It is currently Fri Nov 17, 2017 5:17 pm


All times are UTC




Post new topic Reply to topic  [ 8 posts ] 
Author Message
 Post subject: vlan tagging issue with VPC
PostPosted: Thu Oct 16, 2014 9:08 pm 
Offline

Joined: Mon May 31, 2010 8:12 am
Posts: 34
I am trying to lab up a scenario to demonstrate to me arp/cam table timing issues (e.g. http://www.ciscozine.com/unicast-floodi ... c-routing/), requiring asymmetric routing.

topology attached.

I have placed wireshark on the trunk link between the switches.

When S2 pings FTP-Client, both ping requests and replies are tagged VLAN100.
When FTP-Client pings S2, both ping requests and replies are tagged VLAN200.

When S2 pings microcore linux 21, expected behaviour, ping requests are tagged VLAN100, replies are tagged VLAN200.
When micocore linux 21 pings S2, both ping requests and replies are tagged VLAN200.

When microcore Linux 22 pings Microcore Linux 21, expected behavirour, ping requests VLAN100, replies VLAN200.
When micocore Linux 21 pings Microcore Linux 22, expected behaviour, ping requests VLAN200, replies VLAN100.

So the VLANs are only being incorrectly tagged where the target is a VPC. I dont understand why this would be so.


GNS3 1.0beta latest public release. Linux. c3745-adventerprisek9-mz.124-15.T14



=============================================================
FTP-Cl> sh

NAME IP/MASK GATEWAY MAC LPORT RHOST:PORT
FTP-Cl 10.0.0.100/24 10.0.0.1 00:50:79:66:68:01 20001 127.0.0.1:10001
fe80::250:79ff:fe66:6801/64


=============================================================
S2> sh

NAME IP/MASK GATEWAY MAC LPORT RHOST:PORT
S2 192.168.0.200/24 192.168.0.1 00:50:79:66:68:02 20003 127.0.0.1:10004
fe80::250:79ff:fe66:6802/64

S2>
=============================================================
Ciscozine-1#sh int trunk

Port Mode Encapsulation Status Native vlan
Fa1/10 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa1/10 1-4094

Port Vlans allowed and active in management domain
Fa1/10 1,100,200

Port Vlans in spanning tree forwarding state and not pruned
Fa1/10 1,100,200
Ciscozine-1#sh vlan-s

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/3, Fa1/4, Fa1/5, Fa1/6
Fa1/7, Fa1/8, Fa1/9, Fa1/11
Fa1/12, Fa1/13, Fa1/14, Fa1/15
100 VLAN0100 active Fa1/0, Fa1/2
200 VLAN0200 active Fa1/1

Ciscozine-1#sh ip int br | e un
Interface IP-Address OK? Method Status Protocol
Vlan100 10.0.0.1 YES manual up up
Vlan200 192.168.0.2 YES manual up up
=============================================================
Ciscozine-2#sh int trunk

Port Mode Encapsulation Status Native vlan
Fa1/10 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa1/10 1-4094

Port Vlans allowed and active in management domain
Fa1/10 1,100,200

Port Vlans in spanning tree forwarding state and not pruned
Fa1/10 1,100,200

Ciscozine-2#sh vlan-s

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/3, Fa1/4, Fa1/5, Fa1/6
Fa1/7, Fa1/8, Fa1/9, Fa1/11
Fa1/12, Fa1/13, Fa1/14, Fa1/15
100 VLAN0100 active
200 VLAN0200 active Fa1/0, Fa1/1, Fa1/2

Ciscozine-2#sh ip int br | e un
Interface IP-Address OK? Method Status Protocol
Vlan100 10.0.0.2 YES manual up up
Vlan200 192.168.0.1 YES manual up up




Attachments:
cozine2.txt [2.73 KiB]
Downloaded 197 times
cozine 1.txt [2.66 KiB]
Downloaded 181 times
vlan-tagging-topology.png
vlan-tagging-topology.png [ 61.38 KiB | Viewed 9154 times ]
Top
 Profile  
 
 Post subject: Re: vlan tagging issue with VPC
PostPosted: Thu Oct 16, 2014 9:29 pm 
Offline

Joined: Fri Mar 05, 2010 11:33 am
Posts: 1494
Location: Australia
Quote:
topology attached.

Found config files attached, but not your .gns3 topology
Haven't read this thoroughly, but confirm that this is your problem:
Quote:
I have placed wireshark on the trunk link between the switches.

When S2 pings FTP-Client, both ping requests and replies are tagged VLAN100.
When FTP-Client pings S2, both ping requests and replies are tagged VLAN200.


Whereas you would EXPECT to see
When S2 pings FTP-Client, ping requests are tagged VLAN100; ping replies are tagged VLAN200
When FTP-Client pings S2, ping requests are tagged VLAN200; ping replies are tagged VLAN100

So the problem seems to lie with the Cisco Switches.

