Re: Nexus 5600 as a router not work

JGFR · ‎11-23-2021

Hello

I want to use a Nexus 5600 to do basic routing in several VLANs but it doesn't work in IPv4. On the contrary it works without any problem in IPv6 so I don't understand why.

I have activated the interface-vlan feature on the device and I have created two VLANs:

- The first for internal routing:

interface Vlan101
description Internal Routing
no shutdown
vrf member internal-routing
no ip redirects
ip address 10.10.10.139/29
ipv6 address fd00:0010:0010:010::139/64
ipv6 nd suppress-ra

- A second one to distribute to Linux clients :

interface Vlan102
description Test Internal Routing
no shutdown
vrf member internal-routing
no ip redirects
ip address 10.10.11.17/28
ipv6 address fd00:0010:0010:011::17/64
ipv6 nd suppress-ra

My VRF internal-routing contains the following routes:

vrf context internal-routing
ip route 0.0.0.0/0 10.10.10.137
ipv6 route 0::/0 fd00:0010:0010:010::137

If I ping a public IP from the VLAN 101 IP it works:

ping 1.1.1.1 source 10.10.10.139 vrf internal-routing
PING 1.1.1.1 (1.1.1.1) from 10.10.10.139: 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=61 time=4.459 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=61 time=3.976 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=61 time=3.768 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=61 time=4.039 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=61 time=3.941 ms

--- 1.1.1.1 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 3.768/4.036/4.459 ms

The same test from the IP of VLAN 102 also works:

ping 1.1.1.1 source 10.10.11.17 vrf internal-routing
PING 1.1.1.1 (1.1.1.1) from 10.10.11.17: 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=61 time=42.22 ms
64 bytes from 1.1.1.1: icmp_seq=1 ttl=61 time=3.797 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=61 time=3.96 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=61 time=3.867 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=61 time=3.941 ms

--- 1.1.1.1 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 3.797/11.556/42.22 ms

From a Linux VM in this VLAN 102 it works in IPv6 but not in IPv4 :

root@test-internal-routing:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
^C
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2044ms

root@test-internal-routing:~#

But the gateway responds to pinging:

root@test-internal-routing:~# ping 10.10.11.17
PING 10.10.11.17 (10.10.11.17) 56(84) bytes of data.
64 bytes from 10.10.11.17: icmp_seq=1 ttl=255 time=0.523 ms
64 bytes from 10.10.11.17: icmp_seq=2 ttl=255 time=0.804 ms
64 bytes from 10.10.11.17: icmp_seq=3 ttl=255 time=0.791 ms
^C
--- 10.10.11.17 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.523/0.706/0.804/0.129 ms
root@test-internal-routing:~#

Example with IPv6:

root@test-internal-routing:~# ping6 2606:4700:4700::1111
PING 2606:4700:4700::1111(2606:4700:4700::1111) 56 data bytes
64 bytes from 2606:4700:4700::1111: icmp_seq=1 ttl=61 time=53.1 ms
64 bytes from 2606:4700:4700::1111: icmp_seq=2 ttl=61 time=4.37 ms
64 bytes from 2606:4700:4700::1111: icmp_seq=3 ttl=61 time=4.35 ms
64 bytes from 2606:4700:4700::1111: icmp_seq=4 ttl=61 time=4.47 ms
^C
--- 2606:4700:4700::1111 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 4.352/16.572/53.096/21.087 ms
root@test-internal-routing:~#

Do you have any idea why this problem only appears in IPv4?

marce1000 · ‎11-23-2021

- What software version is it using , and show the output of show module ?

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

JGFR · ‎11-23-2021

Thanks for your reply.

sh ver
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Documents: http://www.cisco.com/en/US/products/ps9372/tsd_products_support_series_home.html
Copyright (c) 2002-2016, Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.

Software
BIOS: version 2.1.7
Power Sequencer Firmware:
Module 1: v4.0
Module 1: v4.0
Fabric Power Sequencer Firmware: Module 1: version v4.0
Microcontroller Firmware: version v0.0.0.15
QSFP Microcontroller Firmware:
Module 1: v2.0.0.0
SFP Microcontroller Firmware:
Module 1: v1.3.0.0
CXP Microcontroller Firmware:
Module not detected
kickstart: version 7.1(4)N1(1)
system: version 7.1(4)N1(1)
BIOS compile time: 06/16/2016
kickstart image file is: bootflash:///n6000-uk9-kickstart.7.1.4.N1.1.bin
kickstart compile time: 9/2/2016 10:00:00 [09/02/2016 22:17:17]
system image file is: bootflash:///n6000-uk9.7.1.4.N1.1.bin
system compile time: 9/2/2016 10:00:00 [09/02/2016 22:18:08]

Hardware
cisco Nexus 5672UP Chassis ("Nexus 5672UP Supervisor")
Intel(R) Xeon(R) CPU @ 1.80 with 8243332 kB of memory.
Processor Board ID FOC19040FNY

Device name: cor2
bootflash: 8028160 kB

Kernel uptime is 12 day(s), 2 hour(s), 41 minute(s), 36 second(s)

Last reset
Reason: Unknown
System version: 7.1(4)N1(1)
Service:

plugin
Core Plugin, Ethernet Plugin
show module
Mod Ports Module-Type Model Status
--- ----- ----------------------------------- ---------------------- -----------
1 48 Nexus 5672UP Supervisor N5K-C5672UP-SUP active *
2 24 Nexus 6xQSFP Ethernet Module N5K-C5672UP-M6Q ok

Mod Sw Hw World-Wide-Name(s) (WWN)
--- -------------- ------ ---------------------------------------------------
1 7.1(4)N1(1) 1.0 --
2 7.1(4)N1(1) 1.0 --

Mod MAC-Address(es) Serial-Num
--- -------------------------------------- ----------
1 8c60.4f59.8188 to 8c60.4f59.81b7 FOC19040FNY
2 8c60.4f59.81b8 to 8c60.4f59.81cf FOC19040FNY

balaji.bandi · ‎11-23-2021

Can show us on Linux VM ifconfig information also route information ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

JGFR · ‎11-23-2021

Here is the VM configuration:

root@test-internal-routing:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 72:11:da:fe:30:4b brd ff:ff:ff:ff:ff:ff
inet 10.10.11.18/28 brd 10.10.11.31 scope global eth0
valid_lft forever preferred_lft forever
inet6 fd00:0010:0010:011::18/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::7011:daff:fefe:304b/64 scope link
valid_lft forever preferred_lft forever

root@test-internal-routing:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.11.17 0.0.0.0 UG 0 0 0 eth0
10.10.11.16 0.0.0.0 255.255.255.240 U 0 0 0 eth0

Harold Ritter · ‎11-23-2021

Hi @JGFR ,

You should try "traceroute 1.1.1.1" from the Linux VM to see where the IP connectivity breaks.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Georg Pauwen · ‎11-23-2021

Hello,

what if you specify the interface rather than the next hop IP address in the static VRF route ? E.g.:

vrf context internal-routing
ip route 0.0.0.0/0 ethernet 1/3