Troubleshooting Bridging and IRB over ATM PVCs

Introduction

This document provides troubleshooting steps for request for comments RFC 1483 bridged-format ATM permanent virtual circuits (PVCs). RFC 1483 defines how packets of both routable and non-routable protocols are encapsulated for transport over an ATM link. Specifying encapsulation aal5snap (also the default) configures an ATM interface to prepend a logical link control (LLC) and subnetwork access protocol (SNAP) header. This header serves the same purpose as it does on Ethernet networks by allowing multiple protocols to be carried over the same virtual connection.

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

This document is not restricted to specific software and hardware versions.

Conventions

For more information on document conventions, refer to the Cisco Technical Tips Conventions.

Point-to-Point and Multipoint Interfaces

ATM supports two types of interfaces:

• Point-to-point—Each interface has only a single virtual circuit (VC). Data frames, that also include address resolution protocol (ARP) broadcasts, received on one subinterface are forwarded to the other subinterfaces that are configured in the same bridge group. This enables two remote users to communicate.

• Multipoint—Each interface has multiple VCs. Standard bridging rules specify that data frames are never forwarded out from the port on which they are received. An ARP request received from one remote user is not forwarded to the other remote users on VCs under the same multipoint subinterface or even on a main interface, which is multipoint by default. It is important to understand these implications of bridging rules.

The interface type determines whether two remote users on the same IP network can communicate and receive each other's ARPs.

Bridged Format RFC 1483 PDU

LLC and SNAP headers use a routed format or a bridged format. A bridged format does not necessarily mean that the encapsulated protocol is not routable. Instead, it is used when one side of the link supports only the bridged-format Protocol Data Units (PDUs), such as in these applications:

• Connection between a router and a Catalyst switch in a corporate campus ATM network.

• Connection between a router and digital subscriber line (DSL) users that connect through a DSL access multiplexer (DSLAM).

In both applications, the ATM router interface usually serves as the default gateway for the remote users. Then, integrated routing and bridging (IRB), routed bridge encapsulation (RBE) or bridged-style PVCs provide the mechanism for routing traffic off-network.

The LLC header consists of three one-octet fields:

The SNAP header, identified with an LLC value of 0xAA-AA-03, uses this format:

The organizational unique identifier (OUI) field identifies the organization administering the meaning of the two-octet Protocol Identifier (PID) field. Together, the OUI and PID fields identify a distinct routed or bridged protocol.

Use the debug atm packet interface atm command to view these LLC or SNAP header values.

Caution:  Before you issue debug commands, refer to Important Information on Debug Commands.

7200-2#show debug 
   ATM packets debugging is on 
   Displaying packets on interface ATM5/0.1 only 

   
   06:07:06: ATM5/0.1(O): 
   VCD:0x3 VPI:0x1 VCI:0x32 DM:0x0 SAP:AAAA CTL:03 OUI:0080C2 TYPE:0007 Length:0x80 
   06:07:06: 0000 0030 9475 10A0 0000 0CD5 F07C 0800 4500 0064 000F 0000 FF01 B785 0101 
   06:07:06: 0101 0101 0102 0800 58EC 05DF 05A3 0000 0000 0150 188C ABCD ABCD ABCD ABCD 
   06:07:06: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 
   06:07:06: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 

This output means:

• ATM5/0.1(O)—The interface transmits an output packet.

• VCD:0x3 VPI:0x1 VCI:0x32—The PVC uses a virtual circuit descriptor (VCD) of 3, a virtual path identifier (VPI) of 1, and a virtual channel identifier (VCI) of 0x32 or decimal 50. The router presents all the header values in hexadecimal format. Convert these values to decimal to ensure that the ATM headers use the correct values.

• SAP:AAAA—A SNAP header follows.

• OUI:0080C2—The OUI is assigned to the IEEE 802.1 committee. It identifies an Ethernet bridged-format PDU.

• TYPE:0007—The type or protocol ID field is used with Ethernet media to indicate whether the sending ATM bridge retained or removed the Ethernet frame's frame check sequence (FCS). An ATM adaptation layer 5 (AAL5) encapsulation trailer includes a four-byte CRC that provides the same protection against changes during transmission as does the Ethernet FCS.

  • 0x00-01 - Ethernet FCS is preserved

  • 0x00-07 - Ethernet FCS is not preserved.

  Cisco IOS®-based devices usually do not transmit (but receive) frames with the Ethernet FCS preserved. You cannot change this with a configuration command.

• ABCD ABCD ABCD—Cisco ping packets use a default payload pattern of ABCD.

