02-20-2016 04:39 AM - edited 03-05-2019 03:23 AM
Have created two point to point L2VPN tunnels between ASR 9k & ASR 1K-X
One tunnel is working fine.
Other tunnel is not working.
It shows up on both the router.
Same configuration is done for both the tunnels.
Please help...
02-22-2016 02:53 AM
Hi
Could you please share the configuration ?
Also what is the output of show cry
Regards,
Aditya
02-22-2016 03:37 AM
Hi Aditya,
Thanks for reply....below is the configuration on both the routers
ASR 9k Configuration
interface GigabitEthernet0/0/0/15
description ## Tunnel ##
speed 100
negotiation auto
l2transport
l2vpn
xconnect group test
p2p test
interface GigabitEthernet0/0/0/15
neighbor 172.20.20.6 pw-id 112
Show l2vpn xconnect output
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ----------------------------- -----------------------------
----------------------------------------------------------------------------------------
test
test
UP Gi0/0/0/15 UP 172.20.20.6 112 UP
----------------------------------------------------------------------------------------
ASR 1K-X Configuration
pseudowire-class test
encapsulation mpls
no control-word
interface GigabitEthernet0/0/5
description ### Tunel ###
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
load-interval 30
negotiation auto
xconnect 172.20.20.3 112 encapsulation mpls pw-class test
show xconnect all output
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP pri ac Gi0/0/5:13(Ethernet) UP mpls 172.20.20.3:112 UP
show cry isa sa output
IPv4 Crypto ISAKMP SA
dst src state conn-id status
IPv6 Crypto ISAKMP SA
02-24-2016 09:59 PM
Hii Aditya,
Any updates....
02-25-2016 01:28 AM
Hello Gaurish,
in your first post you were speaking of two pseudowires, but then later you have provided only the configuration and status of a single pseudowire.
Have you configured the second pseudowire using different access ports on both sides ASR9k and ASR1000 and using a different circuit-id ? You need a different circuit for each pseudowire between the same pair of devices.
The access circuits must be different for the two pseudowires as the circuit-id.
The correct show are
show mpls l2transport on the ASR 1000
and
show bridge on the ASR9000
The indication of show crypto is misleading there is no IPsec involved in this LDP based xconnect.
Hope to help
Giuseppe
02-25-2016 02:06 AM
yes...i have created two circuit id..
111 & 112....
111 is working fine..i have not show that configuration....
Regards
Gaurish
02-25-2016 02:16 AM
Hello Gaurish,
post
show mpls l2transport vc 111 detail
show mpls l2transport vc 112 detail
taken from ASR1000
these show commands show show the reason why VC 112 is not working.
Hope to help
Giuseppe
02-25-2016 03:17 AM
THX...
OUT of 111
Router1#show mpls l2transport vc 111 detail
Local interface: Gi0/0/2 up, line protocol up, Ethernet up
Destination address: 10.255.253.2, VC ID: 111, VC status: up
Output interface: Gi0/0/0, imposed label stack {16001}
Preferred path: not configured
Default path: active
Next hop: 10.155.103.97
Create time: 4d23h, last status change time: 3d03h
Last label FSM state change time: 3d03h
Signaling protocol: LDP, peer 10.255.253.2:0 up
Targeted Hello: 10.255.253.6(LDP Id) -> 10.255.253.2, LDP is UP
Graceful restart: not configured and not enabled
Non stop routing: not configured and not enabled
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 16, remote 16001
Group ID: local 0, remote 67110720
MTU: local 1500, remote 1500
Remote interface description: GigabitEthernet0_0_0_14
Sequencing: receive disabled, send disabled
Control Word: Off
SSO Descriptor: 10.255.253.2/111, local label: 16
Dataplane:
SSM segment/switch IDs: 12312/4098 (used), PWID: 1
VC statistics:
transit packet totals: receive 97662005, send 65402697
transit byte totals: receive 55692679583, send 53820153238
transit packet drops: receive 0, seq error 0, send 0
Output of 112
Router1#show mpls l2transport vc 112 detail
Local interface: Gi0/0/5 up, line protocol up, Ethernet up
Destination address: 10.255.253.2, VC ID: 112, VC status: up
Output interface: Gi0/0/0, imposed label stack {22111}
Preferred path: not configured
Default path: active
Next hop: 10.155.103.97
Create time: 1d06h, last status change time: 00:03:05
Last label FSM state change time: 1d04h
Signaling protocol: LDP, peer 10.255.253.2:0 up
Targeted Hello: 10.255.253.6(LDP Id) -> 10.255.253.2, LDP is UP
Graceful restart: not configured and not enabled
Non stop routing: not configured and not enabled
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 2698, remote 22111
Group ID: local 0, remote 1140851456
MTU: local 1500, remote 1500
Remote interface description: GigabitEthernet1_0_0_9
Sequencing: receive disabled, send disabled
Control Word: Off
SSO Descriptor: 10.255.253.2/112, local label: 2698
Dataplane:
SSM segment/switch IDs: 4153/12340 (used), PWID: 3
VC statistics:
transit packet totals: receive 1257, send 18176
transit byte totals: receive 87477, send 1659115
transit packet drops: receive 0, seq error 0, send 0
02-25-2016 03:23 AM
I have connected a system at both the ends..but m not able to ping each other...
on both system, i get transmit packets but no receive packets...
02-25-2016 05:33 AM
Hello Gaurish,
this happens only for the VC112, VC111 is working?
It is strange, because from the point of view of the ASR1000 both pseudowires are up/up as the show commands show.
I see for VC112:
>> Remote interface description: GigabitEthernet1_0_0_9
you have two ASR9000 in cluster on the other side?
Try to check in the ASR9000 side with show l2vpn bridge.
Are the two end systems able to see each other in ARP tables?
(I do not think so, just to check)
Hope to help
Giuseppe
02-25-2016 08:49 PM
Hi Giuseppe,
Yes i agree with you..its an unusual issue..since VC111 is working without any issue..
ASR 9k are in cluster mode.
How to check ARP tables at system level?
Regards
Gaurish
02-26-2016 02:19 AM
Hello Gaurish,
>> How to check ARP tables at system level?
I was meaning to check the ARP tables of the PCs you have used to check the pseudowire not the routers.
For a windows based PC from shell use
arp -g
to see the ARP entries.
But I would expect the two PCs to be not able to see each other MAC address in ARP table.
A proposal: what if you change the access-circuit of VC112 to be a port on rack0 of the cluster like gi0/0/0/N on the ASR9000 side just to see if anything changes.
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide