Virtual router, VLANs and lack of traffic on EX-3200

FtoR · 10-02-2009

Hello.

Misterious actions happen with my VR configuration.

EX3200-24

Interface State VLAN members Tag Tagging Blocking

ge-0/0/4.0 up VLAN39 39 untagged unblocked

VLAN39 {
    vlan-id 39;
    l3-interface vlan.39;
}

unit 39 {
    family inet {
        address xxx.xxx.224.1/25;
    }
}

VLAN39 {
vlan-id 39;
l3-interface vlan.39;
}

show routing-instances
INTERNAL {
    instance-type virtual-router;
    interface vlan.39;

    }
}

ICMP

1) The workstation is plugged into ge-0/0/4 interface, with ip address xxx.xxx.224.3/25
2) Run
WKS#ping xxx.xxx.224.1
3) tcpdump traffic
11:28:42.842438 00:01:d7:7a:31:03 > 00:1f:12:33:32:00, ethertype IPv4 (0x0800), length 98: xxx.xxx.224.3 > xxx.xxx.224.1: ICMP echo request, id 58457, seq 3, length 64
11:28:43.852475 00:01:d7:7a:31:03 > 00:1f:12:33:32:00, ethertype IPv4 (0x0800), length 98: xxx.xxx.224.3 > xxx.xxx.224.1: ICMP echo request, id 58457, seq 4, length 64

Summary: there is no icmp reply packets from workstation.

2) Run command from switch
SWITCH#run ping xxx.xxx.224.3 routing-instance INTERNAL
24 packets transmitted, 0 packets received, 100% packet loss

3) traffic
~~11:43:32.607778 00:01:d7:7a:31:03 > 00:1f:12:33:32:00, ethertype IPv4 (0x0800), length 98: xxx.xxx.224.3 > xxx.xxx.224.1: ICMP echo request, id 58457, seq 891, length 64~~
11:43:33.028905 00:01:d7:7a:31:03 > 00:1f:12:33:32:00, ethertype IPv4 (0x0800), length 98: xxx.xxx.224.3 > xxx.xxx.224.1: ICMP echo reply, id 26757, seq 38, length 64

Summary: icmp reply-packets from workstation to L3 RVI-interface (l3.vlan39) go to blackhole.

UDP traffic goes succefully from workstation to switch RVI-interface.
See that:
WKS# tracepath xxx.xxx.224.1
1: xxx.xxx.224.3 (xxx.xxx.224.3)

           0.119ms pmtu 1500
1: xxx.xxx.224.1 (xxx.xxx.224.1)                          2.904ms reached
     Resume: pmtu 1500 hops 1 back 1

12:46:30.198393 00:01:d7:7a:31:03 > 00:1f:12:33:32:00, ethertype IPv4 (0x0800), length 1514: xxx.xxx.224.3.32895 > xxx.xxx.224.1.44444: UDP, length 1472
12:46:30.200141 00:1f:12:33:32:00 > 00:01:d7:7a:31:03, ethertype IPv4 (0x0800), length 70: xxx.xxx.224.1 > xxx.xxx.224.3: ICMP xxx.xxx.224.1 udp port 44444 unreachable, length 36

Any suggestions?

Thanks

mikep · 06-30-2009

Hi,

I am wondering about ID and SEQ (which do not seem right at all) in this output:

11:43:32.607778 00:01:d7:7a:31:03 > 00:1f:12:33:32:00, ethertype IPv4 (0x0800), length 98: xxx.xxx.224.3 > xxx.xxx.224.1: ICMP echo request, id 58457, seq 891, length 64
11:43:33.028905 00:01:d7:7a:31:03 > 00:1f:12:33:32:00, ethertype IPv4 (0x0800), length 98: xxx.xxx.224.3 > xxx.xxx.224.1: ICMP echo reply, id 26757, seq 38, length 64

Another point to check is do you have any firewall filters configured?

I assume workstation is also configured as /25.

Kind Regards

Michael Pergament

FtoR · 10-02-2009

Sorry for that mix.

New dump is the following:

istening on eth3.999, link-type EN10MB (Ethernet), capture size 96 bytes
15:37:26.293956 00:1f:12:33:32:00 > 00:01:d7:7a:31:03, ethertype IPv4 (0x0800), length 98: xxx.xxx.224.1 > xxx.xxx.224.3: ICMP echo request, id 27594, seq 39, length 64
15:37:26.294153 00:01:d7:7a:31:03 > 00:1f:12:33:32:00, ethertype IPv4 (0x0800), length 98: xxx.xxx.224.3 > xxx.xxx.224.1: ICMP echo reply, id 27594, seq 39, length 64
15:37:27.295754 00:1f:12:33:32:00 > 00:01:d7:7a:31:03, ethertype IPv4 (0x0800), length 98: xxx.xxx.224.1 > xxx.xxx.224.3: ICMP echo request, id 27594, seq 40, length 64
15:37:27.295903 00:01:d7:7a:31:03 > 00:1f:12:33:32:00, ethertype IPv4 (0x0800), length 98: xxx.xxx.224.3 > xxx.xxx.224.1: ICMP echo reply, id 27594, seq 40, length 64
15:37:28.296855 00:1f:12:33:32:00 > 00:01:d7:7a:31:03, ethertype IPv4 (0x0800), length 98: xxx.xxx.224.1 > xxx.xxx.224.3: ICMP echo request, id 27594, seq 41, length 64
15:37:28.297104 00:01:d7:7a:31:03 > 00:1f:12:33:32:00, ethertype IPv4 (0x0800), length 98: xxx.xxx.224.3 > xxx.xxx.224.1: ICMP echo reply, id 27594, seq 41, length 64

mikep · 06-30-2009

Hi,

which software version are you using? Do you have any firewall filters in place?

Kind Regards

Michael Pergament

FtoR · 10-02-2009

No firewall between workstation and switch.

The only solution - put vlan.39 interface into global table instead of VR.

#run show system software
Information for jbase:

Comment:
JUNOS Base OS Software Suite [9.6R1.13]
....

mikep · 06-30-2009

Hi,

it does not seem right to me. You should open a case.

Kind Regards

Michael Pergament

FtoR · 10-02-2009

Addition:

Control traffic goes also succesfully (tcp 179 for bgp, ospf multicast 224.0.0.5,6, BPDU for vstp).

FtoR · 10-02-2009

Software upgrade to 9.6R2.11 on EX-3200-24 has resolved this issue!

There is an urgent necessity to open a case about VRF (virtual routing type) in 9.6.R1.13 right now, it's obvious BUG in JunOS for unicast icmp and tcp traffic.

mikep · 06-30-2009

Hi,

could you please open a case?

Kind Regards

Michael Pergament

FtoR · 10-02-2009

Due to lack of the current contract I'm not able to do that now.

Virtual router, VLANs and lack of traffic on EX-3200

Re: Virtual router, VLANs and lack of traffic on EX-3200

Re: Virtual router, VLANs and lack of traffic on EX-3200

Re: Virtual router, VLANs and lack of traffic on EX-3200

Re: Virtual router, VLANs and lack of traffic on EX-3200

Re: Virtual router, VLANs and lack of traffic on EX-3200

Re: Virtual router, VLANs and lack of traffic on EX-3200

Re: Virtual router, VLANs and lack of traffic on EX-3200

Re: Virtual router, VLANs and lack of traffic on EX-3200

Re: Virtual router, VLANs and lack of traffic on EX-3200