VPLS : VC UP but no data -- ASR9k & 7600 ES+

Sherif Atef Ahmed Ismail · ‎10-18-2013

Dears

Would like your assistance please regarding below VPLS setup

VPLS is between ASR9k & 7600 ES+ card. VC is up but CEs are not able to ping each others

Lab Topology

CE <> Te0/1/0/3.55 ASR9K < -- mpls --> 7600 Gi4/2 <> CE

Any ideas ?

Note

ASR9k & 7600 are directly connected via same ES+ card

||||||||||||||||||||||||||||||||||||||||||||||||||

ASR9k

interface TenGigE0/1/0/3

cdp

!

interface TenGigE0/1/0/3.55 l2transport

encapsulation dot1q 55 exact

rewrite ingress tag pop 1 symmetric

!

l2vpn

pw-class PW-CLASS-TEST

encapsulation mpls

transport-mode ethernet

!

bridge group vpls-test

bridge-domain asr9k-7600

interface TenGigE0/1/0/3.55

!

vfi vlan-55

neighbor 6.6.6.6 pw-id 55

pw-class PW-CLASS-TEST

7600

ethernet evc test-vpls

interface GigabitEthernet4/2

no ip address

speed 1000

service instance 55 ethernet test-vpls

encapsulation dot1q 55

rewrite ingress tag pop 1 symmetric

bridge-domain 55

!

interface Vlan55

no ip address

xconnect vfi asr9k-7600

end

l2 vfi asr9k-7600 manual test-vpls

vpn id 55

neighbor 19.19.19.19 encapsulation mpls

||||||||||||

RP/0/RSP0/CPU0:XR1#sh l2vpn bridge-domain

Wed Oct 16 19:34:58.345 UTC

Legend: pp = Partially Programmed.

Bridge group: vpls-test, bridge-domain: asr9k-7600, id: 15, state: up, ShgId: 0, MSTi: 0

Aging: 300 s, MAC limit: 4000, Action: none, Notification: syslog

Filter MAC addresses: 0

ACs: 1 (1 up), VFIs: 1, PWs: 1 (1 up), PBBs: 0 (0 up)

List of ACs:

Te0/1/0/3.55, state: up, Static MAC addresses: 0

List of Access PWs:

List of VFIs:

VFI vlan-55 (up)

Neighbor 6.6.6.6 pw-id 55, state: up, Static MAC addresses: 0

RP/0/RSP0/CPU0:XR1#

RP/0/RSP0/CPU0:XR1#sh l2vpn bridge-domain detail

Wed Oct 16 19:35:02.391 UTC

Legend: pp = Partially Programmed.

Bridge group: vpls-test, bridge-domain: asr9k-7600, id: 15, state: up, ShgId: 0, MSTi: 0

Coupled state: disabled

MAC learning: enabled

MAC withdraw: enabled

MAC withdraw for Access PW: enabled

MAC withdraw sent on bridge port down: disabled

Flooding:

Broadcast & Multicast: enabled

Unknown unicast: enabled

MAC aging time: 300 s, Type: inactivity

MAC limit: 4000, Action: none, Notification: syslog

MAC limit reached: no

MAC port down flush: enabled

MAC Secure: disabled, Logging: disabled

Split Horizon Group: none

Dynamic ARP Inspection: disabled, Logging: disabled

IP Source Guard: disabled, Logging: disabled

DHCPv4 snooping: disabled

IGMP Snooping profile: none

Bridge MTU: 1500

MIB cvplsConfigIndex: 16

Filter MAC addresses:

Create time: 16/10/2013 18:40:04 (00:54:57 ago)

No status change since creation

ACs: 1 (1 up), VFIs: 1, PWs: 1 (1 up), PBBs: 0 (0 up)

List of ACs:

AC: TenGigE0/1/0/3.55, state is up

Type VLAN; Num Ranges: 1

VLAN ranges: [55, 55]

MTU 1500; XC ID 0x44002e; interworking none

MAC learning: enabled

Flooding:

Broadcast & Multicast: enabled

Unknown unicast: enabled

MAC aging time: 300 s, Type: inactivity

MAC limit: 4000, Action: none, Notification: syslog

MAC limit reached: no

MAC port down flush: enabled

MAC Secure: disabled, Logging: disabled

Split Horizon Group: none

Dynamic ARP Inspection: disabled, Logging: disabled

IP Source Guard: disabled, Logging: disabled

DHCPv4 snooping: disabled

IGMP Snooping profile: none

Storm Control: disabled

Static MAC addresses:

