LAB881#show ip route 126.96.36.199 Routing entry for 188.8.131.52/24 Known via "connected", distance 0, metric 0 (connected, via interface) Redistributing via eigrp 1 Routing Descriptor Blocks: * directly connected, via Vlan999 Route metric is 0, traffic share count is 1
__________________________________________ IPLABCS1#show run int fa 0/19 Building configuration...
Current configuration: ! interface FastEthernet0/19 switchport trunk encapsulation dot1q switchport trunk native vlan 999 switchport mode trunk switchport priority extend cos 0 spanning-tree portfast end IPLABCS1#show run int fa 0/20 Building configuration...
Current configuration: ! interface FastEthernet0/20 description connection to 2821 router Main with 3MB link switchport access vlan 999 spanning-tree portfast end _______________________________________ LAB2821-2#show run int gi 0/0 Building configuration...
Current configuration : 466 bytes ! interface GigabitEthernet0/0 ip address 184.108.40.206 255.255.255.0 ip helper-address 220.127.116.11 no ip redirects no ip unreachables no ip proxy-arp ip wccp 61 redirect in standby 1 ip 18.104.22.168 standby 1 timers 1 3 standby 1 priority 200 standby 1 preempt standby 1 name NETW_MGMT_VLAN standby 1 track 1 decrement 100 duplex auto speed auto no mop enabled h323-gateway voip interface h323-gateway voip bind srcaddr 22.214.171.124 end _______________________________________________
You can see TTL actually decreased going through tunnel:
TTL=249 against TTL=255.
So it passed few hops indeed that way thus delay increased. Trace could be seen as same if that path is through MPLS. MPLS can decrease TTL hop by hop doing switching (copying IP ttl to MPLS header) but reply would actually received by your PC from routers which aware of your PC. Not from MPLS P routers which don't care about Customer edge.
Do you have ny VPLS or EoMPLS? It seems that you are getting ARP for 100.72.136.254 on LAB881 from tunnel somehow. If sh ip route you pasted above is taken when tunnel was up - routing should be done between VLAN 3 and 999.
One more thing to check if any policy based routing configured forcing these traffic to tunnel. So config from LAB881 would be helpfull to check.
2. The Switch has a MAC address entry learnt through fa0/20 for 126.96.36.199 and it forwards to the router
__________________________________________________________ IPLABCS1#show ip arp 188.8.131.52 Protocol Address Age (min) Hardware Addr Type Interface Internet 184.108.40.206 2 0000.0c07.ac01 ARPA VLAN999 IPLABCS1#show mac-address-table address 0000.0c07.ac01 Non-static Address Table: Destination Address Address Type VLAN Destination Port ------------------- ------------ ---- -------------------- 0000.0c07.ac01 Dynamic 999 FastEthernet0/20 ___________________________________________________________
3. The packet reaches the router and the ICMP echo reply packet generated on the Router looks like, Destination : 192.168.222.2 Source : 220.127.116.11
The VLAN for 192.168.22.2 does NOT reside on MPLS and is created on the DSL router only. Now the MPLS router has to rely on routing table entry for the reply packet.
when the both the MPLS and DSL links are up, the return packet route via MPLS using EBGP.
LAB2821-2#show ip route 192.168.222.1 Routing entry for 192.168.222.0/24 Known via "bgp 65457", distance 20, metric 0 Tag 65000, type external Last update from 18.104.22.168 01:36:18 ago Routing Descriptor Blocks: * 22.214.171.124, from 126.96.36.199, 01:36:18 ago Route metric is 0, traffic share count is 1 AS Hops 2 Route tag 65000 MPLS label: none
when the DSL link is shut. The return packet routes locally using Eigrp.
LAB2821-2#show ip route 192.168.222.1 Routing entry for 192.168.222.0/24 Known via "eigrp 1", distance 90, metric 30720, type internal Redistributing via eigrp 1 Last update from 188.8.131.52 on GigabitEthernet0/0, 00:00:21 ago Routing Descriptor Blocks: * 184.108.40.206, from 220.127.116.11, 00:00:21 ago, via GigabitEthernet0/0 Route metric is 30720, traffic share count is 1 Total delay is 200 microseconds, minimum bandwidth is 100000 Kbit Reliability 255/255, minimum MTU 1500 bytes Loading 1/255, Hops 1
Yeah, thats clear now - so it was return packet which was travelling across the WAN. I guess you can put static route for VLAN 3 pointing to internal network as it is only internal subnet. Or put a route filter to stop getting your internal routes from WAN.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...