Jump to content
Калькуляторы

xconnect cisco 6506 / ME-3800 L2VPN

Доброго времени суток.

Проблема: Не проходит трафик через xconnect, созданный между cisco 6506 и cisco ME-3800.

Схема:       CE1 --- PE1 WS-C6506-E --- |MPLS| --- PE2 ME-3800X-24FS-M --- CE2

CE1: ip - 11.10.9.2/29 mac - 001f.263a.d346
CE2: ip - 11.10.9.3/29 mac - 448a.5b04.1ca2

ping CE1 <-> CE2 - NOT OK
CE1: ARP таблица заполняется
CE2: ARP таблица заполняется
Используя tcpdump, обнаружено, что ICMP пакеты проходят по пути CE1 -> CE2, а в обратную сторону не проходят.

Огромная просьба помочь)))) Заранее огромное спасибо)))

Ниже приведены конфигурация, статистика для  PE1 и  PE2.

 

Конфигурация PE1:

 

pseudowire-class test
 encapsulation mpls
 interworking ethernet

 

interface Port-channel2.667  <-- Gi1/2, Gi1/7
 encapsulation dot1Q 667
 xconnect 172.16.249.1 667001 pw-class test

 

Статус PE1:

PE1#sh mpls l2transport binding 667001
  Destination Address: 172.16.249.1,  VC ID: 667001
    Local Label:  976
        Cbit: 1,    VC Type: Ethernet,    GroupID: 0
        MTU: 9216,   Interface Desc: n/a
        VCCV: CC Type: RA [2]
              CV Type: LSPV [2]
    Remote Label: 931
        Cbit: 1,    VC Type: Ethernet,    GroupID: 0
        MTU: 9216,   Interface Desc: n/a
        VCCV: CC Type: CW [1], RA [2]
              CV Type: LSPV [2], Unkn [5]

PE1# sh mpls l2transport vc 667001 detail
Local interface: Po2.667 up, line protocol up, Eth VLAN 667 up
  Interworking type is Ethernet
  Destination address: 172.16.249.1, VC ID: 667001, VC status: up
    Output interface: Vl957, imposed label stack {3468 931}
    Preferred path: not configured
    Default path: active
    Next hop: 172.18.0.50
  Load Balance: none
  Flow Label: Disabled
  Create time: 00:08:53, last status change time: 00:05:38
  Signaling protocol: LDP, peer 172.16.249.1:0 up
    Targeted Hello: 172.16.201.1(LDP Id) -> 172.16.249.1
    Status TLV support (local/remote)   : enabled/supported
      Label/status state machine        : established, LruRru
      Last local dataplane   status rcvd: no fault
      Last local SSS circuit status rcvd: no fault
      Last local SSS circuit status sent: no fault
      Last local  LDP TLV    status sent: no fault
      Last remote LDP TLV    status rcvd: no fault
    MPLS VC labels: local 976, remote 931
    Group ID: local 0, remote 0
    MTU: local 9216, remote 9216
    Remote interface description:
  Sequencing: receive disabled, send disabled
  VC statistics:
    packet totals: receive 16, send 287
    byte totals:   receive 1072, send 25622
    packet drops:  receive 0, seq error 0, send 0

 

Конфигурация PE2:

 

pseudowire-class test
 encapsulation mpls
 interworking ethernet

 

interface Vlan667
 mtu 9216
 no ip address
 xconnect 172.16.201.1 667001 encapsulation mpls pw-class test

 

interface GigabitEthernet0/15
 description 172.16.5.5
 switchport trunk allowed vlan none
 switchport mode trunk
 mtu 9216
 load-interval 30
 storm-control broadcast level 10.00
 storm-control multicast level 10.00
 storm-control action shutdown
 service instance 667 ethernet
  encapsulation dot1q 667
  rewrite ingress tag pop 1 symmetric
  bridge-domain 667

 

PE2#sh bridge-domain 667
Bridge-domain 667 (1 ports in all)
State: UP                    Mac learning: Enabled
Maximum address limit: 10000
    GigabitEthernet0/15 service instance 667
 

