cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2596
Views
5
Helpful
13
Replies

MPLS TE with CoPP

mtiger
Beginner
Beginner

I try to configure CoPP on 7600 sup7203BXL,

when I apply on Control-Plane, then the MPLS TE tunnel goes down.

Can anyone help ? 

Cisco RSVP is port 3455 ?

I do not have any packet match port 3455.

Extended IP access list cp-class-default-in

    10 permit ip any any (82250 matches)

Extended IP access list cp-critical-in

    10 permit ospf any host 224.0.0.5 (53601 matches)

    20 permit ospf any host 224.0.0.6

    30 permit ospf any any (145 matches)

    40 permit tcp any any eq bgp (2 matches)

    50 permit tcp any eq bgp any (50725 matches)

    60 permit tcp any any eq 646 (4457 matches)

    70 permit tcp any eq 646 any (3222 matches)

    80 permit udp any any eq 646 (49019 matches)

    90 permit udp any eq 646 any

    110 permit tcp any any eq 3455

    120 permit udp any any eq 3455

    130 permit tcp any eq 3455 any

    140 permit udp any eq 3455 any

Extended IP access list cp-important-in

    10 permit tcp any any eq 22 (238 matches)

    20 permit tcp any eq 22 any

    30 permit tcp any any eq telnet (7059 matches)

    40 permit tcp any eq telnet any

    50 permit tcp any any eq tacacs (1 match)

    60 permit tcp any eq tacacs any (1219 matches)

    70 permit udp any any eq ntp (47 matches)

    80 permit udp any eq ntp any

    90 permit udp any any eq snmp (89625 matches)

Extended IP access list cp-normal-in

    10 permit icmp any any echo (267766 matches)

    20 permit icmp any any echo-reply (5394 matches)

    30 permit icmp any any parameter-problem (499 matches)

    40 permit icmp any any ttl-exceeded (17 matches)

    50 permit icmp any any port-unreachable (8 matches)

    60 permit icmp any any time-exceeded

Policy Map control-plane-in

    Class cp-critical-in

     police cir 1000000000 bc 31250000

       conform-action transmit

       exceed-action transmit

    Class cp-important-in

     police cir 1000000 bc 312500

       conform-action transmit

       exceed-action drop

    Class cp-normal-in

     police cir 100000 bc 31250

       conform-action transmit

       exceed-action drop

    Class cp-class-default-in

     police cir 100000 bc 31250

       conform-action drop

       exceed-action drop

Extended IP access list cp-class-default-in
    10 permit ip any any (82250 matches)
Extended IP access list cp-critical-in
    10 permit ospf any host 224.0.0.5 (53601 matches)
    20 permit ospf any host 224.0.0.6
    30 permit ospf any any (145 matches)
    40 permit tcp any any eq bgp (2 matches)
    50 permit tcp any eq bgp any (50725 matches)
    60 permit tcp any any eq 646 (4457 matches)
    70 permit tcp any eq 646 any (3222 matches)
    80 permit udp any any eq 646 (49019 matches)
    90 permit udp any eq 646 any
    110 permit tcp any any eq 3455
    120 permit udp any any eq 3455
    130 permit tcp any eq 3455 any
    140 permit udp any eq 3455 any
Extended IP access list cp-important-in
    10 permit tcp any any eq 22 (238 matches)
    20 permit tcp any eq 22 any
    30 permit tcp any any eq telnet (7059 matches)
    40 permit tcp any eq telnet any
    50 permit tcp any any eq tacacs (1 match)
    60 permit tcp any eq tacacs any (1219 matches)
    70 permit udp any any eq ntp (47 matches)
    80 permit udp any eq ntp any
    90 permit udp any any eq snmp (89625 matches)
Extended IP access list cp-normal-in
    10 permit icmp any any echo (267766 matches)
    20 permit icmp any any echo-reply (5394 matches)
    30 permit icmp any any parameter-problem (499 matches)
    40 permit icmp any any ttl-exceeded (17 matches)
    50 permit icmp any any port-unreachable (8 matches)
    60 permit icmp any any time-exceeded

