Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Nexus 7k - configuration of int tunnel failed

I cannot configure a tunnel interface on a Nexus 7k

feature tunnel was enabled

config:

                  

clu# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

clu(config)# feature tunnel

clu(config)# interface tunnel 0

clu(config-if)# tunnel source loopback1 clusaug(config-if)# tunnel destination 171.48.25.21 clusaug(config-if)# ip address 171.57.252.53/31 clusaug(config-if)# no shutdown

clu#

clu# sh interface tunnel 0 Tunnel0 is down (Hardware prog failed)

     Admin State: up

     Internet address is 171.57.252.53/31

     MTU 1476 bytes, BW 9 Kbit

     Tunnel protocol/transport GRE/IP

     Tunnel source 171.57.252.51 (loopback1), destination 171.48.25.21

     Transport protocol is in VRF "default"

     Rx

     0 packets input, 1 minute input rate 0 packets/sec

     Tx

     0 packets output, 1 minute output rate 0 packets/sec

     Last clearing of "show interface" counters never

clu# sh logging last 2

2014 Jan 22 14:00:03 clu %VSHD-5-VSHD_SYSLOG_CONFIG_I: Configured from vty by su on 109.1.19.

125@pts/2

2014 Jan 22 14:01:10 clu last message repeated 1 time

Cannot find any hints to "Hardware prog failed"

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Nexus 7k - configuration of int tunnel failed

Hi Holger,

Please attach using the insert image option on the reply window. It should be on the top next to bullet and numbering option. If you want, send me an email at amisin@gmail.com.

Cheers,

-amit singh

7 REPLIES
Cisco Employee

Nexus 7k - configuration of int tunnel failed

Holger,

How does the config looks like on your boxes? Are you using a lot of ACL's?

Could you paste the output of "Show system internal access-list resource utilization" ?

Do you have some tunnel debugs as well?

Cheers,

-amit singh

Community Member

Nexus 7k - configuration of int tunnel failed

Hi,

there are only a few (8) ACL's configured.

Output from Show system internal access-list resource utilization:

slot 2

=======

INSTANCE 0x0

-------------

         ACL Hardware Resource Utilization (Mod 2)

         --------------------------------------------

                         Used   Free   Percent

                                         Utilization

-----------------------------------------------------

Tcam 0, Bank 0           1       16383   0.01

Tcam 0, Bank 1           2       16382   0.01

Tcam 1, Bank 0           154     16230   0.94

Tcam 1, Bank 1           201     16183   1.23

LOU                       2       102     1.92

Both LOU Operands         0

Single LOU Operands       2

LOU L4 src port:         1

LOU L4 dst port:         1

LOU L3 packet len:       0

LOU IP tos:               0

LOU IP dscp:             0

LOU ip precedence:       0

LOU ip TTL:              0

TCP Flags                 1       15     6.25

Protocol CAM             4       3       57.14

Mac Etype/Proto CAM       0       14     0.00

Non L4op labels, Tcam 0   0       6143   0.00

Non L4op labels, Tcam 1   4       6139   0.06

L4 op labels, Tcam 0     0       2047   0.00

L4 op labels, Tcam 1     2       2045   0.09

Ingress Dest info table   1       511     0.19

Egress Dest info table   0       512     0.00

slot 4

=======

INSTANCE 0x0

-------------

         ACL Hardware Resource Utilization (Mod 4)

         --------------------------------------------

                         Used   Free   Percent

                                         Utilization

-----------------------------------------------------

Tcam 0, Bank 0           1       16383   0.01

Tcam 0, Bank 1           2       16382   0.01

Tcam 1, Bank 0           321     16063   1.96

Tcam 1, Bank 1           201     16183   1.23

LOU                       3       101     2.88

Both LOU Operands         1

Single LOU Operands       2

LOU L4 src port:         1

LOU L4 dst port:         1

LOU L3 packet len:       0

LOU IP tos:               0

LOU IP dscp:             0

LOU ip precedence:       0

LOU ip TTL:               0

TCP Flags                 1       15     6.25

Protocol CAM             7       0       100.00

Mac Etype/Proto CAM       0       14     0.00

Non L4op labels, Tcam 0   0       6143   0.00

Non L4op labels, Tcam 1   2       6141   0.03

L4 op labels, Tcam 0     0       2047   0.00

L4 op labels, Tcam 1     3       2044   0.14

Ingress Dest info table   1       511     0.19

Egress Dest info table   0       512     0.00

slot 5

=======

NOT Supported in SUP ACLQOS

slot 6

=======

NOT Supported in SUP ACLQOS

slot 7

=======

INSTANCE 0x0

-------------

         ACL Hardware Resource Utilization (Mod 7)