In addition to data packets, bridged ATM interfaces send spanning tree packets when configured to run either the IEEE or Digital Equipment Corporation (DEC) version of this protocol. Enable spanning tree with the help of the bridge {group#} protocol {ieee | dec} command unless remote users have no alternate way into your bridged network. In this case, disabling spanning tree reduces the amount of calculation that the router needs to perform to build a loop-free topology of your network.

Spanning tree hello packets use a Type value of 0x000E. A router that acts as a bridge transmits a hello packet every two seconds by default.

04:58:11: ATM5/0.1(O): 
   VCD:0x3 VPI:0x1 VCI:0x32 DM:0x0 SAP:AAAA CTL:03 OUI:0080C2 
  TYPE:000E    Length:0x2F 
   04:58:11: 0000 0000 0080 0000 000C 99F7 1800 0000 0080 0000 000C 
    99F7 1880    1200 0014 
   04:58:11: 0002 000F 0043 
   04:58:11: 
   04:58:13: ATM5/0.1(O): 
   VCD:0x3 VPI:0x1 VCI:0x32 DM:0x0 SAP:AAAA CTL:03 OUI:0080C2 TYPE:000E
     Length:0x2F 
   04:58:13: 0000 0000 0080 0000 000C 99F7 1800 0000 0080 0000 000C 99F7 1880
     1200 0014 
   04:58:13: 0002 000F 0029

Protocols to Route Off-Network

Cisco IOS Software supports three protocols to route off-network (to a different IP network number) in RFC 1483 bridged applications. These protocols are IRB, RBE, and bridged-style PVCs. All of them allow the ATM interface to receive bridged-format PDUs. However, they differ in a few key ways. For example, IRB runs each packet through the bridging forwarding path and, when appropriate, the routing forwarding path. It requires a Layer 2 and a Layer 3 lookup. In contrast, RBE assumes that the packet is to be routed and runs the packet through the routing path only.

CEF support for RBE was introduced in Cisco IOS Software Release 12.1(5)T (Cisco bug ID CSCdr37618 (registered customers only) ). CEF support for IRB and BVI interfaces was introduced in Cisco IOS Software Releases 12.2(3)T and 12.2(3) (Cisco bug ID CSCdm66218 (registered customers only) ). Previously, when enabling IRB, Cisco IOS Software printed a message which indicatesd that the packets were "punted" to the next lower switching path.

In Frame Relay and non-IP configurations, IRB is the best solution. However, Cisco recommends that you consider RBE when the configuration supports it.

Cisco offers several sample configurations and white papers to assist you to configure RFC 1483 bridging.

• Basic PVC Configuration Using Bridged RFC 1483

• Sample Configurations for Cisco 7200 Broadband Aggregation

• RFC 1483 Bridging Baseline Architecture

• Routed Bridged Encapsulation Baseline Architecture

• ATM Routed Bridge Encaps Feature Overview - Cisco 6400 series

• ATM Routed Bridge Encapsulation Feature Overview - Cisco 3600 series, Cisco 4500 series, Cisco 7200 series, and Cisco 7500 series.

RBE is not discussed further in this document. The next sections focus on standard bridging and IRB.

Troubleshoot

If you encounter problems with bridged-format PVCs, use these troubleshooting steps. For more detailed guidance on this, contact Cisco Technical Support.

Step One

Ensure that both ends of the ATM link send bridged-format PDUs. With each received packet, the ATM interface checks the ATM LLC or SNAP header fields. It confirms that the packet uses the same bridged or routed format. If not, the packet is discarded. Only these configurations are supported.

• Router (routed format) — (routed format) Router

• Router (bridged format) — (bridged format) Bridge

• Bridge (bridged format) — (bridged format) Bridge

1. Turn on debug atm packet interface atm and look at the OUI and PID fields. An OUI value of 0x0080C2 indicates a bridged-format PDU. A value of 0x000000 indicates a routed-format PDU. Limit the debug's effect on the router by being as specific as possible with the debug configuration.

