Got Error when Applying PBR on ASR9010

Alex Zhang · ‎04-29-2020

Hi folks,

I'm managing several ASR9010 routers, and have issue with only 1 of those ASR9010 routers.

Let's call the issue router "A", and the router is running IOS XR 6.2.3

I'm tyring to apply a new created PBR for some bundl-ethernet interface on A but got error message.

Configuration:

class-map type traffic match-all icmp
 match ipv4 icmp-type 1-15
 end-class-map
! 
!
policy-map type pbr icmp_redirect
 class type traffic icmp 
  redirect ipv4 nexthop vrf VRF1
 ! 
 class type traffic class-default 
 ! 
 end-policy-map
! 
interface Bundle-Ether2.2
 service-policy type pbr input icmp_redirect
!

And the configuration of be2.1 is:

interface Bundle-Ether2.2
 description blablabla
 bandwidth 40000000
 vrf VRF2
 ipv4 address 192.168.1.0 255.255.255.254
 flow ipv4 monitor FLOW1 sampler SAMPLER1 ingress
 encapsulation dot1q 2
!

And here is the error message:

!! SEMANTIC ERRORS: This configuration was rejected by 
!! the system due to semantic errors. The individual 
!! errors with each failed configuration command can be 
!! found below.


interface Bundle-Ether2.2
 service-policy type pbr input icmp_redirect
!!% 'PBR' detected the 'warning' condition 'BGP FS policy already applied to an interface or traditional policy applied to an interface'
!
end

The same configuration works good on all ASR9010 routers except this one, can someone help to take a look, please.

ngkin2010 · ‎04-29-2020

Hi,

Check if you have have BGP flowspec enabled on the interface. By default, flowspec (if enabled) will be apply to all interface.

'show run flowspec'
'show run router bgp | in flowspec'

Alex Zhang · ‎05-01-2020

Hi,

Thank you for the suggestion, I have tried to disable the flowspec and here are some updates based on your suggestion:

I do have flowspec enabled for all interfaces in vrf default, and this specific interface belongs to vrf VRF2.

I issued the "ipv4 flowspec disable" under interface Bundle-Ether2.2 and tried to apply the PBR again, and got new error message shown as below.

 service-policy type pbr input icmp-redirect
!!% A service policy already exists. Modification is not allowed: A service policy already exists. Modification is not allowed

The other asr9010 routers which running the same configuration (flowspec enabled on all interfaces in vrf default. Interface in vrf VRF2 applied PBR to redirect traffic to VRF1.) don't have the issue.

Best Regards

ngkin2010 · ‎05-02-2020

Hi,

I couldn't reproduce your problem on IOS-XRv, but you may consider to first disable flowspec globally (if it's not used), then apply the PBR, and enable back the flowspec afterward.

For example:

no flowspec
commit
interface Bundle-Ether2.2
service-policy type pbr input icmp-redirect
commit
<add back the flowspec configuration>
commit

Alex Zhang · ‎05-04-2020

Thanks buddy, since the issue router is running in a production network and the flowspec is in use, I have to schedule the maintenance carefully. I will update here if I got that chance.

Alex Zhang · ‎05-04-2020

Hi buddy, I disabled the flowspec and apply the PBR, and the error message became .

Also, I have also checked the following guide and still didn't figure out what does the "internal error" mean.

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-2/ip-addresses/configuration/guide/b-ip-addresses-configuration-guide-asr9000-62x/b-ip-addresses-configuration-guide-asr9000-62x_chapter_01111.html

FYI, here is the new error message.

Mon May  4 11:29:44.777 PDT
!! SEMANTIC ERRORS: This configuration was rejected by 
!! the system due to semantic errors. The individual 
!! errors with each failed configuration command can be 
!! found below.

interface Bundle-Ether2.2
service-policy type pbr input icmp-redirect
!!% 'platforms/common/gcplane/lc/feature/pbr' detected the 'warning' condition 'internal error'
!
end

ngkin2010 · ‎05-05-2020

Hmm..I haven't see that before. Properly you need to raise a TAC case to Cisco for further assistance.

Alex Zhang · ‎05-08-2020

Thanks buddy.

Georg Pauwen · ‎05-03-2020

Hello,

on a side note, I am looking at the limitations listed below, make sure you are not running into any of these...

https://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/asr9k-r6-6/routing/configuration/guide/b-routing-cg-asr9000-66x/b-routing-cg-asr9000-66x_chapter_011.html#concept_53ED776A78924283B25BDFFCF89F8251

Alex Zhang · ‎05-04-2020

Thanks Georg for the suggestion, the flowspec configuration looks all good based on the guide. But the PBR issue is still there.

Georg Pauwen · ‎05-08-2020

Hello,

the problem must be somewhere. Can you post the output of 'sh ver' of one of the working, as well as the non-working router ?

Alex Zhang · ‎05-09-2020

Hi Georg,

Thank you for giving me a helping hand, and here are the outputs of several routers.

# ASR9010 that doesn't work at all

RP/0/RSP1/CPU0:R1#sho ver
Fri May  8 23:11:39.686 PDT

Cisco IOS XR Software, Version 6.2.3[Default]
Copyright (c) 2017 by Cisco Systems, Inc.

ROM: System Bootstrap, Version 0.73(c) 1994-2012 by Cisco Systems,  Inc.