Policy Map control-plane-in
    Class cp-critical-in
     police cir 1000000000 bc 31250000
       conform-action transmit
       exceed-action transmit
    Class cp-important-in
     police cir 1000000 bc 312500
       conform-action transmit
       exceed-action drop
    Class cp-normal-in
     police cir 100000 bc 31250
       conform-action transmit
       exceed-action drop
    Class cp-class-default-in
     police cir 100000 bc 31250
       conform-action drop
       exceed-action drop

1 Accepted Solution

Accepted Solutions

Hello Mtiger,

be aware that RSVP and RSVP-TE are not based on TCP or UDP so you need a line to allow RSVP protocol

RSVP is protocol 46 over IP you need a line like permit rsvp any any

see

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml

Hope to help

Giuseppe

View solution in original post

13 Replies 13

Vaibhava Varma
Enthusiast
Enthusiast

Hi mtiger

What error does the TE Tunnel throw for it being down ?

Can you share "show mpls traffic-eng tunnels" output

Regards

Varma

It seems the RSVP signalling problem.

Router #sho mpls traffic-eng tunnels

Name: vocom_hinet                         (Tunnel9181) Destination: 203.160.227.98
  Status:
    Admin: up         Oper: down   Path: valid       Signalling: RSVP signalling proceeding
    path option 1, type explicit TP765_TP1243_G1 (Basis for Setup, path weight 2)
    path option 2, type explicit TP765_TP1243_G2
    path option 3, type explicit TP765_TP1243_G3

  Config Parameters:
    Bandwidth: 64       kbps (Global)  Priority: 7  7   Affinity: 0x0/0xFFFF
    Metric Type: TE (default)
    AutoRoute:  disabled  LockDown: disabled  Loadshare: 64       bw-based
    auto-bw: disabled
  Active Path Option Parameters:
    State: explicit path option 1 is active
    BandwidthOverride: disabled  LockDown: disabled  Verbatim: disabled


  RSVP Signalling Info:
       Src 203.160.227.53, Dst 203.160.227.98, Tun_Id 9181, Tun_Instance 2903
  History:
    Tunnel:
      Time since created: 446 days, 9 hours, 52 minutes
      Time since path change: 1 minutes, 19 seconds
      Number of LSP IDs (Tun_Instances) used: 2903
    Current LSP:
      Setup Time: 3 minutes, 40 seconds remaining
      Selection: reoptimization
    Prior LSP:
      ID: path option 1 [2902]
      Removal Trigger: label reservation removed
    Path Option 3:
      Last Error: PCALC:: No addresses to connect 203.78.186.225 to 203.160.227.98

Name: vocom_HK                            (Tunnel9182) Destination: 203.160.227.27
  Status:
    Admin: up         Oper: down   Path: valid       Signalling: RSVP signalling proceeding
    path option 1, type explicit vocom_HK (Basis for Setup, path weight 6)

  Config Parameters:
    Bandwidth: 64       kbps (Global)  Priority: 7  7   Affinity: 0x0/0xFFFF
    Metric Type: TE (default)
    AutoRoute:  disabled  LockDown: disabled  Loadshare: 64       bw-based
    auto-bw: disabled
  Active Path Option Parameters:
    State: explicit path option 1 is active
    BandwidthOverride: disabled  LockDown: disabled  Verbatim: disabled


  RSVP Signalling Info:
       Src 203.160.227.53, Dst 203.160.227.27, Tun_Id 9182, Tun_Instance 1471
  History:
    Tunnel:
      Time since created: 446 days, 9 hours, 52 minutes
      Time since path change: 1 minutes, 25 seconds
      Number of LSP IDs (Tun_Instances) used: 1471
    Current LSP:
      Setup Time: 3 minutes, 34 seconds remaining
      Selection: reoptimization
    Prior LSP:
      ID: path option 1 [1470]
      Removal Trigger: label reservation removed

Name: cmstr-Vocom_CT                      (Tunnel9184) Destination: 203.160.227.114
  Status:
    Admin: up         Oper: down   Path: valid       Signalling: RSVP signalling proceeding
    path option 1, type explicit vocom_ct (Basis for Setup, path weight 5)

