Switching issue..

Vinayaka Raman · ‎11-14-2011

Here is the ping statistics and tracert from my laptop

Reply from 100.172.136.254: bytes=32 time<1ms TTL=254 <when the tunnel is down>

Reply from 100.172.136.254: bytes=32 time<1ms TTL=254

Reply from 100.172.136.254: bytes=32 time=1ms TTL=254

Reply from 100.172.136.254: bytes=32 time<1ms TTL=254

Reply from 100.172.136.254: bytes=32 time=1ms TTL=254

Reply from 100.172.136.254: bytes=32 time<1ms TTL=254

Reply from 100.172.136.254: bytes=32 time=60ms TTL=249 <when the tunnel is up>

Reply from 100.172.136.254: bytes=32 time=59ms TTL=249

Reply from 100.172.136.254: bytes=32 time=58ms TTL=249

Reply from 100.172.136.254: bytes=32 time=59ms TTL=249

Reply from 100.172.136.254: bytes=32 time=60ms TTL=249

Reply from 100.172.136.254: bytes=32 time=59ms TTL=249

C:\Documents and Settings\console>tracert -d 100.172.136.254

Tracing route to 100.172.136.254 over a maximum of 30 hops

1 18 ms <1 ms <1 ms 192.168.222.1
2 66 ms 60 ms 59 ms 100.172.136.254

Trace complete.

C:\Documents and Settings\console>

HSRP active is MPLS

This is the issue. when the tunnel is down, it pings with less than 1ms delay which is expected

when the tunnle is up it is having a dealy of 60ms..but the traceroute remains unchanged

I want PC to reach 10.172.136.254 through LAN which is not happening as long as the tunnel is up

____________________________________________________

LAB881

interface FastEthernet3
switchport trunk native vlan 999
switchport mode trunk
end

LAB881#show ip route 100.172.136.254
Routing entry for 100.172.136.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Redistributing via eigrp 1
Routing Descriptor Blocks:
* directly connected, via Vlan999
Route metric is 0, traffic share count is 1

LAB881#

__________________________________________
IPLABCS1#show run int fa 0/19
Building configuration...

Current configuration:
!
interface FastEthernet0/19
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
switchport priority extend cos 0
spanning-tree portfast
end
IPLABCS1#show run int fa 0/20
Building configuration...

Current configuration:
!
interface FastEthernet0/20
description connection to 2821 router Main with 3MB link
switchport access vlan 999
spanning-tree portfast
end
_______________________________________
LAB2821-2#show run int gi 0/0
Building configuration...

Current configuration : 466 bytes
!
interface GigabitEthernet0/0
ip address 100.172.136.252 255.255.255.0
ip helper-address 100.172.136.5
no ip redirects
no ip unreachables
no ip proxy-arp
ip wccp 61 redirect in
standby 1 ip 100.172.136.254
standby 1 timers 1 3
standby 1 priority 200
standby 1 preempt
standby 1 name NETW_MGMT_VLAN
standby 1 track 1 decrement 100
duplex auto
speed auto
no mop enabled
h323-gateway voip interface
h323-gateway voip bind srcaddr 100.172.136.252
end
_______________________________________________

Regards Vinayak

nkarpysh · ‎11-14-2011

Hi,

You can see TTL actually decreased going through tunnel:

TTL=249 against TTL=255.

So it passed few hops indeed that way thus delay increased. Trace could be seen as same if that path is through MPLS. MPLS can decrease TTL hop by hop doing switching (copying IP ttl to MPLS header) but reply would actually received by your PC from routers which aware of your PC. Not from MPLS P routers which don't care about Customer edge.

Hope this helps,

Nik

HTH,
Niko

Vinayaka Raman · ‎11-14-2011

Thanks for the reply.

I want PC to reach 10.172.136.254 without getting into WAN cloud..

It should ideally reach the Default Gateway 192.168.222.1 (vlan 3 interface on DSL) and then

100.172.136.253 (vlan 999 interface on DSL router ) and then

100.72.136.254 (HSRP active address served by MPLS now)..

Can it work this way ? Please let me know your thoughts..

Regards Vinayak

Vinayaka Raman · ‎11-14-2011

Here are some additional information

From PC

C:\Documents and Settings\console>tracert -d 100.172.136.253

Tracing route to 100.172.136.253 over a maximum of 30 hops

1 20 ms <1 ms <1 ms 100.172.136.253

Trace complete.

C:\Documents and Settings\console>tracert -d 100.172.136.254

Tracing route to 100.172.136.254 over a maximum of 30 hops

1 22 ms <1 ms <1 ms 192.168.222.1
2 60 ms 56 ms 59 ms 100.172.136.254

Trace complete.