R1 uptime is 1 year, 24 weeks, 2 days, 10 hours, 11 minutes
System image file is "disk0:asr9k-os-mbi-6.2.3/0x100305/mbiasr9k-rsp3.vm"

cisco ASR9K Series (Intel 686 F6M14S4) processor with 12582912K bytes of memory.
Intel 686 F6M14S4 processor at 2135MHz, Revision 2.174
ASR 9010 8 Line Card Slot Chassis with V2 AC PEM

2 FastEthernet
4 Management Ethernet
168 TenGigE
168 DWDM controller(s)
168 WANPHY controller(s)
503k bytes of non-volatile configuration memory.
6271M bytes of hard disk.
12582896k bytes of disk0: (Sector size 512 bytes).
12582896k bytes of disk1: (Sector size 512 bytes).

Configuration register on node 0/RSP0/CPU0 is 0x2102
Boot device on node 0/RSP0/CPU0 is disk0:

# ASR9010 that was working, but stopped working after I removed all PBRs and trying to apply those PBRs back again. And still doesn't working.

RP/0/RSP1/CPU0:R2#sho ver
Fri May  8 23:11:39.616 PDT

Cisco IOS XR Software, Version 6.4.1[Default]
Copyright (c) 2018 by Cisco Systems, Inc.

ROM: System Bootstrap, Version 0.76(c) 1994-2012 by Cisco Systems,  Inc.

R2 uptime is 1 year, 48 weeks, 6 days, 11 hours, 42 minutes
System image file is "disk0:asr9k-os-mbi-6.4.1/0x100305/mbiasr9k-rsp3.vm"

cisco ASR9K Series (Intel 686 F6M14S4) processor with 12582912K bytes of memory.
Intel 686 F6M14S4 processor at 2128MHz, Revision 2.174
ASR 9010 8 Line Card Slot Chassis with V2 AC PEM

4 Management Ethernet
2 FastEthernet
108 TenGigE
112 DWDM controller(s)
108 WANPHY controller(s)
4 HundredGigE
503k bytes of non-volatile configuration memory.
6114M bytes of hard disk.
12510192k bytes of disk0: (Sector size 512 bytes).
12510192k bytes of disk1: (Sector size 512 bytes).

Configuration register on node 0/RSP0/CPU0 is 0x2102
Boot device on node 0/RSP0/CPU0 is disk0:

# ASR9010 that always working

RP/0/RSP0/CPU0:R3#sho ver
Fri May  8 23:11:39.684 PDT

Cisco IOS XR Software, Version 6.4.1[Default]
Copyright (c) 2018 by Cisco Systems, Inc.

ROM: System Bootstrap, Version 0.76(c) 1994-2012 by Cisco Systems,  Inc.

R3 uptime is 1 year, 1 week, 1 day, 9 hours, 45 minutes
System image file is "disk0:asr9k-os-mbi-6.4.1/0x100305/mbiasr9k-rsp3.vm"

cisco ASR9K Series (Intel 686 F6M14S4) processor with 12582912K bytes of memory.
Intel 686 F6M14S4 processor at 2127MHz, Revision 2.174
ASR 9010 8 Line Card Slot Chassis with V2 AC PEM

4 Management Ethernet
2 FastEthernet
108 TenGigE
108 DWDM controller(s)
108 WANPHY controller(s)
503k bytes of non-volatile configuration memory.
6114M bytes of hard disk.
12510192k bytes of disk0: (Sector size 512 bytes).
12510192k bytes of disk1: (Sector size 512 bytes).

Configuration register on node 0/RSP0/CPU0 is 0x2102
Boot device on node 0/RSP0/CPU0 is disk0:

# ASR9010 that always working

RP/0/RSP0/CPU0:R4#sho ver 
Fri May  8 23:12:46.841 PDT

Cisco IOS XR Software, Version 5.3.4[Default]
Copyright (c) 2016 by Cisco Systems, Inc.

ROM: System Bootstrap, Version 0.75(c) 1994-2012 by Cisco Systems,  Inc.

R4 uptime is 2 years, 44 weeks, 6 days, 6 hours, 50 minutes
System image file is "disk0:asr9k-os-mbi-5.3.4/0x100305/mbiasr9k-rsp3.vm"

cisco ASR9K Series (Intel 686 F6M14S4) processor with 12582912K bytes of memory.
Intel 686 F6M14S4 processor at 2128MHz, Revision 2.174
ASR 9010 8 Line Card Slot Chassis with V2 AC PEM

4 Management Ethernet
168 TenGigE
168 DWDM controller(s)
168 WANPHY controller(s)
503k bytes of non-volatile configuration memory.
6271M bytes of hard disk.
11817968k bytes of disk0: (Sector size 512 bytes).
11817968k bytes of disk1: (Sector size 512 bytes).

Configuration register on node 0/RSP0/CPU0 is 0x2102
Boot device on node 0/RSP0/CPU0 is disk0:

Georg Pauwen · ‎05-09-2020

Hello,

looking at the output, it appears that the router with the 5.x version is working as opposed to the router with the 6.x version.

Actualy, the recommended version is 7.0.2 MD...is it an option to upgrade one of the non-working routers to that version ?

Louey · ‎12-28-2022

Hi Alex

Did you find any solution for that ? I am facing the same issue.

Regards

MHM Cisco World · ‎12-28-2022

can you make new post about your issue ?