   7200-2#debug atm packet int atm 5/0.1
   
      ATM packets debugging is on 
      Displaying packets on interface ATM5/0.1 only 
      
      7200-2#ping 1.1.1.2
   
      Type escape sequence to abort. 
      Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds: 
      !!!!! 
      Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms    
      7200-2# 
      06:07:06: ATM5/0.1(O): 
      VCD:0x3 VPI:0x1 VCI:0x32 DM:0x0 SAP:AAAA CTL:03 OUI:0080C2 TYPE:0007 Length:0x80 
      06:07:06: 0000 0030 9475 10A0 0000 0CD5 F07C 0800 4500 0064 000F 0000 FF01 B785 0101 
      06:07:06: 0101 0101 0102 0800 58EC 05DF 05A3 0000 0000 0150 188C ABCD ABCD ABCD ABCD 
      06:07:06: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 
      06:07:06: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD    
      06:07:06: 
      06:07:06: ATM5/0.1(I): 
      VCD:0x3 VPI:0x1 VCI:0x32 Type:0x0 SAP:AAAA CTL:03 OUI:0080C2 TYPE:0007 Length:0x80 
      06:07:06: 0000 0000 0CD5 F07C 0030 9475 10A0 0800 4500 0064 000F 0000 FE01 B885 0101 
      06:07:06: 0102 0101 0101 0000 60EC 05DF 05A3 0000 0000 0150 188C ABCD ABCD ABCD ABCD 
      06:07:06: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD 
      06:07:06: ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD ABCD    
      06:07:06: 

2. Ensure that you are able to view the debug output if you Telnet to the router with the help of the terminal monitor command. To display debug command output and system error messages for the current terminal and session, use the terminal monitor EXEC command. Direct all debug output to the buffer instead of the console. To do so, execute the logging buffered and no logging console commands in global configuration mode. Confirm your changes with the help of the show logging command. All terminal parameter-setting commands are set locally. They do not remain in effect after the session ends .

   cisco#terminal monitor
   
   % Console already monitors 

3. Display the VC table with the show atm vc command. Confirm that the status (Sts) of the VC is UP.

   7200-2#show atm vc
   
      VC not configured on interface ATM2/0 
                VCD /                                         Peak   Avg/Min  Burst 
      Interface Name    VPI   VCI   Type    Encaps    SC      Kbps    Kbps    Cells    Sts 
      5/0       1        1    1      PVC      SNAP    UBR     10000                    UP 
      5/0.1     3        1    50     PVC      SNAP    UBR     149760                   UP   

4. Once you determine the virtual circuit descriptor (VCD) of your PVC, issue show atm vc {vcd#}. Confirm incrementing InPkts and OutPkts counters. Check whether only one counter is incrementing. Symptoms of a mismatched PDU format include failed pings with incrementing InPkts and OutPkts values.

   7200#show atm vc 3
   
      ATM5/0.1: VCD: 3, VPI: 1, VCI: 50 
      UBR, PeakRate: 149760 
      AAL5-LLC/SNAP, etype:0x0, Flags: 0xC20, VCmode: 0x0 
      OAM frequency: 0 second(s) 
      InARP frequency: 15 minutes(s) 
      Transmit priority 4 
      InPkts: 43, OutPkts: 0, InBytes: 1849, OutBytes: 0 
      InPRoc: 43, OutPRoc: 0, Broadcasts: 0 
      InFast: 0, OutFast: 0, InAS: 0, OutAS: 0 
      InPktDrops: 0, OutPktDrops: 0 
      CrcErrors: 0, SarTimeOuts: 0, OverSizedSDUs: 0, LengthViolation: 0, CPIErrors:    0 
      Out CLP=1 Pkts: 0 
      OAM cells received: 0 
      OAM cells sent: 0 
      Status: UP 

Step Two

Use the debug atm packet int atm and show atm vc {vcd#}commands to confirm that both sides send packets. Once it is confirmed, determine why there is no end-to-end connectivity. To do this, carry out the checks listed in step four of Troubleshooting IP over ATM PVC Connectivity.

Step Three

With packets destined for a remote user, the router consults the IP routing table to determine the egress interface. Then, it checks the IP ARP table associated with that interface for a destination Media Access Control (MAC) address to place in the Ethernet header. If it does not find an entry, the router generates an ARP request for the destination IP address. With RBE, the ARP request is forwarded to the destination interface only. With IRB, the ARP request is forwarded to all interfaces configured in the same bridge group.

1. Use the show ip arp command to confirm that the router has a complete entry in its IP ARP table for the user's IP address. The router automatically enters the Bridge-Group Virtual Interface (BVI) in the ARP table. When pings fail, the router still creates an entry for the user's IP address in the ARP table. However, it lists an incomplete hardware address.

   7200-2#show ip arp
   
      Protocol Address Age (min) Hardware Addr Type Interface 
      Internet 1.1.1.1 - 0000.0cd5.f07c ARPA BVI1 
      Internet 1.1.1.2 0 Incomplete ARPA 
      Internet 172.16.81.46 128 0000.0c8b.fce0 ARPA Ethernet3/0 
      Internet 172.16.81.14 - 0030.7b1e.9054 ARPA 

2. Use the debug atm packet interface atm command to capture the broadcasted ARP request. Look for a destination MAC address of FFFF FFFF FFFF. The router sends five broadcasts.

