GNS3
http://forum.gns3.net/

vlan tagging issue with VPC
http://forum.gns3.net/topic12494.html
Page 1 of 1

Author:  tasdevil [ Thu Oct 16, 2014 9:08 pm ]
Post subject:  vlan tagging issue with VPC

I am trying to lab up a scenario to demonstrate to me arp/cam table timing issues (e.g. http://www.ciscozine.com/unicast-floodi ... c-routing/), requiring asymmetric routing.

topology attached.

I have placed wireshark on the trunk link between the switches.

When S2 pings FTP-Client, both ping requests and replies are tagged VLAN100.
When FTP-Client pings S2, both ping requests and replies are tagged VLAN200.

When S2 pings microcore linux 21, expected behaviour, ping requests are tagged VLAN100, replies are tagged VLAN200.
When micocore linux 21 pings S2, both ping requests and replies are tagged VLAN200.

When microcore Linux 22 pings Microcore Linux 21, expected behavirour, ping requests VLAN100, replies VLAN200.
When micocore Linux 21 pings Microcore Linux 22, expected behaviour, ping requests VLAN200, replies VLAN100.

So the VLANs are only being incorrectly tagged where the target is a VPC. I dont understand why this would be so.


GNS3 1.0beta latest public release. Linux. c3745-adventerprisek9-mz.124-15.T14



=============================================================
FTP-Cl> sh

NAME IP/MASK GATEWAY MAC LPORT RHOST:PORT
FTP-Cl 10.0.0.100/24 10.0.0.1 00:50:79:66:68:01 20001 127.0.0.1:10001
fe80::250:79ff:fe66:6801/64


=============================================================
S2> sh

NAME IP/MASK GATEWAY MAC LPORT RHOST:PORT
S2 192.168.0.200/24 192.168.0.1 00:50:79:66:68:02 20003 127.0.0.1:10004
fe80::250:79ff:fe66:6802/64

S2>
=============================================================
Ciscozine-1#sh int trunk

Port Mode Encapsulation Status Native vlan
Fa1/10 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa1/10 1-4094

Port Vlans allowed and active in management domain
Fa1/10 1,100,200

Port Vlans in spanning tree forwarding state and not pruned
Fa1/10 1,100,200
Ciscozine-1#sh vlan-s

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/3, Fa1/4, Fa1/5, Fa1/6
Fa1/7, Fa1/8, Fa1/9, Fa1/11
Fa1/12, Fa1/13, Fa1/14, Fa1/15
100 VLAN0100 active Fa1/0, Fa1/2
200 VLAN0200 active Fa1/1

Ciscozine-1#sh ip int br | e un
Interface IP-Address OK? Method Status Protocol
Vlan100 10.0.0.1 YES manual up up
Vlan200 192.168.0.2 YES manual up up
=============================================================
Ciscozine-2#sh int trunk

Port Mode Encapsulation Status Native vlan
Fa1/10 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa1/10 1-4094

Port Vlans allowed and active in management domain
Fa1/10 1,100,200

Port Vlans in spanning tree forwarding state and not pruned
Fa1/10 1,100,200

Ciscozine-2#sh vlan-s

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/3, Fa1/4, Fa1/5, Fa1/6
Fa1/7, Fa1/8, Fa1/9, Fa1/11
Fa1/12, Fa1/13, Fa1/14, Fa1/15
100 VLAN0100 active
200 VLAN0200 active Fa1/0, Fa1/1, Fa1/2

Ciscozine-2#sh ip int br | e un
Interface IP-Address OK? Method Status Protocol
Vlan100 10.0.0.2 YES manual up up
Vlan200 192.168.0.1 YES manual up up

Attachments:
cozine2.txt [2.73 KiB]
Downloaded 318 times
cozine 1.txt [2.66 KiB]
Downloaded 323 times
vlan-tagging-topology.png
vlan-tagging-topology.png [ 61.38 KiB | Viewed 12356 times ]

Author:  rednectar [ Thu Oct 16, 2014 9:29 pm ]
Post subject:  Re: vlan tagging issue with VPC

Quote:
topology attached.

Found config files attached, but not your .gns3 topology
Haven't read this thoroughly, but confirm that this is your problem:
Quote:
I have placed wireshark on the trunk link between the switches.

When S2 pings FTP-Client, both ping requests and replies are tagged VLAN100.
When FTP-Client pings S2, both ping requests and replies are tagged VLAN200.