Statistics:

packets: received 0, sent 2

bytes: received 0, sent 112

Storm control drop counters:

packets: broadcast 0, multicast 0, unknown unicast 0

bytes: broadcast 0, multicast 0, unknown unicast 0

Dynamic ARP inspection drop counters:

packets: 0, bytes: 0

IP source guard drop counters:

packets: 0, bytes: 0

List of Access PWs:

List of VFIs:

VFI vlan-55 (up)

PW: neighbor 6.6.6.6, PW ID 55, state is up ( established )

PW class PW-CLASS-TEST, XC ID 0xc000001d

Encapsulation MPLS, protocol LDP

Source address 19.19.19.19

PW type Ethernet, control word disabled, interworking none

PW backup disable delay 0 sec

Sequencing not set

PW Status TLV in use

MPLS Local Remote

------------ ------------------------------ -------------------------

Label 16052 63

Group ID 0xf 0x0

Interface vlan-55 unknown

MTU 1500 1500

Control word disabled disabled

PW type Ethernet Ethernet

VCCV CV type 0x2 0x12

(LSP ping verification) (LSP ping verification)

VCCV CC type 0x6 0x6

(router alert label) (router alert label)

(TTL expiry) (TTL expiry)

------------ ------------------------------ -------------------------

Incoming Status (PW Status TLV):

Status code: 0x0 (Up) in Notification message

MIB cpwVcIndex: 3221225501

Create time: 16/10/2013 18:51:28 (00:43:33 ago)

Last time status changed: 16/10/2013 18:52:43 (00:42:18 ago)

MAC withdraw message: send 0 receive 0

Static MAC addresses:

Statistics:

packets: received 0, sent 0

bytes: received 0, sent 0

DHCPv4 snooping: disabled

IGMP Snooping profile: none

VFI Statistics:

drops: illegal VLAN 0, illegal length 0

RP/0/RSP0/CPU0:XR1#

|||

NPE-3#show mpls l2 binding

Destination Address: 19.19.19.19,VC ID: 55

Local Label: 63

Cbit: 0, VC Type: Ethernet, GroupID: 0

MTU: 1500, Interface Desc: n/a

VCCV: CC Type: RA [2], TTL [3]

CV Type: LSPV [2], BFD/Raw [5]

Remote Label: 16052

Cbit: 0, VC Type: Ethernet, GroupID: 15

MTU: 1500, Interface Desc: vlan-55

VCCV: CC Type: RA [2], TTL [3]

CV Type: LSPV [2]

NPE-3#

NPE-3#show mpls l2 vc 55

Local intf Local circuit Dest address VC ID Status

------------- -------------------------- --------------- ---------- ----------

VFI asr9k-7600 \

vfi 19.19.19.19 55 UP

NPE-3#

NPE-3#show mpls l2 vc 55 detail

Local interface: VFI asr9k-7600 vfi up

Interworking type is Ethernet

Destination address: 19.19.19.19, VC ID: 55, VC status: up

Output interface: none, imposed label stack {}

Preferred path: not configured

Default path: active

No adjacency

Create time: 00:53:12, last status change time: 00:40:59

Last label FSM state change time: 00:39:58

Last peer autosense occurred at: 00:40:59

Signaling protocol: LDP, peer 19.19.19.19:0 up

Targeted Hello: 6.6.6.6(LDP Id) -> 19.19.19.19, LDP is UP

Status TLV support (local/remote) : enabled/supported

LDP route watch : enabled

Label/status state machine : established, LruRru

Last local dataplane status rcvd: No fault

Last BFD dataplane status rcvd: Not sent

Last BFD peer monitor status rcvd: No fault

Last local AC circuit status rcvd: No fault

Last local AC circuit status sent: No fault

Last local PW i/f circ status rcvd: No fault

Last local LDP TLV status sent: No fault

Last remote LDP TLV status rcvd: No fault

Last remote LDP ADJ status rcvd: No fault

MPLS VC labels: local 63, remote 16052

Group ID: local 0, remote 15

MTU: local 1500, remote 1500

Remote interface description: vlan-55

Sequencing: receive disabled, send disabled

Control Word: Off (configured: autosense)

SSO Descriptor: 19.19.19.19/55, local label: 63

Dataplane:

