[c-nsp] Cisco CEF Hashing algorithm

Ed Ravin eravin at panix.com
Wed Dec 27 16:17:47 EST 2006


On Wed, Dec 27, 2006 at 03:26:46PM -0500, Matthew Crocker wrote:
> I'm having a weird problem where some of my IPs can web browse and  
> some cannot.  If I go onto a working IP I can traceroute -P TCP -p 80  
> to the destination website just fine.  If I use a broken IP the  
> traceroute dies at a border between ATT & Alternet.   It is a very  
> strange problem,

More than once, I've seen that happen, where some IP blocks suddenly
stopped working, either as sources or as destinations.  During one of
those outages, an ambitious customer of mine modified tcptraceroute
to use sub-second timeouts and then began sweeping various ranges
to see what worked and what didn't.  This was his report:

  Every 16 addresses, 32 addresses are not reachable.  So the
  pattern goes "16 reachable/32 not/16 reachable/32 not" and covers your
  entire address space AFAICT.

The strange part of this problem was that pings and UDP traceroutes worked
fine.

Eventually the provider, after more than 14 hours of diagnostics, took
our advice and turned off the link where our tcptraceroutes were failing.
That solved the problem for us.


More information about the cisco-nsp mailing list