JonThe 10.118.5.x IPs point

davegibelli · ‎02-06-2015

Have I found a bug?

I have a L3 port-channel with one end in the global space and the other in a VRF. This works well on a 3750 but not a 6509, why?

I can ping the 10.119.12.5 address but not the 10.119.12.6 address even though they are supposedly directly connected. If this works on a 3750, why does it not work on a 6509?

Jon Marshall · ‎02-06-2015

What do you static routes look like ?

Jon

davegibelli · ‎02-06-2015

Jon

I have attached the complete route table (with a few public IP's removed). But as the port-channel is a connected route it will have better distance over statics. 6509_abv_routes.txt

It must be a bug surely?

Jon Marshall · ‎02-06-2015

I'm not following your route table.

Your VRF has a static default route pointing to the correct next hop ie. the global end of the port channel.

But the global routing table for all the 10.118.5.x IPs is pointing to 10.119.12.1 not 10.119.12.6 which is the VRF end of the port channel ?

Jon

davegibelli · ‎02-07-2015

Jon

The 10.118.5.x IPs point to the SVI on the 3750 otherwise the servers will be down because the etherchannel will not pass traffic. I want to set the next hop to 10.119.12.6 but I can't because the etherchannel is broken.

My question is why won't the etherchannel work, its a point to point link?

6509#ping 10.119.12.6

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.119.12.6, timeout is 2 seconds:

.....

Jon Marshall · ‎02-07-2015

Okay, that makes sense.

Edited - sorry you did say in your first post that you can ping the global end.

Don't know is the short answer because as far as I can see this should work.

Jon

davegibelli · ‎02-07-2015

Jon

I remove etherchannel and used L3 interfaces but still no ping. The 3750 works with etherchannel or L3 interfaces. But there is a difference.

The 3750 has a different MAC address per interface but the 6509 uses the same MAC per interface.

6509#sh arp | inc 10.119.12

Internet 10.119.12.1 100 88f0.77eb.cc47 ARPA Vlan400

Internet 10.119.12.2 - d0c7.89a8.b940 ARPA Vlan400

Internet 10.119.12.5 - d0c7.89a8.b940 ARPA GigabitEthernet1/2/ 40

Internet 10.119.12.6 0 Incomplete ARPA

Internet 10.119.12.9 - d0c7.89a8.b940 ARPA GigabitEthernet2/2/ 40

Internet 10.119.12.10 0 Incomplete ARPA

maybe this has something to do with the issue?

Jon Marshall · ‎02-07-2015

Try making one end of the link a L2 port and create a L3 SVI for it with the same IP as you had assigned to the etherchannel.

Use a new vlan for this.

Jon

davegibelli · ‎02-09-2015

Jon

Your suggestion will not work, here is the explanation and it is crazy!

I solved it, this might be useful for others. The 6509 behaves differently from a 3750 when assigning MAC addresses to interfaces. The 3750 uses the MAC address assigned to the interface, so each interface has a different MAC address.

The crazy part is the 6509 uses the MAC address of the supervisor for an SVI and a L3 (no switchport) interface but uses the BIA for a L2 interface. This stops routing when using VRF's because both ends have the same MAC address. The answer is it change the MAC address back using the interface command: mac-address H.H.H

Jon Marshall · ‎02-09-2015

Dave

Thanks for getting back and letting me know.

Jon

Jon Marshall · ‎02-07-2015

I just checked the IOS version you are running and for IOS 15 on the 6500 for VRF-Lite support you need a minimum of IP Services so perhaps that is why it is not working.

See this link for details -

http://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/ios-15-0sy/product_bulletin_c25-687567.html

Jon

L3 etherchannel not working on 6509 with VRF