FCIP Tunnel not coming up

Unanswered Question
Mar 8th, 2009

Does anyone see why the FCIP tunnel below would not come up? Both switches have direct connectivity on gig ports via a switch, pings work without fail. This is actually one of the PEC lab scenarios. Tunnel shows down yet gig ports are up, pings work, fcip interface are admin set to up, etc.

MDS 1

==================================

vsan database

vsan 10

vsan 20

fcip enable

fcip profile 1

ip address 10.1.25.11

interface fcip1

switchport mode E

no shutdown

use-profile 1

peer-info ipaddr 10.1.25.21

vsan database

vsan 10 interface fc1/5

vsan 20 interface fc1/6

ip default-gateway 10.0.25.254

switchname P25-MDS-1

interface fc1/5

no shutdown

interface fc1/6

no shutdown

interface GigabitEthernet2/1

ip address 10.1.25.11 255.255.255.0

no shutdown

interface mgmt

switchport speed 100

ip address 10.0.25.5 255.255.255.0

MDS 2

==================================

vsan database

vsan 10

vsan 20

fcip enable

fcip profile 1

ip address 10.1.25.21

interface fcip1

switchport mode E

no shutdown

use-profile 1

peer-info ipaddr 10.1.25.11

vsan database

vsan 10 interface fc1/6

vsan 20 interface fc1/10

ip default-gateway 10.0.25.254

switchname P25-MDS-2

interface fc1/6

no shutdown

interface fc1/10

no shutdown

interface GigabitEthernet2/1

ip address 10.1.25.21 255.255.255.0

no shutdown

interface mgmt

switchport speed 100

ip address 10.0.25.3 255.255.255.0

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bfeeny Sun, 03/08/2009 - 21:03

I believe my config is correct. I am training on two pods, and one pod seems to have problems bringing up the FCIP tunnels. I tried to troubleshoot but not sure exactly the best way at this time. I attached to the IPS module and looked at the fcip fsm but couldn't make out exactly what was going on. If anyone has any ideas how to drill down to see what may be happening let me know. Like I said, IP connectivity seems fine, no errors at layer1 or on the fcip interfaces.

afoignant Mon, 03/09/2009 - 03:33

You should check also your MTU (Maximum Transfert Unit). Your ping use a 1500 Bytes length, so you cannot see if the MTU is right. configure your MTU on both switchs.

bfeeny Mon, 03/09/2009 - 05:18

I will check the config, I beleive MTU is at 1500 since nothing shows in config, I did not check jumbo frames box in the wizard, so I believe that just uses a normal ethernet MTU with PMTU discovery. I will see if there is a way I can do an extended ping from the MDS and look for issues there.

bfeeny Mon, 03/09/2009 - 07:34

Still troubleshooting this issue. On the lab pod which I can't get FCIP to work, I looked at the licenses, which don't look right:

MDS1 which is a 9506 shows this:

3.0.2 image

Feature Ins Lic Status Expiry Date Comments Count

------------------------------------------------------------------------------------

FM_SERVER_PKG Yes - Unused never license missing

MAINFRAME_PKG Yes - Unused never license missing

ENTERPRISE_PKG Yes - Unused never license missing

SAN_EXTN_OVER_IP Yes 1 In use never 1 license(s) missing

SAN_EXTN_OVER_IP_IPS2 No 0 Unused -

SAN_EXTN_OVER_IP_IPS4 No 0 Unused -

STORAGE_SERVICES_ENABLER_PKG No 0 Unused -

-------------------------------------------------------------------------------------

**** WARNING: License file(s) missing. ****

and MDS2 which is a 9216 shows this:

Feature Ins Lic Status Expiry Date Comments Count

------------------------------------------------------------------------------------

FM_SERVER_PKG Yes - Unused never license missing

MAINFRAME_PKG Yes - Unused never license missing

ENTERPRISE_PKG Yes - Unused never license missing

SAN_EXTN_OVER_IP Yes 1 In use never 1 license(s) missing

SAN_EXTN_OVER_IP_IPS2 Yes 1 Unused never 1 license(s) missing

SAN_EXTN_OVER_IP_IPS4 Yes 1 Unused never 1 license(s) missing

STORAGE_SERVICES_ENABLER_PKG Yes 1 Unused never 1 license(s) missing

-------------------------------------------------------------------------------------

**** WARNING: License file(s) missing. ****

Don't they both need licenses for IPS2/IPS4? its a SMIP module that I am doing the FCIP on. I did a debug on the licenses but when I enabled fcip and start to configure it, I don't see any errors hit like where it looks for a license and doesn't see it, and I thought that would be logged to the log as well with something obvious.

I am assuming the license files missing is not a problem, as they are "installed" on the 9216, so is this just letting you know they aren't there but really doesn't effect operation?

On the 9506, they are not installed for IPS2 and IPS4 (there is a IPS 8-port module in this switch). I would think that those would have to be installed. Do you think this is the problem? How could I know for sure, is there a debug or event logged that should indicate?

Brian

Michael Brown Mon, 03/09/2009 - 14:47

The licenses appear to be okay. The IPS2 is for a 14/2 card where there are 14 FC ports and 2 GE ports. The IPS4 is for a 4 port GE module that has been discontinued. What 'missing' means is that the license file is not on the supervisor bootflash. This will have no effect on the operation. Both MDS show the SAN_EXT license installed.

What hardware are you using on each end for the GE ports?

bfeeny Mon, 03/09/2009 - 14:55

Each end is a 9308-SMIP.

I was looking thru the global price list from cisco today and didn't see san extension licenses in there anymore, did they roll those into the enterprise package? I hope to pick up some IPS4 modules for my lab, and if they didn't come with SAN Extension I was going to buy it, hopefully I can buy it. I wish they would just have the FCIP work without a license with TTL of 1 so that in a lab people could mess around with it.

Michael Brown Mon, 03/09/2009 - 18:43

Licenses look okay...can you paste in the output from 'show int fcip 1' from each MDS?

bfeeny Mon, 03/09/2009 - 19:07

Mike,

I noticed you work at Cisco. On Partner E-learning is where this switch is at. Its a lab pod. There are two storage pods, P25 and P26. P25 has the problem. Each time you enter the lab you have a 50% chance of hitting this pod. I can't cut and paste because its a java terminal so will have to type in by hand the output of show int fcip2. You can find the lab by going to partner e-learning, clicking search, then courses, and in the title put SAN. All the labs there are the same equipment, but its Pod25 you want to be connected to. Look at SAN-OS 3.0.2 LAB 11 - Implementing an FCIP Tunnel.

My point is, someone at your level with your access can probably just access these MDS's and see right away whats going on.

I have alerted the lab people at cisco to take a look, hopefully there will be an outcome. Its reproducable every time, just a basic fcip tunnel won't establish.

I think the issue may be related to the backbone switch the gig ports are connected thru. CDP shows some funky things going on with the vlans. And I think there may be some wierdness there.

peter.ooms Thu, 03/19/2009 - 07:18

I would add an full qualifying explicit IP route for the 10.1.25.0/24 network used for the FCIP connection. By this controlling the right (outgoing/gateway) interface is used.

Question: Your ping, did it use an explicit source address to select the GE interface ?

bfeeny Thu, 03/19/2009 - 07:32

I would agree on the route, however, realize this is a directly connected route, as both sides of the FCIP tunnel are the same subnet. So I do not see how it would try another interface, like mgmt for example. And with pings I believe I did try to source form the correct interface.

These same configs work on Pod26 but not Pod25, so I really think its how the backbone switch is configured to connect the two gig links on the different switches.

Actions

This Discussion

 

 

Trending Topics: Storage Networking