP UNREAC. ACL-DROP 100 10
> IP ERRORS 100 10
> RL# 6: Used
> ACL VACL LOG 2000 1
> RL# 7: Used
> MCAST DFLT ADJ 100000 100
> RL# 8: Rsvd for capture - - -
>
> Layer2 Rate Limiters:
> RL# 9: Reserved
> RL#10: Reserved
> RL#11: Free - - -
> RL#12: Free - - -
>
> sh mls statistics
>
> Statistics for Earl in Module 1
>
> L2 Forwarding Engine
> Total packets Switched : 14636946657
>
> L3 Forwarding Engine
> Total packets Processed : 6640024385 @ 1691 pps
> Total packets L3 Switched : 3097388219 @ 1463 pps
>
> Total Packets Bridged : 3402523472
> Total Packets FIB Switched : 3097388219
> Total Packets ACL Routed : 0
> Total Packets Netflow Switched : 0
> Total Mcast Packets Switched/Routed : 105330584
> Total ip packets with TOS changed : 2
> Total ip packets with COS changed : 2
> Total non ip packets COS changed : 0
> Total packets dropped by ACL : 2
> Total packets dropped by Policing : 0
> Total packets exceeding CIR : 0
> Total packets exceeding PIR : 0
>
> Errors
> MAC/IP length inconsistencies : 0
> Short IP packets received : 0
> IP header checksum errors : 0
> No-route packet drops : 5601100
> TTL failures : 103801
> MTU failures : 0
>
>
> Statistics for Earl in Module 2
>
> L2 Forwarding Engine
> Total packets Switched : 58230404626
>
> L3 Forwarding Engine
> Total packets Processed : 52957685770 @ 48401 pps
> Total packets L3 Switched : 46315161966 @ 45363 pps
>
> Total Packets Bridged : 3565174847
> Total Packets FIB Switched : 46114733327
> Total Packets ACL Routed : 200428638
> Total Packets Netflow Switched : 1
> Total Mcast Packets Switched/Routed : 320855999
> Total ip packets with TOS changed : 0
> Total ip packets with COS changed : 0
> Total non ip packets COS changed : 0
> Total packets dropped by ACL : 3348174
> Total packets dropped by Policing : 0
> Total packets exceeding CIR : 0
> Total packets exceeding PIR : 0
>
> Errors
> MAC/IP length inconsistencies : 434
> Short IP packets received : 0
> IP header checksum errors : 272
> No-route packet drops : 144096606
> TTL failures : 10553306
> MTU failures : 6462854
>
> Total packets L3 Processed by all Modules: 59597710155 @ 50092 pps Any
> help would be appreciated.
>
> --
>
> Regards,
>
> Md. Shoaib Farhan
> <http://www.telnet.com.bd>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/
> mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> ******** IMPORTANT NOTICE ********
> The content of this e-mail is intended for the addressee(s) only and may
> contain information that is confidential and/or otherwise protected from
> disclosure. If you are not the intended recipient, please note that any
> copying, distribution or any other use or dissemination of the information
> contained in this e-mail (and its attachments) is strictly prohibited. If
> you have received this e-mail in error, kindly notify the sender
> immediately by replying to this e-mail and delete the e-mail and any copies
> thereof.
>
> Tele2 AB (publ) and its subsidiaries (“Tele2 Group”) accepts no
> responsibility for the consequences of any viruses, corruption or other
> interference transmitted by e-mail.
>
--
Regards,
Md. Shoaib Farhan
<http://www.telnet.com.bd>
More information about the cisco-nsp
mailing list