This seems to be working now with the 'mls mpls tunnel-recir' command entered. There are some potential downsides, but this should get things up and running until I create the new backup tunnels (GRE over IPSec) on a connected router that is not MPLS-enabled. Thanks! Sincerely, Brian A . Rettke RHCT, CCDP, CCNP, CCIP Network Engineer, CableONE Internet Services ------------------------------ Message: 6 Date: Thu, 04 Nov 2010 16:49:55 -0400 From: Shimol Shah <shimshah@cisco.com> Subject: Re: GRE Tunnels and MPLS To: nanog@nanog.org Message-ID: <4CD31C73.80004@cisco.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Do you have recir enabled ? If not, good one to enable and check for status of issue. http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_m1.html#wp1012... "If you do not enable tunnel-MPLS recirculation, the IPv4 and IPv4-tunneled packets that need to be labeled (for example, the packets that are encapsulated with an MPLS header) will be corrupted when they are transmitted from the Cisco 7600 series router." Shimol On 11/4/10 4:00 PM, Rettke, Brian wrote:
Beginning work on our implementation of MPLS for the backbone network. I've run into difficulty with our GRE tunnels. The GRE Tunnel sits on our co-lo router (a Cisco 7600), and it uses a route-map to push our 10.x modem traffic to our DHCP servers. This is because the backbone is not complete and DHCP traffic needs to traverse the internet. What I have found is that when I enable basic MPLS on the co-location interfaces that head back to the individual systems, DHCP traffic still works, but ICMP and other 10.x traffic dies. There is also an intermittent problem with DHCP when it is enabled, where not all DISCOVERS are answered. I've tried everything I can think of, including adjusting MTU and TCP MSS. It only seems to impact when the co-location router has a GRE tunnel on one buffer, which it terminates, and then it has to encapsulate traffic with an MPLS tag before sending out of the other buffer. Theoretically, it should work, but I can't figure out if there is some prob lem with MPLS' interaction with the tunnel. Has anyone encountered something similar?
Sincerely,
Brian A . Rettke RHCT, CCDP, CCNP, CCIP Network Engineer, CableONE Internet Services
Good deal. Sounds like a plan. Shimol On 11/8/10 2:00 PM, Rettke, Brian wrote:
This seems to be working now with the 'mls mpls tunnel-recir' command entered. There are some potential downsides, but this should get things up and running until I create the new backup tunnels (GRE over IPSec) on a connected router that is not MPLS-enabled. Thanks!
Sincerely,
Brian A . Rettke RHCT, CCDP, CCNP, CCIP Network Engineer, CableONE Internet Services
------------------------------
Message: 6 Date: Thu, 04 Nov 2010 16:49:55 -0400 From: Shimol Shah<shimshah@cisco.com> Subject: Re: GRE Tunnels and MPLS To: nanog@nanog.org Message-ID:<4CD31C73.80004@cisco.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Do you have recir enabled ? If not, good one to enable and check for status of issue.
http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_m1.html#wp1012...
"If you do not enable tunnel-MPLS recirculation, the IPv4 and IPv4-tunneled packets that need to be labeled (for example, the packets that are encapsulated with an MPLS header) will be corrupted when they are transmitted from the Cisco 7600 series router."
Shimol
On 11/4/10 4:00 PM, Rettke, Brian wrote:
Beginning work on our implementation of MPLS for the backbone network. I've run into difficulty with our GRE tunnels. The GRE Tunnel sits on our co-lo router (a Cisco 7600), and it uses a route-map to push our 10.x modem traffic to our DHCP servers. This is because the backbone is not complete and DHCP traffic needs to traverse the internet. What I have found is that when I enable basic MPLS on the co-location interfaces that head back to the individual systems, DHCP traffic still works, but ICMP and other 10.x traffic dies. There is also an intermittent problem with DHCP when it is enabled, where not all DISCOVERS are answered. I've tried everything I can think of, including adjusting MTU and TCP MSS. It only seems to impact when the co-location router has a GRE tunnel on one buffer, which it terminates, and then it has to encapsulate traffic with an MPLS tag before sending out of the other buffer. Theoretically, it should work, but I can't figure out if there is some pro b lem with MPLS' interaction with the tunnel. Has anyone encountered something similar?