And I note that you are using c3745-adventerprisek9-mz.124-15.T14 - which I KNOW has problems doing NAT - it may have other problems as well.

So can I suggest you try a different IOS?

_________________
RedNectar
http://rednectar.net
@rednectarchris
GNS3 WorkBench-a VMware image of Ubuntu with GNS3 and VPCS installed and a collection of exercises/labs


Top
 Profile  
 
 Post subject: Re: vlan tagging issue with VPC
PostPosted: Thu Oct 16, 2014 10:18 pm 
Offline

Joined: Fri Mar 05, 2010 11:33 am
Posts: 1494
Location: Australia
Forget my previous reply

Its a bug with VPCS

When VPCS gets the ping request, for some reason it is NOT "routing" the reply, but simply sending the reply to the MAC address that sent the ping!!

It SHOULD of course be sending it to the MAC of its default gateway.

I'll report it to Paul Meng

_________________
RedNectar
http://rednectar.net
@rednectarchris
GNS3 WorkBench-a VMware image of Ubuntu with GNS3 and VPCS installed and a collection of exercises/labs


Top
 Profile  
 
 Post subject: Re: vlan tagging issue with VPC
PostPosted: Fri Oct 17, 2014 10:03 am 
Offline

Joined: Mon May 31, 2010 8:12 am
Posts: 34
Thanks mate. :) Good catch, I missed noticing that.


Top
 Profile  
 
 Post subject: Re: vlan tagging issue with VPC
PostPosted: Sat Oct 18, 2014 12:16 am 
Offline

Joined: Fri Mar 05, 2010 11:33 am
Posts: 1494
Location: Australia
Here's what I reported:
Quote:
Can you take a look at topic12494.html

This shows a problem with VPCS

In the scenario, there are two VPCS and L3 switches (and some other stuff that doesn't matter).

FTP-Client(VPC)----[v100]Ciscozine-1(L3 Sw)----[trunk]---Ciscozine-2(L3 Sw)[v200]---S2(VPC)


FTP-Client pings S2. Here is what happens

FTP-Client ARPs for default GW. Ciscozine-1 replies
FTP-Client sends ping to Ciscozine-1's MAC
Ciscozine-1 routes the ping to VLAN 200 - sends it to S2's MAC
S2 gets the ping packet

HERE IS THE PROBLEM

S2 sends a ping reply to Ciscozine-1's MAC address

WHAT SHOULD HAPPEN

S2 sends an ARP for its default GW. Cisxozine-2 replies
S2 sends the ping reply to Ciscozine-2's MAC address

_________________
RedNectar
http://rednectar.net
@rednectarchris
GNS3 WorkBench-a VMware image of Ubuntu with GNS3 and VPCS installed and a collection of exercises/labs


Top
 Profile  
 
 Post subject: Re: vlan tagging issue with VPC
PostPosted: Sun Oct 19, 2014 2:25 pm 
Offline

Joined: Fri Dec 09, 2011 7:11 am
Posts: 7
It's a bug. Now it's fixed.
Code:
VPCS[6]> relay dump on
dump on

VPCS[6]> set dump detail mac

dump flags: mac detail

VPCS[6]> p 10.0.0.100 -1 -c 1

00:50:79:66:68:05 -> ff:ff:ff:ff:ff:ff
ARP, OpCode: 1 (Request)
Ether Address: 00:50:79:66:68:05 -> Broadcast
Who has 192.168.0.1? Tell 192.168.0.200

cc:02:0b:c4:00:00 -> 00:50:79:66:68:05
ARP, OpCode: 2 (Reply)
Ether Address: cc:02:0b:c4:00:00 -> 00:50:79:66:68:05
192.168.0.1 is at cc:02:0b:c4:00:00

00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a56f, length: 84, ttl: 64, sum: 0966
Address: 192.168.0.200 -> 10.0.0.100
Proto: icmp, type: 8, code: 0
Desc: Echo
10.0.0.100 icmp_seq=1 timeout

VPCS[6]>
cc:02:0b:c4:00:00 -> 00:50:79:66:68:05
IPv4, id: a56f, length: 84, ttl: 63, sum: 0a66
Address: 10.0.0.100 -> 192.168.0.200
Proto: icmp, type: 0, code: 0
Desc: Echo reply

VPCS[6]> p 10.0.0.100 -1 -c 1

00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a575, length: 84, ttl: 64, sum: 0960
Address: 192.168.0.200 -> 10.0.0.100
Proto: icmp, type: 8, code: 0
Desc: Echo

cc:01:0b:c2:00:00 -> 00:50:79:66:68:05
IPv4, id: a56f, length: 84, ttl: 63, sum: 0a66
Address: 10.0.0.100 -> 192.168.0.200
Proto: icmp, type: 0, code: 0
Desc: Echo reply
64 bytes from 10.0.0.100 icmp_seq=1 ttl=63 time=101.947 ms

cc:01:0b:c2:00:00 -> 00:50:79:66:68:05
IPv4, id: a575, length: 84, ttl: 63, sum: 0a60
Address: 10.0.0.100 -> 192.168.0.200
Proto: icmp, type: 0, code: 0
Desc: Echo reply

