RE: [nsp] ICMP Unreachable and CEF

From: Douglas M. Todd, Jr. (dtodd@partners.org)
Date: Thu Jan 24 2002 - 15:33:17 EST

Next message: Scott.Keoseyan@BroadWing.com: "RE: [nsp] 10Mb eth question"
Previous message: Steven W. Raymond: "Re: [nsp] ICMP Unreachable and CEF"
In reply to: Elijah Kagan: "[nsp] ICMP Unreachable and CEF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all:

Can't get access to bug: CSCdj55180.

However here is some thoughts.

According to Cisco Documentation null is the bit bucket and will
generate an unreachable for any packet routed to that interface. The
only exception is if we have the no unreachables statement on the
interface.

doing a show cef drop might help with what is causing the packets to
be discarded.

One difference between the GSR and the 7500/2600 etc is that the GSR
uses dcef by default. This might cause the difference in behavior
between the 7500 VIP and GSR. If you have a second generation VIP
you could try using dcef and see if the unreachables go away.

I would run sh ip cef adj null and see how many null adjacency you
have this would cause some problems. The CEF/FIB table should be an
exact copy of your active routing table. I would make sure that the
routing table and the cef table are the same.
Any packet destine to the null adj is dropped and I would assume
that an unreachable is sent.

Good general doc on cef:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/ios112
p/gsr/cef.htm

- ----SIGNAURE-------
Douglas M. Todd, Jr.
CCNP
Network Engineering
Partners Health Care
Building 149
149 13 Street
Charlestown, MA 02129-200
Tel: 617.726.1403
Email: dtodd@partners.org
- --------------------------------------------------------------------
PGP Finger Print: 9429 CAE3 B2D1 C2E1 DFBC E7A6 E90A 9BE5 C7B6 47BC
Key
available:http://keyserver.pgp.com:80/pks/lookup?op=get&exact=off&sear
ch=dtodd%40partners.org
Verisign S/N: 3ff65cdf58b9dceda004baeed49e16cf
https://digitalid.verisign.com/services/client/index.html

>-----Original Message-----
>From: Elijah Kagan [mailto:elijah@netvision.net.il]
>Sent: Thursday, January 24, 2002 4:22 AM
>To: cisco-nsp@puck.nether.net
>Subject: [nsp] ICMP Unreachable and CEF
>
>
>I always thought that when a router forwards packets to Null0 it
>also generates ICMP Unreachable message to indicate this event. It
>seems that
>this is not the case on routers running CEF. I checked this on
>several platforms: 7500, 7200 and 3600. Whenever CEF is turned off I
>see those unreachables pouring in, with CEF on - nothing.
>
>Is this the expected behavior? Can anyone expand on this issue?
>
>-- elijah
>
>P.S. I am running 12.0(x)S on 7200 and 7500.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBPFBvjQgiZycqTvq3EQKzdQCeMSNnvUoXhbw+vSNjXAqJSY65LroAoO+d
SW+ae62yNbcEFlDVpNOjoWKI
=Sk/6
-----END PGP SIGNATURE-----

Next message: Scott.Keoseyan@BroadWing.com: "RE: [nsp] 10Mb eth question"
Previous message: Steven W. Raymond: "Re: [nsp] ICMP Unreachable and CEF"
In reply to: Elijah Kagan: "[nsp] ICMP Unreachable and CEF"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:29 EDT