12-13-2010 01:15 PM
Here's a wierd one... I've got a WXC 500 with the following:
config route-poll set mode none
config rip set rip off
config ospf set ospf off
But when I go to local routes, I keep getting routes added... I delete them and they come back...
I'm sure I'm missing something simple...
12-13-2010 01:59 PM
Which version of the code are you using on WXC?
I am assuming that the local routes were added along with some costs? Is that right?
Please send me the diagnostic file.
12-13-2010 02:34 PM
That's the thing.. they weren't added.
They aren't in the config, and when I hit the delete button, they'll delete, but then come back...
12-13-2010 03:04 PM
Are you talking about the following routes;
Number of routes: 9
Destination Netmask Gateway Type Timer
0.0.0.0 0.0.0.0 192.168.28.1 static 10
127.0.0.1 0.0.0.0 127.0.0.1 dynamic -
172.16.2.7 0.0.0.0 192.168.28.2 redirect -
172.16.152.34 0.0.0.0 192.168.28.2 redirect -
192.168.21.7 0.0.0.0 192.168.28.2 redirect -
192.168.25.7 0.0.0.0 192.168.28.2 redirect -
192.168.28.0 255.255.255.0 192.168.28.7 dynamic -
192.168.29.7 0.0.0.0 192.168.28.2 redirect -
192.168.44.7 0.0.0.0 192.168.28.2 redirect -
Your logs are filled with the following errors;
I10 SR: SA not on WAN side. ip=192.168.21.7.
I10 SR: SA not on WAN side. ip=192.168.27.7.
I10 SR: SA not on WAN side. ip=192.168.44.7.
I10 SR: SA not on WAN side. ip=192.168.29.7.
I10 SR: SA not on WAN side. ip=192.168.25.7.
let's take the example of 192.168.27.7 in the logs. It shows clearly that the log has been learned from the local side as well as the remote side. When the WX learns it from the remote side, it sets the "wanSide" flag to "1" and brings the tunnel up. But when it detects the same route learned from the local side it gets confused and does the reverse i.e. "wanSide" flag = "0" and brings the tunnel down.
Here are some of the logs;
2010-12-13 13:46:11 1FD12BA8 I22 CTRL: wan flag updated. ip=192.168.27.7 wanSide=0
2010-12-13 13:46:11 1FD12BA8 I10 SR: SA not on WAN side. ip=192.168.27.7.
2010-12-13 13:46:11 1FD12BA8 I10 SR: ccCompSvcRoutine: Removing session. SA ip=192.168.27.7 unit=0 sessid=5
2010-12-13 13:46:11 0BFB4410 I10 SR: stopping RDTP tunnel. unitid=0 sesid=5
2010-12-13 13:46:11 0BFB4410 I10 SR: stopped RDTP tunnel. unitid=0 sesid=5 count=0 status=0
2010-12-13 13:46:11 0BFB4410 I26 RDTPRC: remove tunnel. unit=0 sesid=5 ip=71ba8c0 mtid=0 status=0
2010-12-13 13:46:11 110B54CC I11 [email@example.com eventtime="1292273171" metric="Decompressor Session Closed" sev="warn" type="sys"] SA: Session closed - ip=192.168.27.7 unit=0 sesid=5 mtid=0
2010-12-13 13:46:11 110B54CC I17 SNMP enterprise trap: 'Decompressor Session Closed' not sent: SNMP/traps disabled (or) no trap destination
2010-12-13 13:48:11 1FD12BA8 I22 CTRL: wan flag updated. ip=192.168.27.7 wanSide=1
2010-12-13 13:48:11 0EE931AC I10 SR: ccControl: session negotiation - remoteip=192.168.27.7 mtid=0 unitid=0, localip=192.168.28.7
2010-12-13 13:48:11 0EE931AC I10 SR: negotiation - starting. ip=71ba8c0 flags=20 sock=38
2010-12-13 13:48:11 0EE931AC I10 SR: negotiation - initial ack received. SA=192.168.27.7 version=9 flags=0x200
2010-12-13 13:48:11 0EE931AC I10 SR: session negotiation - RP BIT set. dcip=192.168.27.7.
2010-12-13 13:48:11 0EE931AC I26 RDTPRC: add tunnel. unit=0 sesid=5 ip=71ba8c0 mtid=0 status=0
2010-12-13 13:48:11 0EE931AC O10 [firstname.lastname@example.org eventtime="1292273291" metric="Compressor Session Opened" sev="ok" type="sys"] SR: Session opened - ip=192.168.27.7 unit=0 sesid=5 mtid=0.
My guess is that you have a routing loop in your network and that is why the same route is being advertized from two directions to WX.
I also could not understand when you say "even though it is off" in the title. What is off? I see the WXC having many tunnels in the diagnostic file.
12-14-2010 10:02 AM
I've seen this in 5.7.2 code where ICMP redirects are being sent from the default gateway pointing the route to a different gateway than what is configured in the WXC..are you positive the gateway for the WXC is the egress router?
12-20-2010 06:48 PM
I'm positive it's supposed to be, but the router jockeys had something screwed up with the vlanning, and its possible they had it pointing stuff at the other router too...
Here's what it should have looked like... but link carrying vlan105 also had vlan 5 on it... and some other assorted router noise...
voice PRIs wan
vlan105 (voip) |vlan 5
12-21-2010 08:32 AM