08-21-2015 02:56 PM - edited 03-03-2019 07:57 AM
Hi,
The self ip of the serial interface (VRF enabled) is not pinging. However i am able to ping the other end point to pint ip.
Please help.
PUNE-PE-01#sh run int se5/4
Building configuration...
Current configuration : 199 bytes
!
interface Serial5/4
description FESTO-CONTROL-BHOSRI MIDC 2MB-BSNL-9-07-12
ip vrf forwarding FEST:0320
ip address 203.76.133.85 255.255.255.252
serial restart-delay 0
no clns route-cache
end
PUNE-PE-01#p vrf FEST:0320 203.76.133.85
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 203.76.133.85, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
PUNE-PE-01#tra
PUNE-PE-01#traceroute vrf FEST:0320 203.76.133.85
Type escape sequence to abort.
Tracing the route to 203.76.133.85
1 203.76.133.86 !A * !A
PUNE-PE-01#p vrf FEST:0320 203.76.133.86
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 203.76.133.86, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
PUNE-PE-01#
08-25-2015 02:48 AM
Hello
Do you have any control-plane policy or access-list in place that might be dropping the packets? The !A result in your traceroute indicates packets dropped due to security policy.
Best regards,
Martin
08-27-2015 04:19 AM
Hi martin,
we do not have the access of the customer end. But i have a doubt if there is any access list that might be stopping the packets that should be echo reply. but than the other end ie 203.76.133.86 should also not pinging. why only this ip 203.76.133.85 not pinging.
could you please help in this and also put some more light on this.
09-02-2015 09:31 AM
the interesting part of p2p links is when doing a self ping it sends data on the wire and expects the remote end to turn it back around.
so a self ping is like a remote ping in taht regard since the packets actually traverse the wire.
the self ping hence requires support from the remote side. and the remote side MAY say hey this is not my ip so I am dropping it instead of thinking to trun the packet around.
another thing is urpf, if the remote side does urpf a self ping obviously violates that condition, hence the urpf allow-self-ping is necessary.
cheers
xander
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide