[Re: [[nsp] 127.0.0.0/8 unroutable?]]

Hank Nussbacher hank at att.net.il
Wed Nov 12 00:21:03 EST 2003 

At 01:40 PM 11-11-03 -0800, Shankar Vemulapalli wrote:
>In this case, the router will end-up in dropping the packet.
>This is because, it is pointing to the default-route handler.
>
>As you observe below, we don't really have 127.0.0.1 entry in the
>CEF table.  When we do a longest match, we return 0.0.0.0/0 [as seen
>below].
>
>This is either a default route (if the configuration has a default route)
>or the default route handler, which will end up in dropping the traffic.

With 12.0(25)S2:

TAU-gp1#sho ip cef 127.0.0.0
%Prefix not found
TAU-gp1#sho ip cef 127.0.0.1
%Prefix not found
TAU-gp1#sho ip rou 127.0.0.0
% Network not in table

Eh?  I have another 7500 with 12.0(25)S2 as well and it works as you 
describe below:

BIU-GP0#sho ip cef 127.0.0.1
0.0.0.0/0, version 648014, epoch 0, per-destination sharing
0 packets, 0 bytes
   Flow: AS 0, mask 0
   via 1xx.139.188.1, GigabitEthernet4/0/0, 0 dependencies
     next hop 128.139.188.1, GigabitEthernet4/0/0
     valid adjacency
   35545148 packets, 1942350576 bytes switched through the prefix
   tmstats: external 0 packets, 0 bytes
            internal 35545148 packets, 1942350576 bytes
   30 second output rate 2 Kbits/sec
BIU-GP0#sho ip cef 127.0.0.0
0.0.0.0/0, version 648014, epoch 0, per-destination sharing
0 packets, 0 bytes
   Flow: AS 0, mask 0
   via 1xx.139.188.1, GigabitEthernet4/0/0, 0 dependencies
     next hop 128.139.188.1, GigabitEthernet4/0/0
     valid adjacency
   35545155 packets, 1942351032 bytes switched through the prefix
   tmstats: external 0 packets, 0 bytes
            internal 35545155 packets, 1942351032 bytes
   30 second output rate 3 Kbits/sec

-Hank


>louis#sh ip cef 127.0.0.1
>0.0.0.0/0, version 0, epoch 0, attached, default route handler <<<<<<
>0 packets, 0 bytes
>   via 0.0.0.0, 0 dependencies
>     valid null adjacency
>
>louis#sh ip cef 0.0.0.0 0.0.0.0
>0.0.0.0/0, version 0, epoch 0, attached, default route handler <<<<<
>0 packets, 0 bytes
>   via 0.0.0.0, 0 dependencies
>     valid null adjacency
>
>louis#sh ip cef
>Prefix        Next Hop    Interface
>0.0.0.0/0     drop        Null0 (default route handler entry) <<<<<
>
>Hope it helps,
>
>
>/Shankar
>
>At 1:29pm 11/11/03 -0500, joshua sahala wrote:
> > Hank Nussbacher <hank at att.net.il> wrote:
> >
> > >
> > > Ok.  I'll bite: and if a crafted packet comes in with source 127.x.x.x
> > > or even better - destined to 127.x.x.x and there is no route entry, no
> > > cef entry, nada - what does IOS do with the packet?
> > >
> > > -Hank
> >
> > there is a cef entry (from a 7513 running 12.0(25)S1):
> >
> > tricksy_router#sho ip route 127.0.0.1
> > % Network not in table
> > tricksy_router#sho ip cef 127.0.0.1
> > 0.0.0.0/0, version 0, epoch 0, attached, default route handler
> > 0 packets, 0 bytes
> >   via 0.0.0.0, 0 dependencies
> >     valid null adjacency
> > tricksy_router#
> >
> > as to what the router does with it, i'm not sure, my bogon filters block
> > it before it gets to the router (don't yours? ;) )
> >
> > it is an interesting question, will the router (lacking appropriate bogon
> > and spoofing filters) pass a packet source from 127.x.x.x to a valid
> > (or invalid) address on the other side of the router - sounds like
> > something to play with....
> >
> > /joshua
> >
> >
> >
> > "Walk with me through the Universe,
> >  And along the way see how all of us are Connected.
> >  Feast the eyes of your Soul,
> >  On the Love that abounds.
> >  In all places at once, seemingly endless,
> >  Like your own existence."
> >      - Stephen Hawking -
> >
> >
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >

More information about the cisco-nsp mailing list