Nexus 9372 K-value mismatch

waqas gondal · ‎01-20-2018

Hi,

All of the network devices I have use different K values from the default. I have a pair of Nexus 9372 which I upgraded from version 7.0.3.I2.2b to 7.0.3.I7.

After the switches reloaded they couldn't join the EIGRP relationship with the rest of the network. They were giving the error message K-value mismatch:

2018 Jan 20 11:49:50 FEI-DCCS-SRYOP-2 %EIGRP-5-NBRCHANGE_DUAL: eigrp-corp [29427] (default-base) IP-EIGRP(0) 100: Neighbor 10.218.16.10 (port-channel500) is down: K-value mismatch

2018 Jan 20 11:50:03 FEI-DCCS-SRYOP-2 last message repeated 2 times

2018 Jan 20 11:50:03 FEI-DCCS-SRYOP-2 %EIGRP-5-NBRCHANGE_DUAL: eigrp-corp [29427] (default-base) IP-EIGRP(0) 100: Neighbor 10.218.16.10 (port-channel500) is down: Interface Goodbye received

2018 Jan 20 11:50:08 FEI-DCCS-SRYOP-2 %EIGRP-5-NBRCHANGE_DUAL: eigrp-corp [29427] (default-base) IP-EIGRP(0) 100: Neighbor 10.218.16.10 (port-channel500) is down: K-value mismatch

FEI-DCCS-SRYOP-2# show clock

11:50:28.044 pst Sat Jan 20 2018

On the Nexus switches I used the following commands:

router eigrp corp

no metric weights 0 0 0 1 0 0 0

metric weights 0 0 0 1 0 0 0

This restored EIGRP even though there was no change in K-values.

Any idea what could have caused this?

Deepak Kumar · ‎01-20-2018

Hi,

Please check the K value for any mismatch "

show ip protocols

EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0

there should be Only K1 and K3 are enabled by default.

And Check Interface speed for the hard setting.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

waqas gondal · ‎01-20-2018

There was no mismatch in the config. I just removed the command and put the same command back in.

no metric weights 0 0 0 1 0 0 0

metric weights 0 0 0 1 0 0 0

The metrics on all of the other devices is 0 0 0 1 0 0 0. Interface speeds are all default. This was the existing config. We didn't have any issue with this before.

Andrea Testino · ‎01-21-2018

Waqas,

Thank you for bringing this to our attention - Definitely sounded like a defect once I read your symptoms so I went ahead and attempted your configuration and upgraded from 7.0(3)I2(2b) to 7.0(3)I7(2) and had the same issue - Although K-values were not truly mismatched in the running-configuration, the router is unable to establish any neighborships.

I did a quick packet capture on my Eth1/1 interface before and after and the issue is clear:

+++ Example packets on Eth1/1 in the working state:

bash-4.2$ sudo su -
root@9300-B#tcpdump -i Eth1-1 -vvv
tcpdump: listening on Eth1-1, link-type EN10MB (Ethernet), capture size 65535 bytes
00:27:00.822077 IP (tos 0xc0, ttl 1, id 38714, offset 0, flags [none], proto EIGRP (88), length 60)
    10.10.10.2 > 224.0.0.10: 
        EIGRP v2, opcode: Hello (5), chksum: 0xf26e, Flags: [none]
        seq: 0x00000000, ack: 0x00000000, AS: 100, length: 20
          General Parameters TLV (0x0001), length: 12
            holdtime: 15s, k1 0, k2 0, k3 1, k4 0, k5 0 <<< Correct K Values
            0x0000:  0000 000f 0004 0008
          Software Version TLV (0x0004), length: 8
            IOS version: 8.0, EIGRP version 2.0

++++ Packet Captures on "broken" device demonstrating incorrect K-Values being advertised:

