10-21-2011 02:38 AM
I try to configure CoPP on 7600 sup7203BXL,
when I apply on Control-Plane, then the MPLS TE tunnel goes down.
Can anyone help ?
Cisco RSVP is port 3455 ?
I do not have any packet match port 3455.
Extended IP access list cp-class-default-in
10 permit ip any any (82250 matches)
Extended IP access list cp-critical-in
10 permit ospf any host 224.0.0.5 (53601 matches)
20 permit ospf any host 224.0.0.6
30 permit ospf any any (145 matches)
40 permit tcp any any eq bgp (2 matches)
50 permit tcp any eq bgp any (50725 matches)
60 permit tcp any any eq 646 (4457 matches)
70 permit tcp any eq 646 any (3222 matches)
80 permit udp any any eq 646 (49019 matches)
90 permit udp any eq 646 any
110 permit tcp any any eq 3455
120 permit udp any any eq 3455
130 permit tcp any eq 3455 any
140 permit udp any eq 3455 any
Extended IP access list cp-important-in
10 permit tcp any any eq 22 (238 matches)
20 permit tcp any eq 22 any
30 permit tcp any any eq telnet (7059 matches)
40 permit tcp any eq telnet any
50 permit tcp any any eq tacacs (1 match)
60 permit tcp any eq tacacs any (1219 matches)
70 permit udp any any eq ntp (47 matches)
80 permit udp any eq ntp any
90 permit udp any any eq snmp (89625 matches)
Extended IP access list cp-normal-in
10 permit icmp any any echo (267766 matches)
20 permit icmp any any echo-reply (5394 matches)
30 permit icmp any any parameter-problem (499 matches)
40 permit icmp any any ttl-exceeded (17 matches)
50 permit icmp any any port-unreachable (8 matches)
60 permit icmp any any time-exceeded
Policy Map control-plane-in
Class cp-critical-in
police cir 1000000000 bc 31250000
conform-action transmit
exceed-action transmit
Class cp-important-in
police cir 1000000 bc 312500
conform-action transmit
exceed-action drop
Class cp-normal-in
police cir 100000 bc 31250
conform-action transmit
exceed-action drop
Class cp-class-default-in
police cir 100000 bc 31250
conform-action drop
exceed-action drop
Extended IP access list cp-class-default-in
10 permit ip any any (82250 matches)
Extended IP access list cp-critical-in
10 permit ospf any host 224.0.0.5 (53601 matches)
20 permit ospf any host 224.0.0.6
30 permit ospf any any (145 matches)
40 permit tcp any any eq bgp (2 matches)
50 permit tcp any eq bgp any (50725 matches)
60 permit tcp any any eq 646 (4457 matches)
70 permit tcp any eq 646 any (3222 matches)
80 permit udp any any eq 646 (49019 matches)
90 permit udp any eq 646 any
110 permit tcp any any eq 3455
120 permit udp any any eq 3455
130 permit tcp any eq 3455 any
140 permit udp any eq 3455 any
Extended IP access list cp-important-in
10 permit tcp any any eq 22 (238 matches)
20 permit tcp any eq 22 any
30 permit tcp any any eq telnet (7059 matches)
40 permit tcp any eq telnet any
50 permit tcp any any eq tacacs (1 match)
60 permit tcp any eq tacacs any (1219 matches)
70 permit udp any any eq ntp (47 matches)
80 permit udp any eq ntp any
90 permit udp any any eq snmp (89625 matches)
Extended IP access list cp-normal-in
10 permit icmp any any echo (267766 matches)
20 permit icmp any any echo-reply (5394 matches)
30 permit icmp any any parameter-problem (499 matches)
40 permit icmp any any ttl-exceeded (17 matches)
50 permit icmp any any port-unreachable (8 matches)
60 permit icmp any any time-exceeded
Policy Map control-plane-in
Class cp-critical-in
police cir 1000000000 bc 31250000
conform-action transmit
exceed-action transmit
Class cp-important-in
police cir 1000000 bc 312500
conform-action transmit
exceed-action drop
Class cp-normal-in
police cir 100000 bc 31250
conform-action transmit
exceed-action drop
Class cp-class-default-in
police cir 100000 bc 31250
conform-action drop
exceed-action drop
Solved! Go to Solution.
10-30-2011 09:56 AM
Hello Mtiger,
be aware that RSVP and RSVP-TE are not based on TCP or UDP so you need a line to allow RSVP protocol
RSVP is protocol 46 over IP you need a line like permit rsvp any any
see
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml
Hope to help
Giuseppe
10-21-2011 04:06 AM
Hi mtiger
What error does the TE Tunnel throw for it being down ?
Can you share "show mpls traffic-eng tunnels" output
Regards
Varma
10-23-2011 06:19 PM
It seems the RSVP signalling problem.