 

Статус PE2:

 

PE2#sh mpls l2transport binding 667001
  Destination Address: 172.16.201.1,VC ID: 667001
    Local Label:  931
        Cbit: 1,    VC Type: Ethernet,    GroupID: n/a
        MTU: 9216,   Interface Desc: n/a
        VCCV: CC Type: CW [1], RA [2]
              CV Type: LSPV [2], BFD/Raw [5]
    Remote Label: 976
        Cbit: 1,    VC Type: Ethernet,    GroupID: 0
        MTU: 9216,   Interface Desc: n/a
        VCCV: CC Type: RA [2]
              CV Type: LSPV [2]

PE2#sh mpls l2transport vc 667001 detail
Local interface: Vl667 up, line protocol up, Eth VLAN 667 up
  Interworking type is Ethernet
  Destination address: 172.16.201.1, VC ID: 667001, VC status: up
    Output interface: Vl849, imposed label stack {300 976}
    Preferred path: not configured
    Default path: active
    Next hop: 172.25.249.2
  Create time: 00:09:27, last status change time: 00:09:24
    Last label FSM state change time: 00:09:24
  Signaling protocol: LDP, peer 172.16.201.1:0 up
    Targeted Hello: 172.16.249.1(LDP Id) -> 172.16.201.1, LDP is UP
    Graceful restart: not configured and not enabled
    Non stop routing: not configured and not enabled
    Status TLV support (local/remote)   : enabled/supported
      LDP route watch                   : enabled
      Label/status state machine        : established, LruRru
      Last local dataplane   status rcvd: No fault
      Last BFD dataplane     status rcvd: Not sent
      Last BFD peer monitor  status rcvd: No fault
      Last local AC  circuit status rcvd: No fault
      Last local AC  circuit status sent: No fault
      Last local PW i/f circ status rcvd: No fault
      Last local LDP TLV     status sent: No fault
      Last remote LDP TLV    status rcvd: No fault
      Last remote LDP ADJ    status rcvd: No fault
    MPLS VC labels: local 931, remote 976
    Group ID: local n/a, remote 0
    MTU: local 9216, remote 9216
    Remote interface description:
  Sequencing: receive disabled, send disabled
  Control Word: On (configured: autosense)
  Dataplane:
    SSM segment/switch IDs: 4303/4300 (used), PWID: 4
  VC statistics:
    transit packet totals: receive 299, send 627
    transit byte totals:   receive 28300, send 64134
    transit packet drops:  receive 0, seq error 0, send 0

 

Доп. информация PE1:

PE1#sh ver
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9-M), Version 15.1(2)SY7, RELEASE SOFTWARE (fc4)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2016 by Cisco Systems, Inc.
Compiled Sun 13-Mar-16 07:31 by prod_rel_team

ROM: System Bootstrap, Version 12.2(17r)SX5, RELEASE SOFTWARE (fc1)
BOOTLDR: Cisco IOS Software, s72033_rp Software (s72033_rp-ADVENTERPRISEK9-M), Version 15.1(2)SY7, RELEASE SOFTWARE (fc4)

 u1cr1_6506 uptime is 25 weeks, 6 days, 38 minutes
Uptime for this control processor is 25 weeks, 6 days, 20 minutes
System returned to ROM by reload at 15:09:55 MSK Wed Aug 8 2018 (SP by reload)
System restarted at 15:13:34 MSK Wed Aug 8 2018
System image file is "sup-bootdisk:/s72033-adventerprisek9-mz.151-2.SY7.bin"
Last reload reason: Reload Command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C6506-E (R7000) processor (revision 1.1) with 983008K/65536K bytes of memory.
Processor board ID SAL1128U8KN
SR71000 CPU at 600Mhz, Implementation 0x504, Rev 1.2, 512KB L2 Cache
Last reset from s/w reset
84 Virtual Ethernet interfaces
75 Gigabit Ethernet interfaces
10 Ten Gigabit Ethernet interfaces
1917K bytes of non-volatile configuration memory.

65536K bytes of Flash internal SIMM (Sector size 512K).