Whereas you would EXPECT to see
When S2 pings FTP-Client, ping requests are tagged VLAN100; ping replies are tagged VLAN200
When FTP-Client pings S2, ping requests are tagged VLAN200; ping replies are tagged VLAN100

So the problem seems to lie with the Cisco Switches.

And I note that you are using c3745-adventerprisek9-mz.124-15.T14 - which I KNOW has problems doing NAT - it may have other problems as well.

So can I suggest you try a different IOS?

Author:  rednectar [ Thu Oct 16, 2014 10:18 pm ]
Post subject:  Re: vlan tagging issue with VPC

Forget my previous reply

Its a bug with VPCS

When VPCS gets the ping request, for some reason it is NOT "routing" the reply, but simply sending the reply to the MAC address that sent the ping!!

It SHOULD of course be sending it to the MAC of its default gateway.

I'll report it to Paul Meng

Author:  tasdevil [ Fri Oct 17, 2014 10:03 am ]
Post subject:  Re: vlan tagging issue with VPC

Thanks mate. :) Good catch, I missed noticing that.

Author:  rednectar [ Sat Oct 18, 2014 12:16 am ]
Post subject:  Re: vlan tagging issue with VPC

Here's what I reported:
Quote:
Can you take a look at topic12494.html

This shows a problem with VPCS

In the scenario, there are two VPCS and L3 switches (and some other stuff that doesn't matter).

FTP-Client(VPC)----[v100]Ciscozine-1(L3 Sw)----[trunk]---Ciscozine-2(L3 Sw)[v200]---S2(VPC)


FTP-Client pings S2. Here is what happens

FTP-Client ARPs for default GW. Ciscozine-1 replies
FTP-Client sends ping to Ciscozine-1's MAC
Ciscozine-1 routes the ping to VLAN 200 - sends it to S2's MAC
S2 gets the ping packet

HERE IS THE PROBLEM

S2 sends a ping reply to Ciscozine-1's MAC address

WHAT SHOULD HAPPEN

S2 sends an ARP for its default GW. Cisxozine-2 replies
S2 sends the ping reply to Ciscozine-2's MAC address

Author:  mirnshi [ Sun Oct 19, 2014 2:25 pm ]
Post subject:  Re: vlan tagging issue with VPC

It's a bug. Now it's fixed.
Code:
VPCS[6]> relay dump on
dump on

VPCS[6]> set dump detail mac

dump flags: mac detail

VPCS[6]> p 10.0.0.100 -1 -c 1

00:50:79:66:68:05 -> ff:ff:ff:ff:ff:ff
ARP, OpCode: 1 (Request)
Ether Address: 00:50:79:66:68:05 -> Broadcast
Who has 192.168.0.1? Tell 192.168.0.200

cc:02:0b:c4:00:00 -> 00:50:79:66:68:05
ARP, OpCode: 2 (Reply)
Ether Address: cc:02:0b:c4:00:00 -> 00:50:79:66:68:05
192.168.0.1 is at cc:02:0b:c4:00:00

00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a56f, length: 84, ttl: 64, sum: 0966
Address: 192.168.0.200 -> 10.0.0.100
Proto: icmp, type: 8, code: 0
Desc: Echo
10.0.0.100 icmp_seq=1 timeout

VPCS[6]>
cc:02:0b:c4:00:00 -> 00:50:79:66:68:05
IPv4, id: a56f, length: 84, ttl: 63, sum: 0a66
Address: 10.0.0.100 -> 192.168.0.200
Proto: icmp, type: 0, code: 0
Desc: Echo reply

VPCS[6]> p 10.0.0.100 -1 -c 1

00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a575, length: 84, ttl: 64, sum: 0960
Address: 192.168.0.200 -> 10.0.0.100
Proto: icmp, type: 8, code: 0
Desc: Echo

cc:01:0b:c2:00:00 -> 00:50:79:66:68:05
IPv4, id: a56f, length: 84, ttl: 63, sum: 0a66
Address: 10.0.0.100 -> 192.168.0.200
Proto: icmp, type: 0, code: 0
Desc: Echo reply
64 bytes from 10.0.0.100 icmp_seq=1 ttl=63 time=101.947 ms

cc:01:0b:c2:00:00 -> 00:50:79:66:68:05
IPv4, id: a575, length: 84, ttl: 63, sum: 0a60
Address: 10.0.0.100 -> 192.168.0.200
Proto: icmp, type: 0, code: 0
Desc: Echo reply

