cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2908
Views
100
Helpful
26
Replies

They were indeed Internet

They were indeed Internet prefixes which we don't need to routes through our tunnels .

Somehow they started getting labeld , once I upgrade the IOS and reloaded the router, problem cleared.

Below you have the memory log entries I got yesterday after adjusting the MPLS label range to 200000.

I think you definitely right about  limiting the advertisement of labels.

 

894786: Sep 17 15:40:21.397 UTC: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes failed from 0x31B87CF, alignment 0
 894785: Sep 17 15:40:16.190 UTC: %LSD-4-LABEL_RESOURCE: label range 16-100000 exhausted    
 -Traceback= 19D735Fz 31D6AEFz 31E230Ez 31E22DEz 18C9BF4z 18C9444z 1904196z 190393Az 19038D7z
 894784: Sep 17 15:39:58.319 UTC: %SYS-2-CFORKMEM: Process creation of Exec failed (no memory). -Process= "TTY Background", ipl= 0, pid= 58
[Message Details] -Traceback= 19D735Fz 31B0304z 31A886Az 31ACD5Ez 31B87CFz 31B924Dz 3FC0C3Cz 3F75A40z 3F759E7z 3F7581Ez 3F794DBz 3F7887Dz 3FA0ED5z 3FAC4C5z 3FAC06Bz 3FABC88z
-Process= "Tag Control", ipl= 0, pid= 431
 Alternate Pool: None Free: 0 Cause: No Alternate pool
 Pool: Processor Free: 394014700 Cause: Memory fragmentation
 894783: Sep 17 15:39:51.255 UTC: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes failed from 0x31B87CF, alignment 0

 

Regarding the GR Recovery , this is all we get in the log but like you said I don't think this caused the

888136: Sep 14 21:49:34.794 UTC: %LDP-5-GR: GR session 91.103.22.14:0 (inst. 6): interrupted--recovery pending
 888138: Sep 14 21:49:38.882 UTC: %LDP-5-GR: GR session 91.103.22.14:0 (inst. 5): starting graceful recovery

 

Vinit, I will be on holiday as from Sunday, I really thank you for the assistance. and wish you all the best.

Have a nice weekend.

Said

I increased the mpls label

I increased the mpls label range and got memory errors. couldn't save the config anymore and had to undo the change.

I'm now back to previous situation but with latest IOS:  c3900e-universalk9-mz.SPA.153-3.M6.bin  

 

Not sure how to fix this mpls label range.

Cisco Employee

Can you share the below

Can you share the below output:

- show mem statistics

I actually want to see how much memory is available on the router.

Thanks
--Vinit
Cisco Employee

quick question: Did you

quick question: Did you increase the label range to 1M? I dont think it will be a good idea to do that on 3900 series platform. 

Thanks
--Vinit

I tried to increase the the

I tried to increase the the label range to 200000 but got memory issues.

Now is back to 100000.

 

This is my memory status

 

sho mem stat
                Head    Total(b)     Used(b)     Free(b)   Lowest(b)  Largest(b)
Processor   200AE680   1552116256   697472996   854643260   832424312   832065908
      I/O    D5AE680   313524224    89315980   224208244   224208244   224183292

Cisco Employee

Can you also share the error

Can you also share the error that you received.

Thanks

Thanks
--Vinit
Engager

Hello Vinit,thank you for

Hello Vinit,

thank you for this great opportunity!

Some weeks ago this question was posted here in the MPLS section:

https://supportforums.cisco.com/discussion/12543036/ospf-sham-link-dmvpn-question

I found it interesting enough to set up a simplified gns3 lab, just with a direct OSPF point-to-multipoint backup-link instead of a DMVPN. As we know, the OPSF point-to-multipoint network type advertises a hostroute instead of the interface's real subnetmask and the network-ID in the corresponding Router-LSAs. These LSAs are exchanged between the PEs via MPLS and the hostroutes are installed in the neighboring PE's routing-tables, but no labels are received for those /32-prefixes, only for the corresponding subnet, because that's the only routing-table entry of the neighboring PE. That's (I guess) why packets destined to the point-to-multipoint interface cannot be forwarded via MPLS in this scenario.

So I couldn't find a better solution than filtering out the hostroutes locally by distribute-lists - just what the original poster did.

I guess it is a very uncommon design to have a backup-link with OSPF point-to-multipoint interfaces between PEs but I'd really like to know if you could provide with a better way to solve this problem.

Thanks,

Rolf

Cisco Employee

Hello RolfI agree with your

Hello Rolf

I agree with your last statement that its very un-common to see a backup link with OSPF P2M interfaces. Let me do some testing before i get back to you with some definite answer.

Regards

Vinit

Thanks
--Vinit
Beginner

Hello VinitHow would you

Hello Vinit

How would you encrypt customer traffic traversing a plain ISP MPLS backbone? What'd be the options other than IPSec? And which the main problems one would encounter?

Cisco Employee

I dont really think its a

I dont really think its a good idea to encrypt the customer traffic in the ISP Core as there will already be overhead of labels (IGP as well as VPN label). Thus adding another ipsec header maximum data size that can be transmitted from the ISP core. I have personally not seen any deployment of ISP core using IPSec. The customer data is already secure as its going as a vpnv4 update and to decode the packet, they will have to look inside the mpls packet itself.

Though customer can encrypt their traffic between CE to CE using ipsec which is the most preferred design but again, the only challenge will be the maximum data size that can be transferred across the ipsec tunnel. If the CE device has Jumbo MTU and same is the case with ISP then it would be better (atleast for the applications which send packets with higher segment size and with DF bit set).

Hope this answers your question.

Regards

Vinit

Thanks
--Vinit
Beginner

I meant only CE-CE. Are there

I meant only CE-CE. Are there other alternatives to IPSec that I'm not aware of?

Cisco Employee

Yes, you can try using Remote

Yes, you can try using Remote Access services or Dial up services. Those are secure mechanisms as well.

Thanks
--Vinit
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.