Re: grpc showing tcp port close from connected interface

mauricioromanini · ‎06-23-2025

Well I am having a problem when triyng to connect to grpc from a directly connected network. The port is showing as close from the pc but i can connect to the grpc service from xr 2 device without a problem.

I have tried with another interface with different ip configurations but with the same results.

I have replicated a success telenet connection from another router a hop away, directly connected like the topology shown.

Any suggestions?

Thank you very much

show version
Mon Jun 23 10:08:14.952 ART
Cisco IOS XR Software, Version 7.9.21
Copyright (c) 2013-2023 by Cisco Systems, Inc.

Build Information:
Built By : deenayak
Built On : Tue Nov 7 23:51:57 PST 2023
Built Host : iox-ucs-062
Workspace : /auto/srcarchive16/prod/7.9.21/asr9k-x64/ws
Version : 7.9.21
Location : /opt/cisco/XR/packages/
Label : 7.9.21

cisco ASR9K () processor
System uptime is 1 week 4 days 2 hours 29 minutes

show grpc status
Mon Jun 23 10:17:12.022 ART
*************************show gRPC status**********************
---------------------------------------------------------------
transport : grpc
access-family : tcp
TLS : disabled
trustpoint : NotSet
listening-port : 57400
local-connection : disabled
max-request-per-user : 10
max-request-total : 128
max-streams : 32
max-streams-per-user : 32
server name : DEFAULT
vrf-socket-ns-path : global-vrf
min-client-keepalive-interval : 300
_______________________________________________________________
*************************End of showing status*****************

show runn grpc
Mon Jun 23 10:30:56.601 ART
grpc
port 57400
no-tls
!

sho route 10.1.1.250
Mon Jun 23 10:31:29.375 ART

Routing entry for 10.1.1.0/24
Known via "connected", distance 0, metric 0 (connected)
Installed Jun 12 07:40:02.996 for 1w4d
Routing Descriptor Blocks
directly connected, via GigabitEthernet100/0/0/40.120
Route metric is 0
Redist Advertisers:
5 (protoid=5, clientid=13)

show running-config control-plane
Mon Jun 23 10:32:03.244 ART
control-plane
management-plane
inband
interface Bundle-Ether1
allow SNMP peer
address ipv4 10.1.1.0/24
!
!
interface GigabitEthernet100/0/0/40.120
allow SSH
allow SNMP
!
!

show runn inter gigabitEthernet 100/0/0/40.120
Mon Jun 23 10:36:23.503 ART
interface GigabitEthernet100/0/0/40.120
description xxx
mtu 9216
ipv4 address 10.1.1.1 255.255.255.0
encapsulation dot1q 120

M02@rt37 · ‎06-23-2025

Hello @mauricioromanini

Try to add allow all here:

interface GigabitEthernet100/0/0/40.120
allow SSH
allow SNMP
allow all

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

mauricioromanini · ‎06-23-2025

Forgot to mention that one.

I have tried with the allow all but no luck.

interface GigabitEthernet100/0/0/40.120
allow all
allow SSH
allow SNMP
!

Same results port still showing as close from the collector.

M02@rt37 · ‎06-23-2025

Ok @mauricioromanini

You disable FW on PC ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

mauricioromanini · ‎06-23-2025

Yes fw is not an issue here, the pc is a collector running and working with 20 other routers this is the only one with this issue and it happens to be the gateway for the collector. The router is reacheable through a directly connected interface from collector.

Harold Ritter · ‎06-23-2025

Hi @mauricioromanini ,

Have you tried the solution proposed in the following post?

https://community.cisco.com/t5/xr-os-and-platforms/ios-xrv-9000-grpc-unreachable-from-non-local-network/m-p/5301637#M15620

Here's the configuration you should apply to fix the issue:

tpa
vrf default
address-family ipv4
default-route mgmt

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

mauricioromanini · ‎06-23-2025

Sorry about las post.

That didnt solve the issue either

mauricioromanini · ‎06-23-2025

show runn tpa
Mon Jun 23 12:03:50.516 ART
tpa
vrf default
address-family ipv4
default-route mgmt
!
!
!

telemetry:~# telnet 10.1.200.1 57400
Trying 10.1.200.1...
^C

mauricioromanini · ‎06-23-2025

RP/0/RSP0/CPU0:ROU-01#telnet 10.1.200.1 57400
Trying 10.1.200.1...
Connected to 10.1.200.1.
Escape sequence is '^^q'.
@quit^M^M^M^M^M^C^M^M^M^M^MRP/0/RSP0/CPU0:ROU-01#

Harold Ritter · ‎06-23-2025

Hi @mauricioromanini ,

Can you enter bash, do a "ip route" and provide the output?

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

mauricioromanini · ‎06-23-2025

I thought that i made it pretty clear that conectivity between the collector and the router is ok. I can ping a ssh to the router from the collector without problem

mauricioromanini · ‎06-23-2025

telemetry:~# ip route
default via 10.1.1.1 dev eth0 onlink
10.1.1.0/24 dev eth0 proto kernel scope link src 10.1.1.250
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-cfccb717fdd4 proto kernel scope link src 172.18.0.1

Harold Ritter · ‎06-23-2025

Hi @mauricioromanini ,

Sorry for not being clear. Can you go to bash on 10.1.1.1 and do a "ip route" from there.

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

mauricioromanini · ‎06-23-2025

[ROU-00:~]$ ip route
default dev fwd_ew scope link src 10.1.200.1
172.31.255.254 dev fwd_ew scope link src 10.1.200.1

Harold Ritter · ‎06-23-2025

Hi @mauricioromanini ,

The LXC routing table should list subnet 10.1.1.0/24, as it is directly connected. This is why the communication is failing.

I am not sure, but the reason the subnet is not seen might be due to the dot1q configuration. Can you try without the dot1q and see if it solves the issue?

Regards,
Harold Ritter, CCIE #4168 (EI, SP)