VPCS[6]> p 10.0.0.100 -2 -c 1

00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a57b, length: 84, ttl: 64, sum: 094a
Address: 192.168.0.200 -> 10.0.0.100
Proto: udp, len: 64, sum: 224d
Port: 30135 -> 7

cc:01:0b:c2:00:00 -> 00:50:79:66:68:05
IPv4, id: a57b, length: 84, ttl: 63, sum: 0a4a
Address: 10.0.0.100 -> 192.168.0.200
Proto: udp, len: 64, sum: 224d
Port: 7 -> 30135
64 bytes from 10.0.0.100 udp_seq=1 ttl=63 time=36.606 ms

VPCS[6]> p 10.0.0.100 -3 -c 1

00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a580, length: 60, ttl: 64, sum: 0968
Address: 192.168.0.200 -> 10.0.0.100
Proto: tcp, sum: 8c57, ack: 00000000, seq: 022a1b59, flags: S
Port: 53285 -> 7

cc:01:0b:c2:00:00 -> 00:50:79:66:68:05
IPv4, id: a580, length: 40, ttl: 63, sum: 0a7c
Address: 10.0.0.100 -> 192.168.0.200
Proto: tcp, sum: c753, ack: 022a1b5a, seq: 140e0f76, flags: SA
Port: 7 -> 53285

00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a581, length: 52, ttl: 64, sum: 096f
Address: 192.168.0.200 -> 10.0.0.100
Proto: tcp, sum: 9487, ack: 140e0f77, seq: 022a1b5a, flags: A
Port: 53285 -> 7
Connect   [email protected] seq=1 ttl=63 time=51.250 ms

00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a582, length: 108, ttl: 64, sum: 0936
Address: 192.168.0.200 -> 10.0.0.100
Proto: tcp, sum: 272e, ack: 140e0f77, seq: 022a1b5a, flags: PA
Port: 53285 -> 7

cc:01:0b:c2:00:00 -> 00:50:79:66:68:05
IPv4, id: a582, length: 40, ttl: 63, sum: 0a7a
Address: 10.0.0.100 -> 192.168.0.200
Proto: tcp, sum: c71c, ack: 022a1b92, seq: 140e0f77, flags: A
Port: 7 -> 53285
SendData  [email protected] seq=1 ttl=63 time=39.752 ms

00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a583, length: 52, ttl: 64, sum: 096d
Address: 192.168.0.200 -> 10.0.0.100
Proto: tcp, sum: 9446, ack: 140e0f77, seq: 022a1b92, flags: FPA
Port: 53285 -> 7

cc:01:0b:c2:00:00 -> 00:50:79:66:68:05
IPv4, id: a583, length: 40, ttl: 63, sum: 0a79
Address: 10.0.0.100 -> 192.168.0.200
Proto: tcp, sum: c71b, ack: 022a1b93, seq: 140e0f77, flags: A
Port: 7 -> 53285

cc:01:0b:c2:00:00 -> 00:50:79:66:68:05
IPv4, id: a583, length: 40, ttl: 63, sum: 0a79
Address: 10.0.0.100 -> 192.168.0.200
Proto: tcp, sum: 053f, ack: 022a1b93, seq: 140e0f77, flags: FA
Port: 7 -> 53285
Close     [email protected] seq=1 ttl=63 time=55.080 ms

VPCS[6]>
00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a584, length: 52, ttl: 64, sum: 096c
Address: 192.168.0.200 -> 10.0.0.100
Proto: tcp, sum: 944d, ack: 140e0f78, seq: 022a1b93, flags: A
Port: 53285 -> 7

VPCS[6]> relay dump off
dump off


I tested it on OSX. Attached is Linux program, but I can't find a Linux host which can be ran dynamips to test asymmetric routing.


Attachments:
vpcs_05b7_linux.7z [650.04 KiB]
Downloaded 206 times


Last edited by mirnshi on Sun Oct 19, 2014 2:35 pm, edited 2 times in total.
Top
 Profile  
 
 Post subject: Re: vlan tagging issue with VPC
PostPosted: Sun Oct 19, 2014 2:28 pm 
Offline

Joined: Fri Dec 09, 2011 7:11 am
Posts: 7
Attached is pcap, packets between the routers.


Attachments:
relay_20141019195001.7z [1.36 KiB]
Downloaded 212 times
Top
 Profile  
 
 Post subject: Re: vlan tagging issue with VPC
PostPosted: Mon Oct 20, 2014 2:01 am 
Offline

Joined: Mon May 31, 2010 8:12 am
Posts: 34
Thanks I have downloaded onto linux and can confirm the tagging between the routers is now as expected.

Thank you. :)




Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

All times are UTC


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group

phpBB SEO