cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5801
Views
0
Helpful
5
Replies

Xconnect Problem: Unidirectional Traffic Forwarding

Hello!

I have some problem with xconnect in the follow scheme:

scheme.png

Cisco 6524:

interface Port-channel115.179

encapsulation dot1Q 179

xconnect 10.240.0.2 20179 pw-class PW_MPLS

end

Cisco 7606:

interface GigabitEthernet3/0/2.179

encapsulation dot1Q 179

xconnect 10.240.0.4 20179 pw-class PW_MPLS

end

My problem:

When I try to ping host-2 from host-1 I get ping request timed out. I this case I can see send packets to xconnect on Cisco 6524 and receive packets on the Cisco 7606. And I have arp-entry for host 192.168.255.15 in the arp-table on host-2.

When I try to ping host-1 from host-2 I get ping request timed out too. But I haven’t send packets to xconnect on Cisco 7606 and receive packets on Cisco 6524.

How I can understand - it’s well traffic forwarding from host-1 to host-2, but nothing from host-2 to host-1.

If I did “ping mpls pseudowire 10.240.0.4 20179“ from Cisco 7606 - all ok (I can see send packets on Cisco7606).

This is "sh mpls l2 vc 20179 det" from Cisco 6524:

Local interface: Po115.179 up, line protocol up, Eth VLAN 179 up

  Interworking type is Ethernet

  Destination address: 10.240.0.2, VC ID: 20179, VC status: up

    Output interface: Gi1/31, imposed label stack {3032}

    Preferred path: not configured 

    Default path: active

    Next hop: 10.2.100.204

  Load Balance: none

  Flow Label: Disabled

  Create time: 01:11:34, last status change time: 01:04:40

  Signaling protocol: LDP, peer 10.240.0.2:0 up

    Targeted Hello: 10.240.0.4(LDP Id) -> 10.240.0.2, LDP is UP

    Status TLV support (local/remote)   : enabled/not supported

      LDP route watch                   : enabled

      Label/status state machine        : established, LruRru

      Last local dataplane   status rcvd: No fault

      Last local SSS circuit status rcvd: No fault

      Last local SSS circuit status sent: No fault

      Last local  LDP TLV    status sent: No fault

      Last remote LDP TLV    status rcvd: Not sent

      Last remote LDP ADJ    status rcvd: No fault

    MPLS VC labels: local 160, remote 3032

    Group ID: local 0, remote 0

    MTU: local 9216, remote 9216

    Remote interface description:

  Sequencing: receive disabled, send disabled

  Control Word: On (configured: autosense)

  VC statistics:

    transit packet totals: receive 0, send 12

    transit byte totals:   receive 0, send 816

    transit packet drops:  receive 0, send 0

This is "sh mpls l2 vc 20179 det" from Cisco 7606:

Local interface: Gi3/0/2.179 up, line protocol up, Eth VLAN 179 up

  Interworking type is Ethernet

  Destination address: 10.240.0.4, VC ID: 20179, VC status: up

    Output interface: Gi3/0/8.100, imposed label stack {160}

    Preferred path: not configured 

    Default path: active

    Next hop: 10.2.100.4

  Create time: 01:05:39, last status change time: 01:05:39

  Signaling protocol: LDP, peer 10.240.0.4:0 up

    Targeted Hello: 10.240.0.2(LDP Id) -> 10.240.0.4

    Status TLV support (local/remote)   : enabled/not supported

      Label/status state machine        : established, LruRru

      Last local dataplane   status rcvd: no fault

      Last local SSS circuit status rcvd: no fault

      Last local SSS circuit status sent: no fault

      Last local  LDP TLV    status sent: no fault

      Last remote LDP TLV    status rcvd: not sent

    MPLS VC labels: local 3032, remote 160

    Group ID: local 0, remote 0

    MTU: local 9216, remote 9216

    Remote interface description:

  Sequencing: receive disabled, send disabled

  VC statistics:

    packet totals: receive 6, send 0

    byte totals:   receive 408, send 0

    packet drops:  receive 0, seq error 0, send 0


In what could be the problem?