root@9300-B#tcpdump -i Eth1-1 -vvv
tcpdump: listening on Eth1-1, link-type EN10MB (Ethernet), capture size 65535 bytes
09:36:12.180629 IP (tos 0xc0, ttl 1, id 34608, offset 0, flags [none], proto EIGRP (88), length 60)
 10.10.10.1 > 224.0.0.10: 
 EIGRP v2, opcode: Hello (5), chksum: 0xf26e, Flags: [none]
 seq: 0x00000000, ack: 0x00000000, AS: 100, length: 20
 General Parameters TLV (0x0001), length: 12
 holdtime: 15s, k1 0, k2 0, k3 1, k4 0, k5 0 << From our neighbor, correct K values
 0x0000: 0000 000f 0004 0008
 Software Version TLV (0x0004), length: 8
 IOS version: 8.0, EIGRP version 2.0
09:36:12.181802 IP (tos 0xc0, ttl 1, id 62516, offset 0, flags [none], proto EIGRP (88), length 60)
 10.10.10.2 > 224.0.0.10: 
 EIGRP v2, opcode: Hello (5), chksum: 0xf36e, Flags: [none]
 seq: 0x00000000, ack: 0x00000000, AS: 100, length: 20
 General Parameters TLV (0x0001), length: 12
 holdtime: 15s, k1 255, k2 255, k3 255, k4 255, k5 255 <<< Affected, local N9K, sending Good Bye
 0x0000: ffff 000f 0004 0008
 Software Version TLV (0x0004), length: 8
 IOS version: 8.0, EIGRP version 2.0
09:41:13.677440 IP (tos 0xc0, ttl 1, id 62787, offset 0, flags [none], proto EIGRP (88), length 60)
 10.10.10.2 > 224.0.0.10: 
 EIGRP v2, opcode: Hello (5), chksum: 0xf16e, Flags: [none]
 seq: 0x00000000, ack: 0x00000000, AS: 100, length: 20
 General Parameters TLV (0x0001), length: 12
 holdtime: 15s, k1 1, k2 0, k3 1, k4 0, k5 0 <<< Incorrect K-Values being set here by local/affected N9K, K1 should be 0
 0x0000: 0000 000f 0004 0008
 Software Version TLV (0x0004), length: 8
 IOS version: 8.0, EIGRP version 2.0

My workaround was as yours - Remove and re-add the same line of config, then all my neighbors came UP:

9300-B# conf t
Enter configuration commands, one per line. End with CNTL/Z.
9300-B(config)# router eigrp METRICS_BUG
9300-B(config-router)#   address-family ipv4 unicast
9300-B(config-router-af)# no metric weights 0 0 0 1 0 0 0
9300-B(config-router-af)# metric weights 0 0 0 1 0 0 0
9300-B(config-router-af)# end

I have filed a defect for this so I will reach out to you offline moving forward - As a side note, this can only be hit when coming off 7.0(3)I2(x) to 7.0(3)I7(x). I tested multiple times on I4(x) to I7(x) and other combinations and did not run into the same problem.

Hope this helps!

- Andrea

- Andrea, CCIE #56739 R&S

Florin Barhala · ‎02-10-2018

Hello,

Can you quickly point me about these two questions:

1. Why don't I have show ip protocols command?

Here's what I got on 9372 TX

show ver | i NX
Cisco Nexus Operating System (NX-OS) Software
NXOS: version 7.0(3)I4(7)
NXOS image file is: bootflash:///48002.211.788.nxos.7.0.3.I4.7.bin
NXOS compile time: 6/28/2017 14:00:00 [06/28/2017 21:53:29]
BUCH-CR02# show ip pro?
process Display IP global information

show ip pro

2. How can I go on the bash to use tcpdump on my model?

Thanks in advance,

Florin.

Andrea Testino · ‎02-11-2018

Hi Florin,

"show ip protocols" is an IOS command, thus it will not work in an NX-OS platform such as a Nexus 9300. An equivalent way of verifying EIGRP K values, etc aside from checking the configuration itself would be:

N9300# show ip eigrp TEST 
IP-EIGRP AS 100 ID 1.1.1.1 VRF default
  Process-tag: TEST
  Instance Number: 1
  Status: running
  Authentication mode: none
  Authentication key-chain: none
  Metric weights: K1=1 K2=0 K3=1 K4=0 K5=0
  IP proto: 88 Multicast group: 224.0.0.10
  Int distance: 90 Ext distance: 170
  Max paths: 8
  Number of EIGRP interfaces: 1 (0 loopbacks)
  Number of EIGRP passive interfaces: 0
  Number of EIGRP peers: 0
  Graceful-Restart: Enabled
  Stub-Routing: Disabled
  NSF converge time limit/expiries: 120/0
  NSF route-hold time limit/expiries: 240/0
  NSF signal time limit/expiries: 20/0
  Redistributed max-prefix: Disabled
  Suppress-FIB-Pending Configured

In order to utilize the bash feature, you need to enable it:

N9300# conf t
Enter configuration commands, one per line. End with CNTL/Z.
N9300(config)# feature bash
N9300(config)# end
N9300# run bash
bash-4.2$ sudo su -
root@N9300#
root@N9300# !!! Now I am in the bash shell as Root user - Use with caution!!

Hope that helps!

Thank you,

- Andrea

- Andrea, CCIE #56739 R&S