Sincerely,
Brian A . Rettke RHCT, CCDP, CCNP, CCIP Network Engineer, CableONE Internet Services
It appears that about half of our web traffic is now being dropped, so problems continue. I'll have to double check MTU and TCP adjust-mss settings, but other than that I have no idea. I've heard that there are some issues with MPLS using some of the 67xx linecards, and apparently this is going to be a huge problem for us. ________________________________________ From: Shimol Shah [shimshah@cisco.com] Sent: Monday, November 08, 2010 1:19 PM To: nanog@nanog.org Subject: Re: GRE Tunnels and MPLS Good deal. Sounds like a plan. Shimol On 11/8/10 2:00 PM, Rettke, Brian wrote:
This seems to be working now with the 'mls mpls tunnel-recir' command entered. There are some potential downsides, but this should get things up and running until I create the new backup tunnels (GRE over IPSec) on a connected router that is not MPLS-enabled. Thanks!
Sincerely,
Brian A . Rettke RHCT, CCDP, CCNP, CCIP Network Engineer, CableONE Internet Services
------------------------------
Message: 6 Date: Thu, 04 Nov 2010 16:49:55 -0400 From: Shimol Shah<shimshah@cisco.com> Subject: Re: GRE Tunnels and MPLS To: nanog@nanog.org Message-ID:<4CD31C73.80004@cisco.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Do you have recir enabled ? If not, good one to enable and check for status of issue.
http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_m1.html#wp1012...
"If you do not enable tunnel-MPLS recirculation, the IPv4 and IPv4-tunneled packets that need to be labeled (for example, the packets that are encapsulated with an MPLS header) will be corrupted when they are transmitted from the Cisco 7600 series router."
Shimol
On 11/4/10 4:00 PM, Rettke, Brian wrote:
Beginning work on our implementation of MPLS for the backbone network. I've run into difficulty with our GRE tunnels. The GRE Tunnel sits on our co-lo router (a Cisco 7600), and it uses a route-map to push our 10.x modem traffic to our DHCP servers. This is because the backbone is not complete and DHCP traffic needs to traverse the internet. What I have found is that when I enable basic MPLS on the co-location interfaces that head back to the individual systems, DHCP traffic still works, but ICMP and other 10.x traffic dies. There is also an intermittent problem with DHCP when it is enabled, where not all DISCOVERS are answered. I've tried everything I can think of, including adjusting MTU and TCP MSS. It only seems to impact when the co-location router has a GRE tunnel on one buffer, which it terminates, and then it has to encapsulate traffic with an MPLS tag before sending out of the other buffer. Theoretically, it should work, but I can't figure out if there is some pro b lem with MPLS' interaction with the tunnel. Has anyone encountered something similar?
Sincerely,
Brian A . Rettke RHCT, CCDP, CCNP, CCIP Network Engineer, CableONE Internet Services
What exact commands did you add to get the MPLSoGRE working ? If you remove them do the web traffic issues stop ? Is the traffic narrowed to being dropped by the 7600 ? Shimol On 11/9/10 8:04 PM, Rettke, Brian wrote:
It appears that about half of our web traffic is now being dropped, so problems continue. I'll have to double check MTU and TCP adjust-mss settings, but other than that I have no idea. I've heard that there are some issues with MPLS using some of the 67xx linecards, and apparently this is going to be a huge problem for us. ________________________________________ From: Shimol Shah [shimshah@cisco.com] Sent: Monday, November 08, 2010 1:19 PM To: nanog@nanog.org Subject: Re: GRE Tunnels and MPLS
Good deal. Sounds like a plan.
Shimol
On 11/8/10 2:00 PM, Rettke, Brian wrote:
This seems to be working now with the 'mls mpls tunnel-recir' command entered. There are some potential downsides, but this should get things up and running until I create the new backup tunnels (GRE over IPSec) on a connected router that is not MPLS-enabled. Thanks!
Sincerely,
Brian A . Rettke RHCT, CCDP, CCNP, CCIP Network Engineer, CableONE Internet Services
------------------------------
Message: 6 Date: Thu, 04 Nov 2010 16:49:55 -0400 From: Shimol Shah<shimshah@cisco.com> Subject: Re: GRE Tunnels and MPLS To: nanog@nanog.org Message-ID:<4CD31C73.80004@cisco.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Do you have recir enabled ? If not, good one to enable and check for status of issue.
http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_m1.html#wp1012...
"If you do not enable tunnel-MPLS recirculation, the IPv4 and IPv4-tunneled packets that need to be labeled (for example, the packets that are encapsulated with an MPLS header) will be corrupted when they are transmitted from the Cisco 7600 series router."
