Hi Community team, I need your help with the next case, maybe someone had the same issue I have a ASA5550 with 3 interface: - DMZ, INSIDE, OUTSIDE We have UDP traffic syslog from some host in the INSIDE LAN to the one server in the DMZ LAN. * When the DMZ link fail the traffic is reroute to the OUTSIDE interface (defaul route) * The UDP connection between INSIDE and DMZ is cleared when the link to DMZ is down * In the ASA we see a new conection trough the INSIDE and OUTSIDE (the server is not reacheble at this moment) * When the DMZ link is restored, the UDP connection remains trough INSIDE and OUTSIDE interface. * The traffic is not reroute to the DMZ link, this affect only UDP connection that send continuos traffic. * The TCP connections work fine, and new connection work fine. Only the UDP conection that always are sending continuos traffic are affected * We apply a "clear conn" to restore the UDP conections We found several information in blogs about this issue. * Some blogs comment about the command "timeout floating-conn 0:01:00" to set the timeout timer to 1 minute ** We apply this command in the asa, we see the same issue * Some blogs comment about use a EEM script to track events and execute an action ** We configure an EEEM to track some logs and execute a "clear conn" ** The EEM script work fine, the script apply a "clear conn" a the conectiones restore ** The only question is about the performance impact in the CPU and Memory We see this issue in ASA5550 and ASA5520 I want to know if there is other solution for this issue. I´m really appreciate your help. Regards.
... View more
Thanks for your support, I changed VFI to Xconnect and now the MTU is taken for the physical interface to 9216.
l2vpn xconnect context CLIENT member GigabitEthernet0/1/1 service-instance 1234 member 184.108.40.206 1234 encapsulation mpls
I see the diference in the new format to configure L2VPN in ASR900 where we don't configure a SVI whit xconnect. In this case the MTU is taken for the SVI.
Is it possible configure a pseudowire in "Vlan-Mode" in ASR900?
PW VC Type 5 port mode
PW VC type 4 VLAN mode
... View more
I need your help to the next case, I try to establish a Pseudowire between an ASR902 and ASR9000.
In the ASR we configure the MTU in bridge-domian to 9216, but in ASR902 the maximum MTU in the VFI is 9180. The Pseudowire is DOWN for the MTU mistmatch
I know that we can change the MTU in ASR9000 to 9180 to the Pseudowire work, but my question is in reference about the maximum MTU supported in ASR902, this because in the ASR9000 we have a lot pseudowires into the this bridge-domain to others ASR9k and ME3600x, ME3800x.
Configuration in ASR9002, the MTU is set to 9180
ASR902_PE_SITE_B#show mpls l2transport vc 2829 detail | inc erro|MTU Last error: Pseudowire MTU mismatch with peer MTU: local 9180, remote 9216 transit packet drops: receive 0, seq error 0, send 0 ASR902_PE_SITE_B#
ASR902_PE_SITE_B(config)#l2vpn vfi context TEST_L2VPN ASR902_PE_SITE_B(config-vfi)#mt ASR902_PE_SITE_B(config-vfi)#mtu ? <1500-9180> Maximum Transmission Unit value <cr>
Configuration in ASR9000, the MTU is set to 9216
bridge group TEST_L2VPN bridge-domain CULIA_MAZA mtu 9216 interface GigabitEthernet0/1/0/0.2829 ! vfi CULIA_MAZA vpn-id 28290 ! neighbor 192.168.74.X pw-id 2829
RP/0/RSP0/CPU0:PE-ME-SITE_A#show l2vpn bridge-domain neighbor 192.168.74.83 pw-id 2829 detail | inc "MTU|Err|type" Fri Aug 5 17:04:32.385 CDT Bridge MTU: 9216 PW type Ethernet, control word disabled, interworking none MTU 9216 9180 PW type Ethernet Ethernet VCCV CV type 0x2 0x2 VCCV CC type 0x6 0x2 Error: MTU mismatched RP/0/RSP0/CPU0:PE-ME-SITE_A#
I really apreciate your help.
... View more