  Config Parameters:
    Bandwidth: 64       kbps (Global)  Priority: 7  7   Affinity: 0x0/0xFFFF
    Metric Type: TE (default)
    AutoRoute:  disabled  LockDown: disabled  Loadshare: 64       bw-based
    auto-bw: disabled
  Active Path Option Parameters:
    State: explicit path option 1 is active
    BandwidthOverride: disabled  LockDown: disabled  Verbatim: disabled


  RSVP Signalling Info:
       Src 203.160.227.53, Dst 203.160.227.114, Tun_Id 9184, Tun_Instance 143
  History:
    Tunnel:
      Time since created: 227 days, 45 minutes
      Time since path change: 1 minutes, 26 seconds
      Number of LSP IDs (Tun_Instances) used: 143
    Current LSP:
      Setup Time: 3 minutes, 33 seconds remaining
      Selection: reoptimization
    Prior LSP:
      ID: path option 1 [142]
      Removal Trigger: label reservation removed

Name: CHTG-Virtela-2M(Burst10M)           (Tunnel9185) Destination: 203.160.227.114
  Status:
    Admin: up         Oper: down   Path: valid       Signalling: RSVP signalling proceeding
    path option 1, type explicit CHTG-Virtela (Basis for Setup, path weight 5)

  Config Parameters:
    Bandwidth: 64       kbps (Global)  Priority: 7  7   Affinity: 0x0/0xFFFF
    Metric Type: TE (default)
    AutoRoute:  disabled  LockDown: disabled  Loadshare: 64       bw-based
    auto-bw: disabled
  Active Path Option Parameters:
    State: explicit path option 1 is active
    BandwidthOverride: disabled  LockDown: disabled  Verbatim: disabled
         

  RSVP Signalling Info:
       Src 203.160.227.53, Dst 203.160.227.114, Tun_Id 9185, Tun_Instance 151
  History:
    Tunnel:
      Time since created: 163 days, 7 hours, 6 minutes
      Time since path change: 1 minutes, 26 seconds
      Number of LSP IDs (Tun_Instances) used: 151
    Current LSP:
      Setup Time: 3 minutes, 33 seconds remaining
      Selection: reoptimization
    Prior LSP:
      ID: path option 1 [150]
      Removal Trigger: label reservation removed

Name: TFN_CT                              (Tunnel9186) Destination: 203.160.227.98
  Status:
    Admin: up         Oper: down   Path: valid       Signalling: RSVP signalling proceeding
    path option 1, type explicit TFN_CT (Basis for Setup, path weight 101)

  Config Parameters:
    Bandwidth: 64       kbps (Global)  Priority: 7  7   Affinity: 0x0/0xFFFF
    Metric Type: TE (default)
    AutoRoute:  disabled  LockDown: disabled  Loadshare: 64       bw-based
    auto-bw: disabled
  Active Path Option Parameters:
    State: explicit path option 1 is active
    BandwidthOverride: disabled  LockDown: disabled  Verbatim: disabled


  RSVP Signalling Info:
       Src 203.160.227.53, Dst 203.160.227.98, Tun_Id 9186, Tun_Instance 63
  History:
    Tunnel:
      Time since created: 85 days, 20 hours, 42 minutes
      Time since path change: 1 minutes, 19 seconds
      Number of LSP IDs (Tun_Instances) used: 63
    Current LSP:
      Setup Time: 3 minutes, 40 seconds remaining
      Selection: reoptimization
    Prior LSP:
      ID: path option 1 [62]
      Removal Trigger: label reservation removed

Name: TFN_CNC                             (Tunnel9187) Destination: 203.160.227.98
  Status:
    Admin: up         Oper: down   Path: valid       Signalling: RSVP signalling proceeding
    path option 1, type explicit TFN_CNC (Basis for Setup, path weight 101)