Shimol
On 11/4/10 4:00 PM, Rettke, Brian wrote:
Beginning work on our implementation of MPLS for the backbone network. I've run into difficulty with our GRE tunnels. The GRE Tunnel sits on our co-lo router (a Cisco 7600), and it uses a route-map to push our 10.x modem traffic to our DHCP servers. This is because the backbone is not complete and DHCP traffic needs to traverse the internet. What I have found is that when I enable basic MPLS on the co-location interfaces that head back to the individual systems, DHCP traffic still works, but ICMP and other 10.x traffic dies. There is also an intermittent problem with DHCP when it is enabled, where not all DISCOVERS are answered. I've tried everything I can think of, including adjusting MTU and TCP MSS. It only seems to impact when the co-location router has a GRE tunnel on one buffer, which it terminates, and then it has to encapsulate traffic with an MPLS tag before sending out of the other buffer. Theoretically, it should work, but I can't figure out if there is some pr o b lem with MPLS' interaction with the tunnel. Has anyone encountered something similar?
Sincerely,
Brian A . Rettke RHCT, CCDP, CCNP, CCIP Network Engineer, CableONE Internet Services
It's never been an MPLSoGRE Tunnel. GRE Tunnel is doing EIGRP to advertise nonroutable networks to get to our provisioning system. This is IP based. On the network, it reaches the tunnel on the Co-lo router and the GRE header is removed. On egress, to return to a system, this interface is an MPLS interface. I was not in the office, but the lead tech discovered that we were losing half of our web traffic. We turned off WCCP with no change. When he removed the MPLS IP command from the Co-location router, traffic returned to normal. The odd part is, the traffic was not traffic that goes through the GRE tunnel. This was the public internet-bound traffic. Sincerely, Brian A . Rettke RHCT, CCDP, CCNP, CCIP Network Engineer, CableONE Internet Services -----Original Message----- From: Shimol Shah [mailto:shimshah@cisco.com] Sent: Wednesday, November 10, 2010 3:03 PM To: Rettke, Brian Cc: nanog@nanog.org Subject: Re: GRE Tunnels and MPLS What exact commands did you add to get the MPLSoGRE working ? If you remove them do the web traffic issues stop ? Is the traffic narrowed to being dropped by the 7600 ? Shimol On 11/9/10 8:04 PM, Rettke, Brian wrote:
It appears that about half of our web traffic is now being dropped, so problems continue. I'll have to double check MTU and TCP adjust-mss settings, but other than that I have no idea. I've heard that there are some issues with MPLS using some of the 67xx linecards, and apparently this is going to be a huge problem for us. ________________________________________ From: Shimol Shah [shimshah@cisco.com] Sent: Monday, November 08, 2010 1:19 PM To: nanog@nanog.org Subject: Re: GRE Tunnels and MPLS
Good deal. Sounds like a plan.
Shimol
On 11/8/10 2:00 PM, Rettke, Brian wrote:
This seems to be working now with the 'mls mpls tunnel-recir' command entered. There are some potential downsides, but this should get things up and running until I create the new backup tunnels (GRE over IPSec) on a connected router that is not MPLS-enabled. Thanks!
Sincerely,
Brian A . Rettke RHCT, CCDP, CCNP, CCIP Network Engineer, CableONE Internet Services
------------------------------
Message: 6 Date: Thu, 04 Nov 2010 16:49:55 -0400 From: Shimol Shah<shimshah@cisco.com> Subject: Re: GRE Tunnels and MPLS To: nanog@nanog.org Message-ID:<4CD31C73.80004@cisco.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Do you have recir enabled ? If not, good one to enable and check for status of issue.
http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_m1.html#wp1012...
"If you do not enable tunnel-MPLS recirculation, the IPv4 and IPv4-tunneled packets that need to be labeled (for example, the packets that are encapsulated with an MPLS header) will be corrupted when they are transmitted from the Cisco 7600 series router."
Shimol
On 11/4/10 4:00 PM, Rettke, Brian wrote:
Beginning work on our implementation of MPLS for the backbone network. I've run into difficulty with our GRE tunnels. The GRE Tunnel sits on our co-lo router (a Cisco 7600), and it uses a route-map to push our 10.x modem traffic to our DHCP servers. This is because the backbone is not complete and DHCP traffic needs to traverse the internet. What I have found is that when I enable basic MPLS on the co-location interfaces that head back to the individual systems, DHCP traffic still works, but ICMP and other 10.x traffic dies. There is also an intermittent problem with DHCP when it is enabled, where not all DISCOVERS are answered. I've tried everything I can think of, including adjusting MTU and TCP MSS. It only seems to impact when the co-location router has a GRE tunnel on one buffer, which it terminates, and then it has to encapsulate traffic with an MPLS tag before sending out of the other buffer. Theoretically, it should work, but I can't figure out if there is some pr o b lem with MPLS' interaction with the tunnel. Has anyone encountered something similar?
Sincerely,
Brian A . Rettke RHCT, CCDP, CCNP, CCIP Network Engineer, CableONE Internet Services
participants (2)
-
Rettke, Brian -
Shimol Shah