ASR router shows as a hop in traceroute, but shouldn't

vgrig · ‎07-24-2017

We installed and ASR1001-X to handle one of our dedicated lines and it's LAN interface somehow shows up as a hop to any hosts on that VLAN.
ASR1001-X is connected to cat 6500 switches and if i clear arp on 6500 ASR1001-X hop disappears from traceroute, but is back after a while.
How to get rid of it? Traceroutes and MAC/ARP outputs are below.
ASR has "ip arp proxy disable" globally. 6500 vlan interfaces have "no ip proxy-arp" configured.
ASR is running OTV passing some vlans to remote site - not sure it's relevant though. No NAT - everything is private IP routing.

Thank you
V

[ ~]$ traceroute 192.168.119.21
traceroute to 192.168.119.21 (192.168.119.21), 30 hops max, 60 byte packets
1 192.168.120.3 (192.168.120.3) 0.541 ms 0.486 ms 0.453 ms
2 asr-lan.example.com (192.168.119.10) 0.301 ms 0.289 ms 0.273 ms
3 iscsi-sw-10g-01.example.com (192.168.119.21) 0.289 ms 0.285 ms 0.278 ms
[ ~]$

If i clear arp on 6500s, traceroute is as it should be for a while:

[ ~]$ traceroute 192.168.119.21
traceroute to 192.168.119.21 (192.168.119.21), 30 hops max, 60 byte packets
1 192.168.120.3 (192.168.120.3) 0.541 ms 0.486 ms 0.453 ms
2 iscsi-sw-10g-01.example.com (192.168.119.21) 0.289 ms 0.285 ms 0.278 ms
[ ~]$

192.168.120.3 is vlan interface on 6500 (hsrp ip is 192.168.120.1)

6500#traceroute 192.168.119.22
Type escape sequence to abort.
Tracing the route to iscsi-sw-10g-02.example.com (192.168.119.22)
VRF info: (vrf in name/id, vrf out name/id)
1 asr-lan.example.com (192.168.119.10) 0 msec
    iscsi-sw-10g-02.example.com (192.168.119.22) 0 msec 4 msec

6500#sh ip route 192.168.119.22
Routing entry for 192.168.119.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Vlan119
      Route metric is 0, traffic share count is 1

6500#sh arp | inc 192.168.119.10
Internet 192.168.119.10        134   70db.985e.ae40 ARPA   Vlan119

6500#sh mac address-table | inc 70db.985e.ae40
   119 70db.985e.ae40   dynamic Yes         20   Po76
6500#

6509#show ip arp | inc 70db.985e.ae40
Internet 192.168.119.10        216   70db.985e.ae40 ARPA   Vlan119
6509#

Georg Pauwen · ‎07-24-2017

Hello,

I faintly remember there also being a 'ip local-proxy-arp' command. Can you try and configure 'no ip local proxy-arp' on the 6500 and check if that makes a difference ?

vgrig · ‎07-24-2017

Yes, there is 'ip local-proxy-arp' interface config command, but that seems to be defaulted to "no" - i entered "no ip local-proxy-arp", but it doesn't show up under interface config afterwards.

Georg Pauwen · ‎07-24-2017

Hello,

I think it is disabled by default anyway.

Either way, on the ASR there is the 'arp learning disable' command, you could configure that and see if that resolves the issue.

http://www.cisco.com/c/en/us/td/docs/routers/asr9000/software/addr_serv/command/reference/b-ipaddr-cr-asr9k/b-ipaddr-cr-asr9k_chapter_010.html#wp5943023100

vgrig · ‎07-24-2017

but that would disable it on ASR, isn't it? ASR talks to local subnet directly, not extra hops - it's 6500 that's having a problem doing that. and 6500 doesn't have arp leaning command.

asr# traceroute 192.168.119.21
Type escape sequence to abort.
Tracing the route to 192.168.119.21
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.119.21 0 msec 1 msec 0 msec
asr#

paul driver · ‎07-24-2017

Hello

Clearing arp will only cause the router to relearn and possibly broadcast for its ip/mac match, and why do you say it shouldn't show up in traceroute?

Is this interface in the path to the prefix your tracing -Are you advertising this interface in a routing protocol, if so does this interface need to advertise routing updates can it be passive?

It looks like it hitting the svi of vlan 119 and then its default-gateway of that same vlan, would this be correct?

192.168.120.3 (192.168.120.3) 0.541 ms 0.486 ms 0.453 ms
2 asr-lan.example.com (192.168.119.10) 0.301 ms 0.289 ms 0.273 ms
3 iscsi-sw-10g-01.example.com (192.168.119.21) 0.289 ms 0.285 ms 0.278 ms

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

vgrig · ‎07-24-2017

192.168.120.3also has a vlan 119 interface and it's a default gateway for all 192.168.119.x hosts - including asr router. look at : "sh ip route 192.168.119.x" output above - 6500 is drectly connected to that network. it shouldn't get any hops to hosts on that network.

192.168.119.1 is default gateway and it's 6500s hsrp address.