Xconnect tunnel on ASR-1K-X

gaurishkambli · ‎02-20-2016

Have created two point to point L2VPN tunnels between ASR 9k & ASR 1K-X

One tunnel is working fine.

Other tunnel is not working.

It shows up on both the router.

Same configuration is done for both the tunnels.

Please help...

Aditya Ganjoo · ‎02-22-2016

Hi Gaurish,

Could you please share the configuration ?

Also what is the output of show cry isa sa and show xconnect all ?

Regards,

Aditya

gaurishkambli · ‎02-22-2016

Hi Aditya,

Thanks for reply....below is the configuration on both the routers

ASR 9k Configuration

interface GigabitEthernet0/0/0/15
description ## Tunnel ##
speed 100
negotiation auto
l2transport

l2vpn

xconnect group test
p2p test
interface GigabitEthernet0/0/0/15
neighbor 172.20.20.6 pw-id 112

Show l2vpn xconnect output

XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ----------------------------- -----------------------------

----------------------------------------------------------------------------------------
test
test
UP Gi0/0/0/15 UP 172.20.20.6 112 UP
----------------------------------------------------------------------------------------

ASR 1K-X Configuration

pseudowire-class test
encapsulation mpls
no control-word

interface GigabitEthernet0/0/5
description ### Tunel ###
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
load-interval 30
negotiation auto
xconnect 172.20.20.3 112 encapsulation mpls pw-class test

show xconnect all output

XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP pri ac Gi0/0/5:13(Ethernet) UP mpls 172.20.20.3:112 UP

show cry isa sa output

IPv4 Crypto ISAKMP SA
dst src state conn-id status

IPv6 Crypto ISAKMP SA

gaurishkambli · ‎02-24-2016

Hii Aditya,

Any updates....

Giuseppe Larosa · ‎02-25-2016

Hello Gaurish,

in your first post you were speaking of two pseudowires, but then later you have provided only the configuration and status of a single pseudowire.

Have you configured the second pseudowire using different access ports on both sides ASR9k and ASR1000 and using a different circuit-id ? You need a different circuit for each pseudowire between the same pair of devices.

The access circuits must be different for the two pseudowires as the circuit-id.

The correct show are

show mpls l2transport on the ASR 1000

and

show bridge on the ASR9000

The indication of show crypto is misleading there is no IPsec involved in this LDP based xconnect.

Hope to help

Giuseppe

gaurishkambli · ‎02-25-2016

yes...i have created two circuit id..

111 & 112....

111 is working fine..i have not show that configuration....

Regards

Gaurish

Giuseppe Larosa · ‎02-25-2016

Hello Gaurish,

post

show mpls l2transport vc 111 detail

show mpls l2transport vc 112 detail

taken from ASR1000

these show commands show show the reason why VC 112 is not working.

Hope to help

Giuseppe

gaurishkambli · ‎02-25-2016

THX...

OUT of 111

Router1#show mpls l2transport vc 111 detail
Local interface: Gi0/0/2 up, line protocol up, Ethernet up
Destination address: 10.255.253.2, VC ID: 111, VC status: up
Output interface: Gi0/0/0, imposed label stack {16001}
Preferred path: not configured
Default path: active
Next hop: 10.155.103.97
Create time: 4d23h, last status change time: 3d03h
Last label FSM state change time: 3d03h
Signaling protocol: LDP, peer 10.255.253.2:0 up
Targeted Hello: 10.255.253.6(LDP Id) -> 10.255.253.2, LDP is UP
Graceful restart: not configured and not enabled
Non stop routing: not configured and not enabled
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 16, remote 16001
Group ID: local 0, remote 67110720
MTU: local 1500, remote 1500
Remote interface description: GigabitEthernet0_0_0_14
Sequencing: receive disabled, send disabled
Control Word: Off
SSO Descriptor: 10.255.253.2/111, local label: 16
Dataplane:
SSM segment/switch IDs: 12312/4098 (used), PWID: 1
VC statistics:
transit packet totals: receive 97662005, send 65402697
transit byte totals: receive 55692679583, send 53820153238
transit packet drops: receive 0, seq error 0, send 0

Output of 112

Router1#show mpls l2transport vc 112 detail
Local interface: Gi0/0/5 up, line protocol up, Ethernet up
Destination address: 10.255.253.2, VC ID: 112, VC status: up
Output interface: Gi0/0/0, imposed label stack {22111}
Preferred path: not configured
Default path: active
Next hop: 10.155.103.97
Create time: 1d06h, last status change time: 00:03:05
Last label FSM state change time: 1d04h
Signaling protocol: LDP, peer 10.255.253.2:0 up
Targeted Hello: 10.255.253.6(LDP Id) -> 10.255.253.2, LDP is UP
Graceful restart: not configured and not enabled
Non stop routing: not configured and not enabled
Status TLV support (local/remote) : enabled/supported
LDP route watch : enabled
Label/status state machine : established, LruRru
Last local dataplane status rcvd: No fault
Last BFD dataplane status rcvd: Not sent
Last BFD peer monitor status rcvd: No fault
Last local AC circuit status rcvd: No fault
Last local AC circuit status sent: No fault
Last local PW i/f circ status rcvd: No fault
Last local LDP TLV status sent: No fault
Last remote LDP TLV status rcvd: No fault
Last remote LDP ADJ status rcvd: No fault
MPLS VC labels: local 2698, remote 22111
Group ID: local 0, remote 1140851456
MTU: local 1500, remote 1500
Remote interface description: GigabitEthernet1_0_0_9
Sequencing: receive disabled, send disabled
Control Word: Off
SSO Descriptor: 10.255.253.2/112, local label: 2698
Dataplane:
SSM segment/switch IDs: 4153/12340 (used), PWID: 3
VC statistics:
transit packet totals: receive 1257, send 18176
transit byte totals: receive 87477, send 1659115
transit packet drops: receive 0, seq error 0, send 0

gaurishkambli · ‎02-25-2016

I have connected a system at both the ends..but m not able to ping each other...

on both system, i get transmit packets but no receive packets...

Giuseppe Larosa · ‎02-25-2016

Hello Gaurish,

this happens only for the VC112, VC111 is working?

It is strange, because from the point of view of the ASR1000 both pseudowires are up/up as the show commands show.

I see for VC112:

>> Remote interface description: GigabitEthernet1_0_0_9

you have two ASR9000 in cluster on the other side?

Try to check in the ASR9000 side with show l2vpn bridge.

Are the two end systems able to see each other in ARP tables?

(I do not think so, just to check)

Hope to help

Giuseppe

gaurishkambli · ‎02-25-2016

Hi Giuseppe,

Yes i agree with you..its an unusual issue..since VC111 is working without any issue..

ASR 9k are in cluster mode.

How to check ARP tables at system level?

Regards

Gaurish

Giuseppe Larosa · ‎02-26-2016

Hello Gaurish,

>> How to check ARP tables at system level?

I was meaning to check the ARP tables of the PCs you have used to check the pseudowire not the routers.

For a windows based PC from shell use

arp -g

to see the ARP entries.

But I would expect the two PCs to be not able to see each other MAC address in ARP table.

A proposal: what if you change the access-circuit of VC112 to be a port on rack0 of the cluster like gi0/0/0/N on the ASR9000 side just to see if anything changes.

Hope to help

Giuseppe