  Config Parameters:
    Bandwidth: 64       kbps (Global)  Priority: 7  7   Affinity: 0x0/0xFFFF
    Metric Type: TE (default)
    AutoRoute:  disabled  LockDown: disabled  Loadshare: 64       bw-based
    auto-bw: disabled
  Active Path Option Parameters:
    State: explicit path option 1 is active
    BandwidthOverride: disabled  LockDown: disabled  Verbatim: disabled


  RSVP Signalling Info:
       Src 203.160.227.53, Dst 203.160.227.98, Tun_Id 9187, Tun_Instance 195
  History:
    Tunnel:
      Time since created: 85 days, 20 hours, 43 minutes
      Time since path change: 27 seconds
      Number of LSP IDs (Tun_Instances) used: 195
    Current LSP:
      Setup Time: 4 minutes, 32 seconds remaining
      Selection: reoptimization
    Prior LSP:
      ID: path option 1 [194]
      Removal Trigger: label reservation removed

Hi mtiger

I believe this is your production network and you won't be able to do any debug. But if its possible I will recommend you "debub mpls traffic-eng path lookup and debug mpls traffic-eng path verify"

Also please check the "show ip rsvp counters" after clearing the counters to see if there is RSVP signalling exhange happening or not. I suspect its not.

Secondly I was just curious why are we policing the control plane with 1Gig CIR .

Regards

Varma

Hello Mtiger,

be aware that RSVP and RSVP-TE are not based on TCP or UDP so you need a line to allow RSVP protocol

RSVP is protocol 46 over IP you need a line like permit rsvp any any

see

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml

Hope to help

Giuseppe

Hi all,

Thanks for all of your help.

the problem is solved .

Thanks!

Michael

Hi Michael

Can you please let know what was the issue and the solution implemented to  fix the same ?

Regards

Varma

The access-list counter show it match some traffic.

the most traffic is 46 (RSVP)

Extended IP access list cp-critical-in

    10 permit ospf any host 224.0.0.5 (1616079 matches)

    20 permit ospf any host 224.0.0.6

    30 permit ospf any any (2406 matches)

    40 permit tcp any any eq bgp (126 matches)

    50 permit tcp any eq bgp any (1736269 matches)

    60 permit tcp any any eq 646 (148378 matches)

    70 permit tcp any eq 646 any (108625 matches)

    80 permit udp any any eq 646 (1529817 matches)

    90 permit udp any eq 646 any (11 matches)

    110 permit tcp any any eq 3455 (1 match)   <-----

    120 permit udp any any eq 3455

    130 permit tcp any eq 3455 any (81 matches)   <-----

    140 permit udp any eq 3455 any

    150 permit 46 any any (195285 matches)    <-------

    160 permit udp any eq 3503 any (8 matches)  <------

Hi Michael

I do not see any RSVP term in the ACL here though we have match for 3455 now..So what was the actual issue which obstructed RSVP signalling and brought the tunnels down..What we did to fix it. ..Is the CoPP still in place for RSVP..Honestly when I replicated the CoPP in my LAB i never faced any issues for the TE...

Regards

Varma

    150 permit 46 any any (195285 matches)    <-------

varma,

This was the fix. he included protocol 46 which is the protocol id for  rsvp

HI Kishore

When I applied the same CoPP in my LAB without "46" I never faced any issue..Was wondering what happened actually here...

Regards

Varma

Good one Guiseppe   5+  for that

Hi Varma,

My policy is drop all unmatch traffic.  so when I apply CoPP,  it will drop all RSVP packet.

Policy Map control-plane-in
    Class cp-critical-in
     police cir 1000000000 bc 31250000
       conform-action transmit
       exceed-action transmit
    Class cp-important-in
     police cir 1000000 bc 312500
       conform-action transmit
       exceed-action drop
    Class cp-normal-in
     police cir 100000 bc 31250
       conform-action transmit
       exceed-action drop
    Class cp-class-default-in
     police cir 100000 bc 31250
       conform-action drop    <-----------------
       exceed-action drop     <-----------------

Hi Michael

Now I understand it. I used the partial Policy thats why I did not face the issue

Regards

Varma

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers