cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2976
Views
5
Helpful
5
Replies

High inter vlan Packet drops on cisco 3850

 

Inventory:

*************

Cisco 3850 core Switch

3 Cisco 3650 Access switches

MPLS Router 2900 series

Checkpoint Firewall

2 Aps 2600 series.

 

We have 3 Vlans in the network. These are Vlan 1, Vlan 133 and Vlan 164.

Please refer to the attached  network diagram(lan.jpg),  ignore the Ip addresses in the diagram  as they are wrong and from a previous configuration. Correct IP addresses mentioned below:

 

Core L3 interfaces:

 

10.132.136.1--Vlan 1

10.132.133.1--Vlan 133

10.132.164.2--Vlan 164

 

MPLS Router: 10.132.164.1

Firewall ( not in the n/w diagram) connected on Sw2 : 10.132.164.10

This firewall is connected for 25 users of a client on sw2 on port1-25 to isolate them from the network.

Sw1: 10.132.136.17, 10.132.133.2

Sw2: 10.132.136.18

Sw3: 10.132.136.29

 

 

During the issue, no drop is seen on clients on same Vlans in the network on any switch ( except for VLan 164 whose DG is behind the checkpoint firewall connected to Sw2)

 

All outbound traffic for Vlans 1 and 132 is going through MPLS router as can be seen the config of the 4 switches. The outbound traffic for Vlan 164 goes to the checkpoint firewall as the firewall is directly connected to sw2 and should override the default route on the switch. Sw2 has access ports for all 25 clients needed in the network on Vlan 164.

 

As of now, we are ignoring connectivity of Vlan 164 with other 2 Vlans and back as the DG is the firewall and we simply  don’t care about it. We are just concentrating on connectivity between Vlan 1 and 133.

 

With no load on the MPLS network, no issues are reported with intra and inter Vlan connectivity.

During testing on a weekend with only 2 users

With load on the MPLS network we see inter Vlan ping drops, intra Vlan connectivity works fine.

 

 

 

No drops between  layer 3 interfaces on the core switch.

No drops from L3 interface on core to the client connected directly to other Vlan port on the core switch and vice versa.

 

 

Drops seen between clients connected directly to core switch on different Vlans. Intra Vlan connectivity bw these clients is fine.

 

 

 

Drops seen bw clients connected to different Vlans on same L2 switch or different L2 switches.

It does not seem to be an issue with ports, SFPs or cables as we have tried changing them ( some of them just for the heck of it) as the issue starts with connectivity between hosts connected  directly to core switch in different vlans.

 

Attached ping tests are for clients directly connected to core switchports in VLan 133 and Vlan 1. Both intra Vlan and interVlan tests are attached during load.

Attached Show tech  and cdp nei detail for Core sw, Sw1,sw2,sw3.

 

Please let me know  if :

 

  1. I am missing something?

 

  1. Is it correct to have two L3 interfaces on Sw1?

 

 

  1. Could this be related to the hardware or software version as I am not very familiar with these new 3850’s and the CATOS/XE.

 

  1. Why is the issue only seen when we put load on the MPLS network.

 

Please let me know if more information is required. Any advice will be greatly appreciated.

 

Thanks

 

 

 

 

 

1 Accepted Solution

Accepted Solutions

... and I just found:

CSCuf90316 - In lanbase intervlan-routing uses 100% software path

From your config:

License Level: Lanbase
License Type: Permanent
Next reload license Level: Lanbase

 

From my config:

License Level: Lanbase
License Type: Permanent
Next reload license Level: Lanbase

 

View solution in original post

5 Replies 5

sbertsch
Beginner
Beginner

I'm troubleshooting an issue right now that's very similar (3850 stack running 3.2.2), and am about to open a TAC case.

2x 3850s in a stack.

Switch has two SVIs, call them VLAN A and B.

Hosts in VLAN A have no PL to hosts in VLAN A, and no PL to both SVIs on the 3850.

Hosts in VLAN B have no PL to hosts in VLAN B, and no PL to both SVIs on the 3850.

I'm seeing consistent PL between hosts in VLAN A and VLAN B.

I'm seeing that PL between hosts on the same stack member as well.

 

... and I just found:

CSCuf90316 - In lanbase intervlan-routing uses 100% software path

From your config:

License Level: Lanbase
License Type: Permanent
Next reload license Level: Lanbase

 

From my config:

License Level: Lanbase
License Type: Permanent
Next reload license Level: Lanbase

 

Upgrading to 3.3.2 fixed the issue.

 

Same resolution for us.

We upgraded too to the same version

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers