[132004] in North American Network Operators' Group
RE: GRE Tunnels and MPLS
daemon@ATHENA.MIT.EDU (Rettke, Brian)
Wed Nov 10 18:49:45 2010
From: "Rettke, Brian" <Brian.Rettke@cableone.biz>
To: "shimshah@cisco.com" <shimshah@cisco.com>
Date: Wed, 10 Nov 2010 16:49:39 -0700
In-Reply-To: <4CDB16AA.7080202@cisco.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
It's never been an MPLSoGRE Tunnel.
GRE Tunnel is doing EIGRP to advertise nonroutable networks to get to our p=
rovisioning system. This is IP based. On the network, it reaches the tunnel=
on the Co-lo router and the GRE header is removed. On egress, to return to=
a system, this interface is an MPLS interface.
I was not in the office, but the lead tech discovered that we were losing h=
alf of our web traffic. We turned off WCCP with no change. When he removed =
the MPLS IP command from the Co-location router, traffic returned to normal=
.
The odd part is, the traffic was not traffic that goes through the GRE tunn=
el. This was the public internet-bound traffic.
Sincerely,
Brian A . Rettke
RHCT, CCDP, CCNP, CCIP
Network Engineer, CableONE Internet Services
-----Original Message-----
From: Shimol Shah [mailto:shimshah@cisco.com]
Sent: Wednesday, November 10, 2010 3:03 PM
To: Rettke, Brian
Cc: nanog@nanog.org
Subject: Re: GRE Tunnels and MPLS
What exact commands did you add to get the MPLSoGRE working ? If you
remove them do the web traffic issues stop ? Is the traffic narrowed to
being dropped by the 7600 ?
Shimol
On 11/9/10 8:04 PM, Rettke, Brian wrote:
> It appears that about half of our web traffic is now being dropped, so pr=
oblems continue. I'll have to double check MTU and TCP adjust-mss settings,=
but other than that I have no idea. I've heard that there are some issues =
with MPLS using some of the 67xx linecards, and apparently this is going to=
be a huge problem for us.
> ________________________________________
> From: Shimol Shah [shimshah@cisco.com]
> Sent: Monday, November 08, 2010 1:19 PM
> To: nanog@nanog.org
> Subject: Re: GRE Tunnels and MPLS
>
> Good deal. Sounds like a plan.
>
> Shimol
>
> On 11/8/10 2:00 PM, Rettke, Brian wrote:
>> This seems to be working now with the 'mls mpls tunnel-recir' command en=
tered. There are some potential downsides, but this should get things up an=
d running until I create the new backup tunnels (GRE over IPSec) on a conne=
cted router that is not MPLS-enabled. Thanks!
>>
>> Sincerely,
>>
>> Brian A . Rettke
>> RHCT, CCDP, CCNP, CCIP
>> Network Engineer, CableONE Internet Services
>>
>>
>> ------------------------------
>>
>> Message: 6
>> Date: Thu, 04 Nov 2010 16:49:55 -0400
>> From: Shimol Shah<shimshah@cisco.com>
>> Subject: Re: GRE Tunnels and MPLS
>> To: nanog@nanog.org
>> Message-ID:<4CD31C73.80004@cisco.com>
>> Content-Type: text/plain; charset=3DISO-8859-1; format=3Dflowed
>>
>> Do you have recir enabled ? If not, good one to enable and check for
>> status of issue.
>>
>> http://www.cisco.com/en/US/docs/ios/mpls/command/reference/mp_m1.html#wp=
1012208
>>
>> "If you do not enable tunnel-MPLS recirculation, the IPv4 and
>> IPv4-tunneled packets that need to be labeled (for example, the packets
>> that are encapsulated with an MPLS header) will be corrupted when they
>> are transmitted from the Cisco 7600 series router."
>>
>> Shimol
>>
>> On 11/4/10 4:00 PM, Rettke, Brian wrote:
>>> Beginning work on our implementation of MPLS for the backbone network. =
I've run into difficulty with our GRE tunnels. The GRE Tunnel sits on our c=
o-lo router (a Cisco 7600), and it uses a route-map to push our 10.x modem =
traffic to our DHCP servers. This is because the backbone is not complete a=
nd DHCP traffic needs to traverse the internet. What I have found is that w=
hen I enable basic MPLS on the co-location interfaces that head back to the=
individual systems, DHCP traffic still works, but ICMP and other 10.x traf=
fic dies. There is also an intermittent problem with DHCP when it is enable=
d, where not all DISCOVERS are answered. I've tried everything I can think =
of, including adjusting MTU and TCP MSS. It only seems to impact when the c=
o-location router has a GRE tunnel on one buffer, which it terminates, and =
then it has to encapsulate traffic with an MPLS tag before sending out of t=
he other buffer. Theoretically, it should work, but I can't figure out if t=
here is some pr
o
> b
>> lem with MPLS' interaction with the tunnel. Has anyone encountered somet=
hing similar?
>>>
>>> Sincerely,
>>>
>>> Brian A . Rettke
>>> RHCT, CCDP, CCNP, CCIP
>>> Network Engineer, CableONE Internet Services
>>>
>>>
>>
>