SSM segment/switch IDs: 4200/110690 (used), PWID: 27

VC statistics:

transit packet totals: receive 0, send 0

transit byte totals: receive 0, send 0

transit packet drops: receive 0, seq error 0, send 0

NPE-3#

Many Thanks

Regards

Sherif Ismail

xthuijs · ‎10-22-2013

hi sherif, based on these counters it looks like to me that the AC is not receiving any packets on the EFP...

and that can only mean one thing, are we sending packets with the right vlan encapsulation from the CE towards the asr9k?

regards

xander

Sherif Atef Ahmed Ismail · ‎10-23-2013

Hi Xander

Nice catch .. Will change EFP match to any to see If this would makes an effect or not

Will do the test by tom and let you know

Many thanks

Sherif Ismail

Sherif Atef Ahmed Ismail · ‎10-24-2013

Hi Xander

First many thanks for your assistance

Have recheked CEs config and they are straight forward. [trunk interface allowing all vlans]

However I have added CE3/PE3 to topolgoy and results were somehow interesting

CE1(ME3800) -- PE1 (ASR9K) --- PE2 (7600) -- PE3 (7600) -- CE3 (ME3800)

|

CE2(ME3800)

Now both CE1/CE2 can ping CE3 but still no communication between CE1 & CE2

Dont know what could be the difference between CE2 & CE3. Only thing that comes to my mind is that with CE2, PE2 is directly connected to PE1. Dont know if this could be a problem or not as in this case MPLS label should be pop but still there is VC label

Another thing I removed "rewrite ingress tag pop 1 symmetric" from all PEs cause with this command CE3 (only) was receiving BPDU with different VLAN ! [dont know if this behavior is normal or not]

interface GigabitEthernet4/2

no ip address

speed 1000

service instance 55 ethernet

encapsulation dot1q 55

rewrite ingress tag pop 1 symmetric

bridge-domain 55

*Oct 24 21:57:14.158: %SPANTREE-2-RECV_PVID_ERR: Received BPDU with inconsistent peer vlan id 2 on GigabitEthernet0/23 VLAN55.

*Oct 24 21:57:14.158: %SPANTREE-2-BLOCK_PVID_LOCAL: Blocking GigabitEthernet0/23 on VLAN0055. Inconsistent local vlan.

*Oct 24 21:57:15.158: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan55, changed state to down

UPE-42#

Once I remove it

UPE-42# *Oct 24 21:59:23.638: %SPANTREE-2-UNBLOCK_CONSIST_PORT: Unblocking GigabitEthernet0/23 on VLAN0055. Port consistency restored

Now what do you think ? :]

Many Thanks

Regards

Sherif Ismail

xthuijs · ‎10-25-2013

aha, the bpdu problem is understandable:

when the 9k is not configured for pvst or mstp it will forward all bpdus transparently depending ony our EFP definitions.

I suspect you are running PVST as the bpdus are vlan encapped.

now if there is an incoming bpdu, we pop the tag and then remote we're slapping a vlan back on again, that can cause that problem.

in this design without loops you would want to disable PVST or STP in general to prevent these issues from happening.

based on the issue with the spanning tree, I am starting to believe that CE2 might have its port blocked or something.

Things to verify/check are:

- disabling spanning tree

- ensuring ports are in forwarding state

- are all AC's up and running

- PW state up and running

- split horizon issues between CE2/CE1?

- arp resolution

- vlan consistency

hopefully one of these on the list helps identifying the origin of the forwarding issue.

xander

Sherif Atef Ahmed Ismail · ‎10-26-2013

Hi Xander
Perfect analysis .. Will try above and let you know

Million thanks :)

Sent from Cisco Technical Support iPad App

Sherif Atef Ahmed Ismail · ‎10-28-2013

Hi Xander

Good news .. It worked now :]

Figured out there was no label assigned with PE2 (7600) router .. When I removed config and inserted again all CEs were pingable

PE2#show mpls l2 vc 55 detail

Local interface: VFI asr9k-7600 vfi up

Interworking type is Ethernet

Destination address: 19.19.19.19, VC ID: 55, VC status: up

Output interface: none, imposed label stack {} <<<----

Many thanks for your assistance and help

Regards

Sherif Ismail

xthuijs · ‎10-29-2013

hi sherif, nice work and good find, this indeed will help having a label assigned

regards

xander

Sherif Atef Ahmed Ismail · ‎10-30-2013

Many Thanks Xander ... Your guidance were so helpful