PE1#sh module
Mod Ports Card Type                              Model              Serial No.
--- ----- -------------------------------------- ------------------ -----------
  1   24  CEF720 24 port 1000mb SFP              WS-X6724-SFP       SAL1019MD1W
  3   48  48-port 10/100/1000 RJ45 EtherModule   WS-X6148A-GE-TX    SAL1551YFJS
  5    4  CEF720 4 port 10-Gigabit Ethernet      WS-X6704-10GE      SAL08321WLT
  6    5  Supervisor Engine 720 10GE (Active)    VS-S720-10G        SAL11380UYH

Mod MAC addresses                       Hw    Fw           Sw           Status
--- ---------------------------------- ------ ------------ ------------ -------
  1  0017.0ed4.5110 to 0017.0ed4.5127   2.3   12.2(14r)S5  15.1(2)SY7   Ok
  3  001a.6da1.9fd0 to 001a.6da1.9fff   1.5   8.4(1)       15.1(2)SY7   Ok
  5  0011.9370.0fe0 to 0011.9370.0fe3   1.5   12.2(18r)S1  15.1(2)SY7   Ok
  6  001d.45c2.cfbc to 001d.45c2.cfc3   2.0   8.5(2)       15.1(2)SY7   Ok

Mod  Sub-Module                  Model              Serial       Hw     Status
---- --------------------------- ------------------ ----------- ------- -------
  1  Centralized Forwarding Card WS-F6700-CFC       SAL1010FB83  2.0    Ok
  5  Centralized Forwarding Card WS-F6700-CFC       SAL1151B2EX  4.0    Ok
  6  Policy Feature Card 3       VS-F6K-PFC3C       SAL113920Q2  1.0    Ok
  6  MSFC3 Daughterboard         VS-F6K-MSFC3       SAL1135Z0HW  1.0    Ok

Mod  Online Diag Status
---- -------------------
  1  Pass
  3  Pass
  5  Pass
  6  Pass

 

Доп. информация PE2:

PE2#sh ver
Cisco IOS Software, ME380x Software (ME380x-UNIVERSALK9-M), Version 15.5(3)S8, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2018 by Cisco Systems, Inc.
Compiled Tue 07-Aug-18 17:44 by prod_rel_team

ROM: Bootstrap program is WHALES boot loader
BOOTLDR: ME380x Boot Loader (ME380X-HBOOT-M), Version 12.2 [sourdutt-loader_release_ledfix 100]

u49cr1 uptime is 1 week, 13 minutes
System returned to ROM by power-on
System image file is "flash:/me380x-universalk9-mz.155-3.S8/me380x-universalk9-mz.155-3.S8.bin"
Last reload reason: Reload Command

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

License Level: MetroAggrServices
License Type: Permanent
Next reload license Level: MetroAggrServices

cisco ME-3800X-24FS-M (PowerPC8572) processor (revision A0) with 983040K/65528K bytes of memory.
Processor board ID FOC1606V2R2
Last reset from power-on
31 Virtual Ethernet interfaces
25 Gigabit Ethernet interfaces
2 Ten Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

1536K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : D4:A0:2A:54:BF:00
Motherboard assembly number     : 73-12068-07
Motherboard serial number       : FOC16054HCW
Model revision number           : A0
Motherboard revision number     : B0
Model number                    : ME-3800X-24FS-M
System serial number            : FOC1606V2R2
Top Assembly Part Number        : 800-31465-01
Top Assembly Revision Number    : B0
Version ID                      : V01
CLEI Code Number                : IPMSW00DRA

Configuration register is 0xF

 

Share this post


Link to post
Share on other sites

Была такая же бага на ME38.

Для начала попробуйте клирнуть PW и LDP на ней. Если не поможет, то скорее всего перезагрузка/установка другого софта.

Но лучшее решение - это не использовать ее в качестве mpls pe, а еще лучше вообще не использовать. Бага на баге, коробку так и не полечили за время ее существования.

Share this post


Link to post
Share on other sites

2 hours ago, Merridius said:

Была такая же бага на ME38.