Router #sho mpls traffic-eng tunnels
Name: vocom_hinet (Tunnel9181) Destination: 203.160.227.98
Status:
Admin: up Oper: down Path: valid Signalling: RSVP signalling proceeding
path option 1, type explicit TP765_TP1243_G1 (Basis for Setup, path weight 2)
path option 2, type explicit TP765_TP1243_G2
path option 3, type explicit TP765_TP1243_G3
Config Parameters:
Bandwidth: 64 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: disabled LockDown: disabled Loadshare: 64 bw-based
auto-bw: disabled
Active Path Option Parameters:
State: explicit path option 1 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
RSVP Signalling Info:
Src 203.160.227.53, Dst 203.160.227.98, Tun_Id 9181, Tun_Instance 2903
History:
Tunnel:
Time since created: 446 days, 9 hours, 52 minutes
Time since path change: 1 minutes, 19 seconds
Number of LSP IDs (Tun_Instances) used: 2903
Current LSP:
Setup Time: 3 minutes, 40 seconds remaining
Selection: reoptimization
Prior LSP:
ID: path option 1 [2902]
Removal Trigger: label reservation removed
Path Option 3:
Last Error: PCALC:: No addresses to connect 203.78.186.225 to 203.160.227.98
Name: vocom_HK (Tunnel9182) Destination: 203.160.227.27
Status:
Admin: up Oper: down Path: valid Signalling: RSVP signalling proceeding
path option 1, type explicit vocom_HK (Basis for Setup, path weight 6)
Config Parameters:
Bandwidth: 64 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: disabled LockDown: disabled Loadshare: 64 bw-based
auto-bw: disabled
Active Path Option Parameters:
State: explicit path option 1 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
RSVP Signalling Info:
Src 203.160.227.53, Dst 203.160.227.27, Tun_Id 9182, Tun_Instance 1471
History:
Tunnel:
Time since created: 446 days, 9 hours, 52 minutes
Time since path change: 1 minutes, 25 seconds
Number of LSP IDs (Tun_Instances) used: 1471
Current LSP:
Setup Time: 3 minutes, 34 seconds remaining
Selection: reoptimization
Prior LSP:
ID: path option 1 [1470]
Removal Trigger: label reservation removed
Name: cmstr-Vocom_CT (Tunnel9184) Destination: 203.160.227.114
Status:
Admin: up Oper: down Path: valid Signalling: RSVP signalling proceeding
path option 1, type explicit vocom_ct (Basis for Setup, path weight 5)
Config Parameters:
Bandwidth: 64 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: disabled LockDown: disabled Loadshare: 64 bw-based
auto-bw: disabled
Active Path Option Parameters:
State: explicit path option 1 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
RSVP Signalling Info:
Src 203.160.227.53, Dst 203.160.227.114, Tun_Id 9184, Tun_Instance 143
History:
Tunnel:
Time since created: 227 days, 45 minutes
Time since path change: 1 minutes, 26 seconds
Number of LSP IDs (Tun_Instances) used: 143
Current LSP:
Setup Time: 3 minutes, 33 seconds remaining
Selection: reoptimization
Prior LSP:
ID: path option 1 [142]
Removal Trigger: label reservation removed
Name: CHTG-Virtela-2M(Burst10M) (Tunnel9185) Destination: 203.160.227.114
Status:
Admin: up Oper: down Path: valid Signalling: RSVP signalling proceeding
path option 1, type explicit CHTG-Virtela (Basis for Setup, path weight 5)
Config Parameters:
Bandwidth: 64 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: disabled LockDown: disabled Loadshare: 64 bw-based
auto-bw: disabled
Active Path Option Parameters:
State: explicit path option 1 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
RSVP Signalling Info:
Src 203.160.227.53, Dst 203.160.227.114, Tun_Id 9185, Tun_Instance 151
History:
Tunnel:
Time since created: 163 days, 7 hours, 6 minutes
Time since path change: 1 minutes, 26 seconds
Number of LSP IDs (Tun_Instances) used: 151
Current LSP:
Setup Time: 3 minutes, 33 seconds remaining
Selection: reoptimization
Prior LSP:
ID: path option 1 [150]
Removal Trigger: label reservation removed
Name: TFN_CT (Tunnel9186) Destination: 203.160.227.98
Status:
Admin: up Oper: down Path: valid Signalling: RSVP signalling proceeding
path option 1, type explicit TFN_CT (Basis for Setup, path weight 101)
Config Parameters:
Bandwidth: 64 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: disabled LockDown: disabled Loadshare: 64 bw-based
auto-bw: disabled
Active Path Option Parameters:
State: explicit path option 1 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
RSVP Signalling Info:
Src 203.160.227.53, Dst 203.160.227.98, Tun_Id 9186, Tun_Instance 63
History:
Tunnel:
Time since created: 85 days, 20 hours, 42 minutes
