puzzled with irb

gnijs · ‎07-18-2011

Hello, i am going nuts with this problem i have with a customer.

I am using IRB to bridge two router-interfaces together in a BVI, in the following topology:

R1 ------- R2 ------- SW1 ---- SW2 ------ R3 ------- R4

Router R2 and R3 are running irb bridging between their two interfaces. the link towards the switches are trunks. the config or R2 and R3 is like

bridge irb

bridge 10 protocol ieee

bridge 10 route ip

int bvi 10

ip address x.x.x.x

standby 10 ip YYYYY

int fa0/0 <-- towards R1/R4

bridge-group 10 <--- VLAN 10 is the bridged VLAN

int gi0/0.10 <--- this one is the bridged VLAN, towards SW1/SW2

encapsulation dot1q 10

bridge-group 10

int gi0/0.2000 <--- there is another vlan on the trunks also (but this is not important)

encapsulation dot1q 2000

ip address <unimportant>

the link between SW1-SW2 is a trunk containing VLAN2000 and VLAN 10

Routers R1 and R4 are running a HSRP group ZZZZZ that is active on R1

Routers R2 and R3 are running a different HSRP group YYYY that is active on R2

From R2, i can ping everything in VLAN 10: R1, R3 & R4 & HSRP active ZZZZ on R1

However, from R3, i can ping R4, and R2, but not R1 (not the physical and not the HSRP group)

I checked the MAC addresses on R2, SW1, SW2 and R3 and they are all right. Strange stuff is that ARP resolving works.

I clear arp, ping remote IP and the MAC is added to the ARP table. Only ping and other traffic is not working. R4 can resolve the mac of R1.

Same for the HSRP group between R1 and R4 (!). This is working, each router sees each other in the group in the proper state Active/Standby. However, R1 can't ping R4 and vica versa. R2 can ping R4 & R3 (R2 can reach anything). However R3 can ping R2, but not further not R1.

R2 is Cisco2921 running 15.1(1)T1, R3 is C2821 running 12.4(24)T2

Any idea on how to debug this ? I want to verify if R3 is really sending traffic to R2/R1 and where the packet gets lots on its way

Seems to be a bug in R2 when passing through this router

regards,

GN

gnijs · ‎07-18-2011

I have managed to reproduce the problem, however some more explanation is needed.

Router R2 and R3 have another routed interface to core switches C1 and C2 each (each have one connection). R2 and R3 run EIGRP across this connection. They also run EIGRP between each other: R2-R3 as a backup connection. Of course the core switches are also interconnected with a L3 routed link.

Under normal conditions, traffic comes from the core, enters via R2 and goes out via R1.

The problem occurs each time i interrupt the link R2-Core. The routing table on R2 then swaps, R2 learns everything across its BVI interface (BVI10) from R3. At that moment, R3 looses ping connectivity with R1 and the HSRP group of R1/R4 which is active on R1. (this is a bad thing, because R3 also contains backup routes and it sends them to the HSRP group of R1/R4 which is still active on R1, and has not changed).

And it gets even stranger: when i re-issue the command "bridge 10 protocol ieee" on R2 again (it is already in the config), the connectivity problem of R3 goes away and it can again ping to R1 and the HSRP of R1/R4 again.

This is strange because in the spanning tree group BVI10, nothing changes (when i disconnect R2-Core): all L2 links in VLAN10 stay up , there are no Topology Changes. Strange. So no MACs changing from ports. That all stays the same in BVI 10.

It is just that R2 suddenly refuses to route to R1 , where it previously did that without problems, until i issue "bridge 10 protocol ieee" again.

Any ideas ? I am currently looking at upgrading R2 to the latest 15.x software....

regards,

GN

gnijs · ‎07-18-2011

mmmm..might be

CSCth49421

no ?

gnijs · ‎07-22-2011

Upgraded R2 from

15.1(1)T1 to

15.1(1)T3 and the problem was solved. It seemed to be bug