   7200-2#ping 1.1.1.2
   
      Type escape sequence to abort. 
      Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:    
      05:45:12: ATM5/0.1(O): 
        VCD:0x3 VPI:0x1 VCI:0x32 DM:0x0 SAP:AAAA CTL:03 OUI:0080C2 TYPE:0007 Length:0x4A      
        05:45:12: 0000 FFFF FFFF FFFF 0000 0CD5 F07C 0806 0001 0800 0604
        0001 0000 0CD5 F07C 
        05:45:12: 0101 0101 0000 0000 0000 0101 0102 0000 0000 0000 0000 0000 0000 0000 0000 
        05:45:12: 0000 

3. The debug arp command also displays the transmitted ARP request from the correct interface. On the remote side, look for the incoming ARP request.

   7200-2#debug arp ?
   
    <cr> 
      
   7200-2#debug arp
   
   ARP packet debugging is on 
      
   7200-2#ping 1.1.1.2
   
      Type escape sequence to abort. 
      Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
       
      05:49:01: IP ARP: creating incomplete entry for IP address: 1.1.1.2 interface BVI1 
        05:49:01: IP ARP: sent req src 1.1.1.1 0000.0cd5.f07c, 
              dst 1.1.1.2 0000.0000.0000 BVI1. 
        05:49:03: IP ARP: sent req src 1.1.1.1 0000.0cd5.f07c, 
              dst 1.1.1.2 0000.0000.0000 BVI1. 
        05:49:05: IP ARP: sent req src 1.1.1.1 0000.0cd5.f07c, 
              dst 1.1.1.2 0000.0000.0000 BVI1. 
        05:49:07: IP ARP: sent req src 1.1.1.1 0000.0cd5.f07c, 
              dst 1.1.1.2 0000.0000.0000 BVI1. 
        05:49:09: IP ARP: sent req src 1.1.1.1 0000.0cd5.f07c, 
              dst 1.1.1.2 0000.0000.0000 BVI1. 
        Success rate is 0 percent (0/5) 

Step Four

The ATM router interface examines the Ethernet encapsulation after the ATM LLC or SNAP encapsulation. A router that acts as a bridge needs to be able to associate a destination MAC address with an ATM VC. A router analyzes the source MAC address of encapsulated PDUs and adds entries to its bridging table. View this table with the show bridge command.

7200-2#show bridge

Total of 300 station blocks, 299 free 
Codes: P - permanent, S - self
    
Bridge Group 1:
    
 Address        Action      Interface Age RX count    TX count 
 0030.9475.10a0 forward     ATM5/0.1   0    16          10 

If the bridging table consists of several hundred or more entries, use these steps to simplify finding a single entry.

1. Issue the set terminal len 0 command.

2. Execute the show bridge command.

3. Capture the output in a file.

4. Issue the grep command from a UNIX workstation or otherwise search for the appropriate MAC address.

Once you find an entry, use the show bridge verbose command to view receive and transmit counts for the particular remote user.

7500-1#show bridge verbose | include 0000.0cd5.f07c    
   BG   Hash  Address         Action    Interface   VC Age   RX count TX count    
   1    8C/0  0000.0cd5.f07c  forward   ATM4/0/0.1  9    0   4085      0

Step Five

Ensure that the member ports of the bridge group are in the correct Spanning Tree state. Ensure that all bridges point to the same designated root bridge.

This output is from a bridge that is not the root.

7200-2#show spanning-tree 1

   Bridge group 1 is executing the ieee compatible Spanning Tree protocol    
    Bridge Identifier has priority 32768, address 0000.0c99.f718    
    Configured hello time 2, max age 20, forward delay 15 
    Current root has priority 32768, address 0000.0c78.8fb8    
    Root port is 18 (ATM5/0.1), cost of root path is 14 
    Topology change flag not set, detected flag not set 
    Number of topology changes 1 last change occurred 00:09:51 ago    
    from ATM5/0.1    
    Times: hold 1, topology change 35, notification 2 
    hello 2, max age    20, forward delay 15 
    Timers: hello 0, topology change 0, notification 0, aging 300 
   
   Port 18 (ATM5/0.1) of Bridge group 1 is forwarding      
      Port path cost 14, Port priority 128, Port Identifier 128.18.      
      Designated root has priority 32768, address 0000.0c78.8fb8      
      Designated bridge has priority 32768, address 0000.0c78.8fb8      
      Designated port id is 128.6, designated path cost 0      
      Timers: message age 2, forward delay 0, hold 0 
      Number of transitions to forwarding state: 1 
      BPDU: sent 142, received 160 

This output is from a bridge that is the root.