VPCS[6]> p 10.0.0.100 -2 -c 1

00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a57b, length: 84, ttl: 64, sum: 094a
Address: 192.168.0.200 -> 10.0.0.100
Proto: udp, len: 64, sum: 224d
Port: 30135 -> 7

cc:01:0b:c2:00:00 -> 00:50:79:66:68:05
IPv4, id: a57b, length: 84, ttl: 63, sum: 0a4a
Address: 10.0.0.100 -> 192.168.0.200
Proto: udp, len: 64, sum: 224d
Port: 7 -> 30135
64 bytes from 10.0.0.100 udp_seq=1 ttl=63 time=36.606 ms

VPCS[6]> p 10.0.0.100 -3 -c 1

00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a580, length: 60, ttl: 64, sum: 0968
Address: 192.168.0.200 -> 10.0.0.100
Proto: tcp, sum: 8c57, ack: 00000000, seq: 022a1b59, flags: S
Port: 53285 -> 7

cc:01:0b:c2:00:00 -> 00:50:79:66:68:05
IPv4, id: a580, length: 40, ttl: 63, sum: 0a7c
Address: 10.0.0.100 -> 192.168.0.200
Proto: tcp, sum: c753, ack: 022a1b5a, seq: 140e0f76, flags: SA
Port: 7 -> 53285

00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a581, length: 52, ttl: 64, sum: 096f
Address: 192.168.0.200 -> 10.0.0.100
Proto: tcp, sum: 9487, ack: 140e0f77, seq: 022a1b5a, flags: A
Port: 53285 -> 7
Connect   [email protected] seq=1 ttl=63 time=51.250 ms

00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a582, length: 108, ttl: 64, sum: 0936
Address: 192.168.0.200 -> 10.0.0.100
Proto: tcp, sum: 272e, ack: 140e0f77, seq: 022a1b5a, flags: PA
Port: 53285 -> 7

cc:01:0b:c2:00:00 -> 00:50:79:66:68:05
IPv4, id: a582, length: 40, ttl: 63, sum: 0a7a
Address: 10.0.0.100 -> 192.168.0.200
Proto: tcp, sum: c71c, ack: 022a1b92, seq: 140e0f77, flags: A
Port: 7 -> 53285
SendData  [email protected] seq=1 ttl=63 time=39.752 ms

00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a583, length: 52, ttl: 64, sum: 096d
Address: 192.168.0.200 -> 10.0.0.100
Proto: tcp, sum: 9446, ack: 140e0f77, seq: 022a1b92, flags: FPA
Port: 53285 -> 7

cc:01:0b:c2:00:00 -> 00:50:79:66:68:05
IPv4, id: a583, length: 40, ttl: 63, sum: 0a79
Address: 10.0.0.100 -> 192.168.0.200
Proto: tcp, sum: c71b, ack: 022a1b93, seq: 140e0f77, flags: A
Port: 7 -> 53285

cc:01:0b:c2:00:00 -> 00:50:79:66:68:05
IPv4, id: a583, length: 40, ttl: 63, sum: 0a79
Address: 10.0.0.100 -> 192.168.0.200
Proto: tcp, sum: 053f, ack: 022a1b93, seq: 140e0f77, flags: FA
Port: 7 -> 53285
Close     [email protected] seq=1 ttl=63 time=55.080 ms

VPCS[6]>
00:50:79:66:68:05 -> cc:02:0b:c4:00:00
IPv4, id: a584, length: 52, ttl: 64, sum: 096c
Address: 192.168.0.200 -> 10.0.0.100
Proto: tcp, sum: 944d, ack: 140e0f78, seq: 022a1b93, flags: A
Port: 53285 -> 7

VPCS[6]> relay dump off
dump off


I tested it on OSX. Attached is Linux program, but I can't find a Linux host which can be ran dynamips to test asymmetric routing.

Attachments:
vpcs_05b7_linux.7z [650.04 KiB]
Downloaded 330 times

Author:  mirnshi [ Sun Oct 19, 2014 2:28 pm ]
Post subject:  Re: vlan tagging issue with VPC

Attached is pcap, packets between the routers.

Attachments:
relay_20141019195001.7z [1.36 KiB]
Downloaded 338 times

Author:  tasdevil [ Mon Oct 20, 2014 2:01 am ]
Post subject:  Re: vlan tagging issue with VPC

Thanks I have downloaded onto linux and can confirm the tagging between the routers is now as expected.

Thank you. :)

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/