Для начала попробуйте клирнуть PW и LDP на ней. Если не поможет, то скорее всего перезагрузка/установка другого софта.

Но лучшее решение - это не использовать ее в качестве mpls pe, а еще лучше вообще не использовать. Бага на баге, коробку так и не полечили за время ее существования.

Спасибо огромное.

Попробуем.

Печалька, конечно((( Специально ME3800 поставили для MPLS

Share this post


Link to post
Share on other sites

У нас у МТСа такие работают - были проблемы, но говорят что сейчас у них всё работает нормально. Подробностей не знаю.

Share this post


Link to post
Share on other sites

10 hours ago, ElfenLied said:

Спасибо огромное.

Попробуем.

Печалька, конечно((( Специально ME3800 поставили для MPLS

такое без контракта ставить нельзя

у самого 3600 в качестве тупого л3 стоит и то крашится иногда, хотя там конфиг девственный.

Share this post


Link to post
Share on other sites

Я запускал xconnect mpls без PW.

Т.е. вот так вот и все:

 

mpls ldp neighbor 172.23.0.251 targeted
mpls ldp neighbor 172.23.0.254 targeted
mpls ldp loop-detection
mpls ldp graceful-restart timers neighbor-liveness 300
mpls ldp graceful-restart timers forwarding-holding 300
mpls ldp graceful-restart
mpls ldp tcp pak-priority
no mpls ip propagate-ttl 
mpls label protocol ldp

!

interface GigabitEthernet0/2.52
 description Zelenaya-3b
 encapsulation dot1Q 52
 no cdp enable
 xconnect 172.23.0.254 52 encapsulation mpls
  mtu 1500
!

 

sh mpls l2transport bi 52
  Destination Address: 172.23.0.254,  VC ID: 52
    Local Label:  126
        Cbit: 0,    VC Type: Eth VLAN,    GroupID: 0
        MTU: 1500,   Interface Desc: Zelenaya-3b
        VCCV: CC Type: CW [1], RA [2]
              CV Type: LSPV [2]
    Remote Label: 140290
        Cbit: 0,    VC Type: Eth VLAN,    GroupID: 0
        MTU: 1500,   Interface Desc: n/a
        VCCV: CC Type: None
              CV Type: None

 

sh mpls l2transport vc 52 de
Local interface: Gi0/2.52 up, line protocol up, Eth VLAN 52 up
  Destination address: 172.23.0.254, VC ID: 52, VC status: up
    Output interface: Gi0/2.4086, imposed label stack {140290}
    Preferred path: not configured  
    Default path: active
    Next hop: 172.23.0.18
  Create time: 1y18w, last status change time: 11w5d
  Signaling protocol: LDP, peer 172.23.0.254:0 up
    Targeted Hello: 172.23.0.252(LDP Id) -> 172.23.0.254
    Status TLV support (local/remote)   : enabled/not supported
      Label/status state machine        : established, LruRru
      Last local dataplane   status rcvd: no fault
      Last local SSS circuit status rcvd: no fault
      Last local SSS circuit status sent: no fault
      Last local  LDP TLV    status sent: no fault
      Last remote LDP TLV    status rcvd: not sent
    MPLS VC labels: local 126, remote 140290 
    Group ID: local 0, remote 0
    MTU: local 1500, remote 1500
    Remote interface description: 
  Sequencing: receive disabled, send disabled
  VC statistics:
    packet totals: receive 0, send 0
    byte totals:   receive 0, send 0
    packet drops:  receive 0, seq error 0, send 0
 

 

PW на l2tun xconnect'e работает.

Цыска правда 29.

 

Share this post


Link to post
Share on other sites

17 minutes ago, Telesis said:

убрать pseudowire-class

убрать - rewrite ingress tag pop 1 symmetric

Спасибо.

Какие вариации конфигов мы только не пробовали..... И так и сяк. Это не сработало

Share this post


Link to post
Share on other sites

17 hours ago, ElfenLied said:

ME-3800X-24FS-M

В связке с Juniper MX работало.

Вот с 65хх, не было возможности протестировать.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.