Hello,
I have a IOS-XRv 9000 with SSH and gRPC enabled, running on the latest version of CML2. gRPC works fine from a directly attached network, but I cannot get gRPC to work from a remote (non-local) network. Since other protocols like SSH work as intended, this is a gRPC issue on the IOS-XRv 9000. In the below output, you can observe that telnet to the gRPC-port tcp/57400 works fine from the directly connected router, but I get a timeout ONLY with gRPC when connecting from the same router on a different interface.
Am I missing some configuration or is this a bug in gRPC in combination with CML2?
With kind regards,
-Paul.
Network setup
Expected behavior
From the iosv-1 router, I can connect to the xr9kv-0 router on both the SSH and gRPC port. Since routing is in place, this should work from both the Gi0/0 and Gi0/1
Observed behaviour: directly attached network
From the ios router, I can connect to both tcp/22 (ssh) and tcp/57400 (gRPC):
iosv-1#telnet 192.168.0.1 22
Trying 192.168.0.1, 22 ... Open
SSH-2.0-Cisco-2.0
q
Protocol mismatch
[Connection to 192.168.0.1 closed by foreign host]
iosv-1#telnet 192.168.0.1 57400
Trying 192.168.0.1, 57400 ... Open
^C^C
[Connection to 192.168.0.1 closed by foreign host]
iosv-1#
Observed behavior: routed network with gRPC enabled
However, when I connect from a different interface on the ios-router, I can connect to SSH but gRPC terminates on timeout:
iosv-1#telnet 192.168.0.1 57400 /source-interface gigabitEthernet 0/1
Trying 192.168.0.1, 57400 ...
% Connection timed out; remote host not responding
iosv-1#telnet 192.168.0.1 22 /source-interface gigabitEthernet 0/1
Trying 192.168.0.1, 22 ... Open
SSH-2.0-Cisco-2.0
Observed behavior: routed network with gRPC DISabled
When I disable gRPC by removing the `grpc` line from the configuration, the session is terminated with a RST (as expected, since no service is attached to this port):
# xr9kv-0
RP/0/RP0/CPU0:xr9kv-0(config)#no grpc
RP/0/RP0/CPU0:xr9kv-0(config)#commit
iosv-1#telnet 192.168.0.1 57400 /source-interface gigabitEthernet 0/1
Trying 192.168.0.1, 57400 ...
% Connection refused by remote host
iosv-1#telnet 192.168.0.1 57400
Trying 192.168.0.1, 57400 ...
% Connection refused by remote host
Configs
CML2
product_version": "2.6.1+build.11
Router iosv-1
iosv-1#sh ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 192.168.0.10 YES manual up up
GigabitEthernet0/1 10.0.0.1 YES manual up up
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet0/3 unassigned YES unset administratively down down
Router xr9kv-1
This is a new deployed router with only an ip address on MgmtEth0/RP0/CPU0/0
I have enabled ssh and grpc on this router.
vrouter:
Build Information:
Built By : ingunawa
Built On : Mon Jul 25 02:41:45 PDT 2022
Built Host : iox-ucs-067
Workspace : /auto/srcarchive12/prod/7.7.1/xrv9k/ws
Version : 7.7.1
Location : /opt/cisco/XR/packages/
Label : 7.7.1-0
cisco IOS-XRv 9000 () processor
System information
Model
VMware, Inc. VMware7,1
hostname xr9kv-0
!
grpc
!
interface MgmtEth0/RP0/CPU0/0
ipv4 address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/0/0/0
shutdown
!
router static
address-family ipv4 unicast
0.0.0.0/0 192.168.0.10
!
!
ssh server v2
end
Accepted Solutions