7500-1#show spanning-tree 1

   Bridge group 1 is executing the IEEE compatible Spanning Tree protocol    
    Bridge Identifier has priority 32768, address 0000.0c78.8fb8    
    Configured hello time 2, max age 20, forward delay 15 
    We are the root of the spanning tree 
    Port Number size is 12 
    Topology change flag not set, detected flag not set 
    Times: hold 1, topology change 35, notification 2 
    hello 2, max age    20, forward delay 15 
    Timers: hello 0, topology change 0, notification 0 
    bridge aging time 300
    
   Port 6 (ATM4/0/0.1 RFC 1483) of Bridge group 1 is forwarding      
      Port path cost 15, Port priority 128 
      Designated root has priority 32768, address 0000.0c78.8fb8      
      Designated bridge has priority 32768, address 0000.0c78.8fb8      
      Designated port is 6, path cost 0 
      Timers: message age 0, forward delay 0, hold 0 
      BPDU: sent 0, received 1 

Step Six

If two remote users can ping the ATM interface and off-network IP addresses, but they cannot ping each other, determine whether they are configured under the same interface. Remote users cannot ping each other when configured on the same main interface or multipoint subinterface since broadcasts like ARP requests are not forwarded to the same interface on which they are received.

Control Broadcasts with Aging Timers

An important consideration in large IRB networks is the aging timer of IP ARP and bridge table entries. Always ensure that entries in both tables are aged almost simultaneously. Otherwise, there is unnecessary flooding of traffic in your links.

The default ARP timeout is four hours. The default bridge aging-time is ten minutes. For a remote user who is idle for ten minutes, the router purges the user's bridge table entry only and retains the ARP table entry. When the router needs to send traffic downstream to the remote user, it checks the ARP table and finds a valid entry that points to the MAC address. When the router checks the bridge table for this MAC address and fails to find it, the router floods the traffic out every VC in the bridge group. This flooding produces unnecessary amounts of traffic downstream.

When both aging timers are configured with the same value, both timers expire at the same time. An entry for a remote user is purged in both tables. When the router needs to send traffic downstream to the remote user, it checks the ARP table, finds no entry, and transmits an ARP request packet for the user rather than sending the data traffic out every VC. When it receives the ARP response, the router continues data transmission on the relevant VC only.

Use these commands to set the ARP and bridge table aging times.

7500-1(config)#bridge 1 aging-time ? 
    <10-1000000> Seconds
    
   7500-1(config)#interface bvi1 
   
   7500-1(config-if)#arp timeout ? 
      <0-2147483> Seconds 

Known Issue: Padding Ethernet Frames

RFC 2684 supersedes RFC 1483 for multiprotocol encapsulation over ATM. Section 5.2 of RFC 2684 requires an ATM bridged interface to pad received Ethernet/802.3 frames ( through incoming cells) to a minimum size that supports the MTU. RFC 2684 words this requirement like this:

"A bridge that uses the Bridged Ethernet/802.3 encapsulation format with the preserved LAN FCS MUST includes padding. A bridge that uses the Bridged Ethernet/802.3 encapsulation format without the preserved LAN FCS MAY either include padding, or omit it. When a bridge receives a frame in this format without the LAN FCS, it MUST be able to insert the necessary padding (if none is already present) before forwarding to an Ethernet/802.3 subnetwork."

Cisco implemented this requirement through these bug IDs:

Bug ID	Platform
CSCds02872 (registered customers only)	Particle-based platforms such as Cisco 7200 series and 2600/3600 series routers.
CSCds38408 (registered customers only)	Route Switch Processors (RSPs) or Cisco 7500 routers.
CSCdr52760 (registered customers only)	Catalyst XL switches.
CSCdu24062 (registered customers only)	Gigabit switch routers (GSRs). Note: This bug ID is listed for informational purposes only. GSR Engine 0 ATM line cards, such as the 4xOC3 and 1xOC12, cannot implement the padding due to the current architecture. The remote device that actually receives the sub-MTU frames and forwards them to Ethernet users must implement the required padding
CSCdu24059 (registered customers only)	Catalyst 2800 switches.
CSCdp82703 (registered customers only)	Catalyst 5000 switches.

Related Information

• ATM Technology Support Pages
• More ATM Information
• Technical Support - Cisco Systems