Time since path change: 1 minutes, 19 seconds
Number of LSP IDs (Tun_Instances) used: 63
Current LSP:
Setup Time: 3 minutes, 40 seconds remaining
Selection: reoptimization
Prior LSP:
ID: path option 1 [62]
Removal Trigger: label reservation removed
Name: TFN_CNC (Tunnel9187) Destination: 203.160.227.98
Status:
Admin: up Oper: down Path: valid Signalling: RSVP signalling proceeding
path option 1, type explicit TFN_CNC (Basis for Setup, path weight 101)
Config Parameters:
Bandwidth: 64 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: disabled LockDown: disabled Loadshare: 64 bw-based
auto-bw: disabled
Active Path Option Parameters:
State: explicit path option 1 is active
BandwidthOverride: disabled LockDown: disabled Verbatim: disabled
RSVP Signalling Info:
Src 203.160.227.53, Dst 203.160.227.98, Tun_Id 9187, Tun_Instance 195
History:
Tunnel:
Time since created: 85 days, 20 hours, 43 minutes
Time since path change: 27 seconds
Number of LSP IDs (Tun_Instances) used: 195
Current LSP:
Setup Time: 4 minutes, 32 seconds remaining
Selection: reoptimization
Prior LSP:
ID: path option 1 [194]
Removal Trigger: label reservation removed
10-23-2011 10:04 PM
Hi mtiger
I believe this is your production network and you won't be able to do any debug. But if its possible I will recommend you "debub mpls traffic-eng path lookup and debug mpls traffic-eng path verify"
Also please check the "show ip rsvp counters" after clearing the counters to see if there is RSVP signalling exhange happening or not. I suspect its not.
Secondly I was just curious why are we policing the control plane with 1Gig CIR .
Regards
Varma
10-30-2011 09:56 AM
Hello Mtiger,
be aware that RSVP and RSVP-TE are not based on TCP or UDP so you need a line to allow RSVP protocol
RSVP is protocol 46 over IP you need a line like permit rsvp any any
see
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml
Hope to help
Giuseppe
10-30-2011 06:15 PM
Hi all,
Thanks for all of your help.
the problem is solved .
Thanks!
Michael
10-30-2011 06:17 PM
Hi Michael
Can you please let know what was the issue and the solution implemented to fix the same ?
Regards
Varma
10-30-2011 07:32 PM
The access-list counter show it match some traffic.
the most traffic is 46 (RSVP)
Extended IP access list cp-critical-in
10 permit ospf any host 224.0.0.5 (1616079 matches)
20 permit ospf any host 224.0.0.6
30 permit ospf any any (2406 matches)
40 permit tcp any any eq bgp (126 matches)
50 permit tcp any eq bgp any (1736269 matches)
60 permit tcp any any eq 646 (148378 matches)
70 permit tcp any eq 646 any (108625 matches)
80 permit udp any any eq 646 (1529817 matches)
90 permit udp any eq 646 any (11 matches)
110 permit tcp any any eq 3455 (1 match) <-----
120 permit udp any any eq 3455
130 permit tcp any eq 3455 any (81 matches) <-----
140 permit udp any eq 3455 any
150 permit 46 any any (195285 matches) <-------
160 permit udp any eq 3503 any (8 matches) <------
10-30-2011 07:37 PM
Hi Michael
I do not see any RSVP term in the ACL here though we have match for 3455 now..So what was the actual issue which obstructed RSVP signalling and brought the tunnels down..What we did to fix it. ..Is the CoPP still in place for RSVP..Honestly when I replicated the CoPP in my LAB i never faced any issues for the TE...
Regards
Varma
10-30-2011 07:41 PM
150 permit 46 any any (195285 matches) <-------
varma,
This was the fix. he included protocol 46 which is the protocol id for rsvp
10-30-2011 07:43 PM
HI Kishore
When I applied the same CoPP in my LAB without "46" I never faced any issue..Was wondering what happened actually here...
Regards
Varma
10-30-2011 07:43 PM
Good one Guiseppe 5+ for that
10-30-2011 11:39 PM
Hi Varma,
My policy is drop all unmatch traffic. so when I apply CoPP, it will drop all RSVP packet.
Policy Map control-plane-in
Class cp-critical-in
police cir 1000000000 bc 31250000
conform-action transmit
exceed-action transmit
Class cp-important-in
police cir 1000000 bc 312500
conform-action transmit
exceed-action drop
Class cp-normal-in
police cir 100000 bc 31250
conform-action transmit
exceed-action drop
Class cp-class-default-in
police cir 100000 bc 31250
conform-action drop <-----------------
exceed-action drop <-----------------
10-31-2011 04:24 AM
Hi Michael
Now I understand it. I used the partial Policy thats why I did not face the issue
Regards
Varma
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide