Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
604
Views
0
Helpful
3
Replies

Self IP of VRF serial interface is not pinging

prashirsha1
Level 1
Level 1

‎08-21-2015 02:56 PM - edited ‎03-03-2019 07:57 AM

Hi,

The self ip of the serial  interface (VRF enabled) is not pinging. However i am able to ping the other end point to pint ip.

Please help.

 

PUNE-PE-01#sh run int se5/4
Building configuration...

Current configuration : 199 bytes
!
interface Serial5/4
 description FESTO-CONTROL-BHOSRI MIDC 2MB-BSNL-9-07-12
 ip vrf forwarding FEST:0320
 ip address 203.76.133.85 255.255.255.252
 serial restart-delay 0
 no clns route-cache
end

PUNE-PE-01#p vrf FEST:0320 203.76.133.85

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 203.76.133.85, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
PUNE-PE-01#tra
PUNE-PE-01#traceroute vrf  FEST:0320 203.76.133.85

Type escape sequence to abort.
Tracing the route to 203.76.133.85

  1 203.76.133.86 !A  *  !A
PUNE-PE-01#p vrf FEST:0320 203.76.133.86

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 203.76.133.86, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
PUNE-PE-01#

 

Labels:
0 Helpful
3 Replies 3

Martin Hruby
Level 1
Level 1

‎08-25-2015 02:48 AM

Hello

Do you have any control-plane policy or access-list in place that might be dropping the packets? The !A result in your traceroute indicates packets dropped due to security policy.

Best regards,
Martin

0 Helpful

prashirsha1
Level 1
Level 1
In response to Martin Hruby

‎08-27-2015 04:19 AM

Hi martin,

we do not have the access of the customer end. But i have a doubt if there is any access list that might be stopping the packets that should be echo reply. but than the other end ie 203.76.133.86 should also not pinging. why only this ip 203.76.133.85 not pinging.

could you please help in this and also put some more light on this.

0 Helpful

xthuijs
Cisco Employee
Cisco Employee
In response to prashirsha1

‎09-02-2015 09:31 AM

the interesting part of p2p links is when doing a self ping it sends data on the wire and expects the remote end to turn it back around.

so a self ping is like a remote ping in taht regard since the packets actually traverse the wire.

the self ping hence requires support from the remote side. and the remote side MAY say hey this is not my ip so I am dropping it instead of thinking to trun the packet around.

another thing is urpf, if the remote side does urpf a self ping obviously violates that condition, hence the urpf allow-self-ping is necessary.

cheers

xander

0 Helpful
Customers Also Viewed These Support Documents