P.S. And sorry my poor English...


5 Replies 5

Sudeep Valengattil
Cisco Employee
Cisco Employee

Hello,

Can you please check if the access interface counters (towards host-2) are increasing in both in/out directions, for the frames which you sent.  Also try adding a static ARP for host-1mac-address  in host-2 to see if it fixes.

Let us know the result.

Regards,

Sudeep

Hello!

I don't know what I can say...

Just that magic manage network!

Host-2 is Cisco3750 with vlan-interface. Whent tried to verify the packets on your advice I created access-list TEST on Cisco7606:

Extended IP access list TEST

    10 permit ip any host 192.168.255.1 log

    20 permit ip any host 192.168.255.15 log

    30 permit ip any any

I used it in sub Gi3/0/2.179:

ip access-group TEST in

ip access-group TEST out

Then I remove ACL from sub-interface:

no ip access-group TEST in

no ip access-group TEST out

And.. magic! Ping succefull.

Then I tried repeat:

1. Remove xconnect

2. Create xconnect

3. Ping...- nothing!

3. Add ACL to sub.

4. Remove ACL from sub.

5. Ping... - works!

I repeat this method many times - it works! Why?!?!?!

I have no logical reason!

Maybe bug?

I use:

Cisco IOS Software, c7600rsp72043_rp Software (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 12.2(33)SRD2a, RELEASE SOFTWARE (fc2)

Hey,

Can you please check applying ACL without "log" keyword and see if it fixes.

Regards,

Sudeep

Hey, Sudeep!

I repeated this operation for ACL without "log" keyword.

All works. After I did add/remove ACL for sub - traffic forwards correctly.

Suddep, could you explain to me why this is happening?

I realy can't understand.

Regards,

Konstantin.

Hi,

I did one same type of LAB without subinterface friend hope u like my effort !!!!!see config

R1#sh run

Building configuration...

Current configuration : 1288 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

no ip icmp rate-limit unreachable

!

!

ip cef

no ip domain lookup

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

ip tcp synwait-time 5

pseudowire-class anand

encapsulation l2tpv3

ip local interface Loopback0

!

!

!

!

!

!

interface Loopback0

ip address 1.1.1.1 255.0.0.0

!

interface FastEthernet0/0

ip address 200.200.200.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

no cdp enable

xconnect 2.2.2.2 10 pw-class anand

!

interface Ethernet1/0

no ip address

shutdown

duplex half

!

interface Ethernet1/1

no ip address

shutdown

duplex half

!

interface Ethernet1/2

no ip address

shutdown

duplex half

!

interface Ethernet1/3

no ip address

shutdown

duplex half

!

!

router eigrp 1

network 0.0.0.0

auto-summary

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

!

!

!

!

control-plane

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line vty 0 4

login

!

!

end

*******************************************************************************************************

R2#sh run

Building configuration...

Current configuration : 1288 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

no ip icmp rate-limit unreachable

!

!

ip cef

no ip domain lookup

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

ip tcp synwait-time 5

pseudowire-class anand

encapsulation l2tpv3

ip local interface Loopback0

!

!

!

!

!

!

interface Loopback0

ip address 2.2.2.2 255.0.0.0

!

interface FastEthernet0/0

ip address 200.200.200.2 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

no cdp enable

xconnect 1.1.1.1 10 pw-class anand

!

interface Ethernet1/0

no ip address

shutdown

duplex half

!

interface Ethernet1/1

no ip address

shutdown

duplex half

!

interface Ethernet1/2

no ip address

shutdown

duplex half

!

interface Ethernet1/3

no ip address

shutdown

duplex half

!

!

router eigrp 1

network 0.0.0.0

auto-summary

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

!

!

!

!

control-plane

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line vty 0 4

login

!

!

end

*************************************************************************************************

Though my tunnel not on with the command

sh mpl l2 vc

but my PC from R1 can ping now R2

Bye,