         --------------------------------------------

                         Used   Free   Percent

                                         Utilization

-----------------------------------------------------

Tcam 0, Bank 0           1       16383   0.01

Tcam 0, Bank 1           2       16382   0.01

Tcam 1, Bank 0           321     16063   1.96

Tcam 1, Bank 1           201     16183   1.23

LOU                       3       101     2.88

Both LOU Operands         1

Single LOU Operands       2

LOU L4 src port:         1

LOU L4 dst port:         1

LOU L3 packet len:       0

LOU IP tos:               0

LOU IP dscp:             0

LOU ip precedence:       0

LOU ip TTL:               0

TCP Flags                 1       15     6.25

Protocol CAM             7       0       100.00

Mac Etype/Proto CAM       0       14     0.00

Non L4op labels, Tcam 0   0       6143   0.00

Non L4op labels, Tcam 1   2       6141   0.03

L4 op labels, Tcam 0     0       2047   0.00

L4 op labels, Tcam 1     3       2044   0.14

Ingress Dest info table   1       511     0.19

Egress Dest info table   0       512     0.00

slot 9

=======

INSTANCE 0x0

-------------

         ACL Hardware Resource Utilization (Mod 9)

         --------------------------------------------

                         Used   Free   Percent

                                          Utilization

-----------------------------------------------------

Tcam 0, Bank 0           1       16383   0.01

Tcam 0, Bank 1           2       16382   0.01

Tcam 1, Bank 0           150     16234   0.92

Tcam 1, Bank 1           201     16183   1.23

LOU                       2       102     1.92

Both LOU Operands         0

Single LOU Operands       2

LOU L4 src port:         1

LOU L4 dst port:         1

LOU L3 packet len:       0

LOU IP tos:              0

LOU IP dscp:             0

LOU ip precedence:       0

LOU ip TTL:               0

TCP Flags                 1       15     6.25

Protocol CAM             4       3       57.14

Mac Etype/Proto CAM       0       14     0.00

Non L4op labels, Tcam 0   0       6143   0.00

Non L4op labels, Tcam 1   2       6141   0.03

L4 op labels, Tcam 0     0       2047   0.00

L4 op labels, Tcam 1     2       2045   0.09

Ingress Dest info table   1       511     0.19

Egress Dest info table   0       512     0.00

Cheers,

Holger

Cisco Employee

Re: Nexus 7k - configuration of int tunnel failed

Hi Holger,

Check this, we have different internal protocols and looks like its been utilized 100%

Protocol CAM             7       0       100.00

Please can you "show system internal access-list input entries "

Capture the above output in one file

And in another file

"show system internal access-list input entries detail"

An L4 protocol entry refers to an ACE that matches a specific L4 protocol
number like TCP, UDP, ICMP, OSPF, etc... The N7k (at least for M1 modules)
can match against a fixed number of user defined L4 protocols. Software
maintains a list of entries on a per module basis. These entries are shared
by all ACLs on the module between each VDC for input and output ACLs. In
other words, each module has a fixed number of indexes that is shared
between all VDCs in the system. Different modules can maintain different
indexes depending on what features are applied.

Currently there is a maximum of 7, L4 protocols that can be dynamically
allocated.

We have the following protocols

112 - VRRP
53 - SWIPE       
55 - MOBILE
77 - SUN-ND
51 - AH
88 - EIGRP
89 - OSPFIGP

All of this has been utilized by access list and qos policies applied 

What we should do now is , review the ACL applied and remove a few entries that match the above protocol number.
Or use any other way to match the same traffic -  

For example 

IP access list VRRP         
permit 112 any 224.0.0.0/24

IP access list PIM         
permit ahp any 224.0.0.13/32 

to:

IP access list VRRP         
permit ip any 224.0.0.18/32

IP access list PIM        
permit ip any 224.0.0.13/32

Hope this helps.

Cheers,

-amit singh

Community Member

Re: Nexus 7k - configuration of int tunnel failed

Hi Amit,

I got the outputs from both commands. I wonder if you can see anything out of it. How can I add these file to this forum (it' s the first I am using it ;-)

Cheers,

Holger

Cisco Employee

Nexus 7k - configuration of int tunnel failed

Hi Holger,

Please attach using the insert image option on the reply window. It should be on the top next to bullet and numbering option. If you want, send me an email at amisin@gmail.com.

Cheers,

-amit singh

Community Member

Re: Nexus 7k - configuration of int tunnel failed

Hi Amit,

we changed the ACLs a bit, so "Protcol CAM" utilization is below 100 percent, but it is still impossible to configure tunnel interface. Any other ideas?

Cheers,  Holger

Community Member

Nexus 7k - configuration of int tunnel failed

after sub switchover (and back) problem is solved

946
Views
0
Helpful
7
Replies
CreatePlease to create content