On the Switch

IPLABCS1#

IPLABCS1#show ip arp 100.172.136.254

Protocol Address Age (min) Hardware Addr Type Interface

Internet 100.172.136.254 2 0000.0c07.ac01 ARPA VLAN999

IPLABCS1#

IPLABCS1#show mac

IPLABCS1#show mac-address-table add

IPLABCS1#show mac-address-table address 0000.0c07.ac01

Non-static Address Table:

Destination Address Address Type VLAN Destination Port

------------------- ------------ ---- --------------------

0000.0c07.ac01 Dynamic 999 FastEthernet0/20

IPLABCS1# IPLABCS1#
IPLABCS1#show ip arp 100.172.136.254
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 100.172.136.254         2   0000.0c07.ac01 ARPA   VLAN999
IPLABCS1#
IPLABCS1#show mac
IPLABCS1#show mac-address-table add
IPLABCS1#show mac-address-table address 0000.0c07.ac01
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0000.0c07.ac01       Dynamic        999 FastEthernet0/20
IPLABCS1#

_________________________________________________

Regards Vinayak

nkarpysh · ‎11-14-2011

Hi,

Do you have ny VPLS or EoMPLS? It seems that you are getting ARP for 100.72.136.254 on LAB881 from tunnel somehow. If sh ip route you pasted above is taken when tunnel was up - routing should be done between VLAN 3 and 999.

One more thing to check if any policy based routing configured forcing these traffic to tunnel. So config from LAB881 would be helpfull to check.

Nik

HTH,
Niko

Vinayaka Raman · ‎11-14-2011

I could spot this issue.

Brief Description:

(Refer Topology)
We are pinging VIP 100.172.136.254 from the laptop and see high delay when the DSL tunnel is up.

Here is the ping statistics and tracert from the test laptop

Reply from 100.172.136.254: bytes=32 time<1ms TTL=254
Reply from 100.172.136.254: bytes=32 time<1ms TTL=254
Reply from 100.172.136.254: bytes=32 time<1ms TTL=254
Reply from 100.172.136.254: bytes=32 time=60ms TTL=249
Reply from 100.172.136.254: bytes=32 time=59ms TTL=249

Ping Analysis:

1. ICMP echo packet generated on the PC looks like,

Source : 192.168.222.2
Destination : 100.172.136.254

2. The Switch has a MAC address entry learnt through fa0/20 for 100.172.136.254 and it forwards to the router

__________________________________________________________
IPLABCS1#show ip arp 100.172.136.254
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 100.172.136.254         2   0000.0c07.ac01 ARPA   VLAN999
IPLABCS1#show mac-address-table address 0000.0c07.ac01
Non-static Address Table:
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- --------------------
0000.0c07.ac01       Dynamic        999 FastEthernet0/20
___________________________________________________________

3. The packet reaches the router and the ICMP echo reply packet generated on the Router looks like,
Destination : 192.168.222.2
Source : 100.172.136.254

The VLAN for 192.168.22.2 does NOT reside on MPLS and is created on the DSL router only. Now the MPLS router has to rely on routing table entry for the reply packet.

when the both the MPLS and DSL links are up, the return packet route via MPLS using EBGP.

LAB2821-2#show ip route 192.168.222.1
Routing entry for 192.168.222.0/24
Known via "bgp 65457", distance 20, metric 0
Tag 65000, type external
Last update from 152.164.152.169 01:36:18 ago
Routing Descriptor Blocks:
* 152.164.152.169, from 152.164.152.169, 01:36:18 ago
      Route metric is 0, traffic share count is 1
      AS Hops 2
      Route tag 65000
      MPLS label: none

when the DSL link is shut. The return packet routes locally using Eigrp.

LAB2821-2#show ip route 192.168.222.1
Routing entry for 192.168.222.0/24
Known via "eigrp 1", distance 90, metric 30720, type internal
Redistributing via eigrp 1
Last update from 100.172.136.253 on GigabitEthernet0/0, 00:00:21 ago
Routing Descriptor Blocks:
* 100.172.136.253, from 100.172.136.253, 00:00:21 ago, via GigabitEthernet0/0
      Route metric is 30720, traffic share count is 1
      Total delay is 200 microseconds, minimum bandwidth is 100000 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1

Hope I explained correctly.

Regards Vinayak

nkarpysh · ‎11-15-2011

Yeah, thats clear now - so it was return packet which was travelling across the WAN. I guess you can put static route for VLAN 3 pointing to internal network as it is only internal subnet. Or put a route filter to stop getting your internal routes from WAN.

Nik

HTH,
Niko