Solved: IOS-XRv 9000 gRPC unreachable from non-local network

TomVr · ‎12-18-2023

Hello,

I have a IOS-XRv 9000 with SSH and gRPC enabled, running on the latest version of CML2. gRPC works fine from a directly attached network, but I cannot get gRPC to work from a remote (non-local) network. Since other protocols like SSH work as intended, this is a gRPC issue on the IOS-XRv 9000. In the below output, you can observe that telnet to the gRPC-port tcp/57400 works fine from the directly connected router, but I get a timeout ONLY with gRPC when connecting from the same router on a different interface.

Am I missing some configuration or is this a bug in gRPC in combination with CML2?

With kind regards,
-Paul.

Network setup

Expected behavior

From the iosv-1 router, I can connect to the xr9kv-0 router on both the SSH and gRPC port. Since routing is in place, this should work from both the Gi0/0 and Gi0/1

Observed behaviour: directly attached network

From the ios router, I can connect to both tcp/22 (ssh) and tcp/57400 (gRPC):

iosv-1#telnet 192.168.0.1 22
Trying 192.168.0.1, 22 ... Open
SSH-2.0-Cisco-2.0
q
Protocol mismatch
                 [Connection to 192.168.0.1 closed by foreign host]
iosv-1#telnet 192.168.0.1 57400
Trying 192.168.0.1, 57400 ... Open
^C^C
[Connection to 192.168.0.1 closed by foreign host]
iosv-1#

Observed behavior: routed network with gRPC enabled

However, when I connect from a different interface on the ios-router, I can connect to SSH but gRPC terminates on timeout:

iosv-1#telnet 192.168.0.1 57400 /source-interface gigabitEthernet 0/1
Trying 192.168.0.1, 57400 ... 
% Connection timed out; remote host not responding

iosv-1#telnet 192.168.0.1 22 /source-interface gigabitEthernet 0/1 
Trying 192.168.0.1, 22 ... Open
SSH-2.0-Cisco-2.0

Observed behavior: routed network with gRPC DISabled

When I disable gRPC by removing the `grpc` line from the configuration, the session is terminated with a RST (as expected, since no service is attached to this port):

# xr9kv-0
RP/0/RP0/CPU0:xr9kv-0(config)#no grpc
RP/0/RP0/CPU0:xr9kv-0(config)#commit

iosv-1#telnet 192.168.0.1 57400 /source-interface gigabitEthernet 0/1
Trying 192.168.0.1, 57400 ... 
% Connection refused by remote host

iosv-1#telnet 192.168.0.1 57400
Trying 192.168.0.1, 57400 ... 
% Connection refused by remote host

Configs

CML2

product_version": "2.6.1+build.11

Router iosv-1

iosv-1#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         192.168.0.10    YES manual up                    up      
GigabitEthernet0/1         10.0.0.1        YES manual up                    up      
GigabitEthernet0/2         unassigned      YES unset  administratively down down    
GigabitEthernet0/3         unassigned      YES unset  administratively down down

Router xr9kv-1

This is a new deployed router with only an ip address on MgmtEth0/RP0/CPU0/0
I have enabled ssh and grpc on this router.

vrouter:
Build Information:
Built By : ingunawa
Built On : Mon Jul 25 02:41:45 PDT 2022
Built Host : iox-ucs-067
Workspace : /auto/srcarchive12/prod/7.7.1/xrv9k/ws
Version : 7.7.1
Location : /opt/cisco/XR/packages/
Label : 7.7.1-0

cisco IOS-XRv 9000 () processor

System information
Model 
VMware, Inc. VMware7,1

hostname xr9kv-0
!
grpc
!
interface MgmtEth0/RP0/CPU0/0
ipv4 address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/0/0/0
shutdown
!
router static
address-family ipv4 unicast
  0.0.0.0/0 192.168.0.10
!
!
ssh server v2
end

Harold Ritter · ‎12-18-2023

Hi @TomVr ,

Please configure the following on XR9000v:

tpa
vrf default
address-family ipv4
default-route mgmt

This should fix it.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

View solution in original post

Harold Ritter · ‎12-18-2023

Hi @TomVr ,

Please configure the following on XR9000v:

tpa
vrf default
address-family ipv4
default-route mgmt

This should fix it.

Regards,

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

TomVr · ‎12-18-2023

That fixed it! Thanks Harold!

Harold Ritter · ‎12-19-2023

You are very welcome @TomVr and thanks for the feedback

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

mauricioromanini · ‎06-23-2025

I have found the same problem running:

show version
Mon Jun 23 10:08:14.952 ART
Cisco IOS XR Software, Version 7.9.21
Copyright (c) 2013-2023 by Cisco Systems, Inc.

Build Information:
Built By : deenayak
Built On : Tue Nov 7 23:51:57 PST 2023
Built Host : iox-ucs-062
Workspace : /auto/srcarchive16/prod/7.9.21/asr9k-x64/ws
Version : 7.9.21
Location : /opt/cisco/XR/packages/
Label : 7.9.21

cisco ASR9K () processor
System uptime is 1 week 4 days 2 hours 29 minutes

I can telnet from xr device connected through bundle-ether1 but when i test from the pc the port is closed

From xr device 2:

telnet 10.1.200.1 57400
Trying 10.1.200.1...
Connected to 10.1.200.1.
Escape sequence is '^^q'.

From collector:

telnet 10.1.200.1 57400
Trying 10.1.200.1...

I can ping the device and also ssh from the collector.

show grpc status
Mon Jun 23 10:17:12.022 ART
*************************show gRPC status**********************
---------------------------------------------------------------
transport : grpc
access-family : tcp
TLS : disabled
trustpoint : NotSet
listening-port : 57400
local-connection : disabled
max-request-per-user : 10
max-request-total : 128
max-streams : 32
max-streams-per-user : 32
server name : DEFAULT
vrf-socket-ns-path : global-vrf
min-client-keepalive-interval : 300
_______________________________________________________________
*************************End of showing status*****************