problem to forward traffic to one host in Catalyst 6506

Unanswered Question
Nov 18th, 2008

Hello. Do anyone see what the problem could be ?


There is a route in vrf (catalyst 6506):


Sw2#sh ip route vrf DMZ 10.249.17.0

Routing entry for 10.249.17.0/29

Known via "ospf 501", distance 110, metric 2, type intra area

Last update from 10.249.207.70 on GigabitEthernet1/1.2024, 00:01:12 ago

Routing Descriptor Blocks:

* 10.249.207.70, from 10.249.17.1, 00:01:12 ago, via GigabitEthernet1/1.2024

Route metric is 2, traffic share count is 1


And the same route for more specific hosts:


Sw2#sh ip route vrf DMZ 10.249.17.3

Routing entry for 10.249.17.0/29

Known via "ospf 501", distance 110, metric 2, type intra area

Last update from 10.249.207.70 on GigabitEthernet1/1.2024, 00:01:26 ago

Routing Descriptor Blocks:

* 10.249.207.70, from 10.249.17.1, 00:01:26 ago, via GigabitEthernet1/1.2024

Route metric is 2, traffic share count is 1



Sw2#sh ip route vrf DMZ 10.249.17.4

Routing entry for 10.249.17.0/29

Known via "ospf 501", distance 110, metric 2, type intra area

Last update from 10.249.207.70 on GigabitEthernet1/1.2024, 00:01:34 ago

Routing Descriptor Blocks:

* 10.249.207.70, from 10.249.17.1, 00:01:34 ago, via GigabitEthernet1/1.2024

Route metric is 2, traffic share count is 1


when i tracert to on host:

Sw2#traceroute vrf DMZ 10.249.17.4


Tracing the route to 10.249.17.4


1 10.249.207.70 0 msec 0 msec 4 msec

2 10.249.17.4 0 msec 0 msec 4 msec


all correct!!!!!


BUT when i tracert (or ping) to another host in the same subnet


traceroute vrf DMZ 10.249.17.3


Type escape sequence to abort.

Tracing the route to 10.249.17.3


1 * * *

2 * * *


switch don't reach next hop router!!!!!

There is not ACL on next-hop router.


I can't explain this behavior.

Do anyone see what the problem could be ?

Thank you for any help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Wed, 11/19/2008 - 00:01

Hello Dmitriy,

to detect if there is a CEF multilaer switching issue on the C6500 you can:


add a static route in VRF for host 10.249.17.3


this should trigger a CEF recalculation and could be a temporary fix.

Another method could be that of adding an ACL outbound permitting everything but with the log option so that is not processed by normal CEF table.


We experienced similar problems but in global routing table for C6500 that receives full BGP tables from two border routers.


We performed also an IOS upgrade on the C6500.


Hope to help

Giuseppe



dimitavton Wed, 11/19/2008 - 00:49

hello Giuseppe.

thank you for answer.

but, unfortunally, you advice was not helpful.

neither adding static route, nor ACL with log option.


Giuseppe Larosa Wed, 11/19/2008 - 04:40

Hello Dmitriy,

I would move the focus on the next-hop router using the same "tools".


Hope to help

Giuseppe


Actions

This Discussion