[c-nsp] L3 Policy-Map hits switched traffic
Bernhard Schmidt
berni at birkenwald.de
Thu Sep 7 16:59:38 EDT 2006
On Thu, Sep 07, 2006 at 01:45:37PM -0700, Tim Stevenson wrote:
Hi Tim,
> You are right that if the DMAC is not that of R2's vlan interface,
> the traffic should not be hitting the PBR at all, so something weird
> is going on somewhere; are you saying that R4 is the gateway for
> User1, or are User1 & User2 L2 adjacent (same vlan)?
There are three VLANs involved here, one from User1 to R1 (incoming on a
GE .1q trunk on R1), one spanning all four routers on 10GE interfaces
and one from R4 to User2 (outgoing on 10GE as well). So basically R1 and
R4 are routing, R2 and R3 are switching.
> Your comment that the packet is sent w/DMAC of R4 suggests R4 is
> L3-switching to User2. Any chance R4 is for some reason sending the
> traffic back to R2 with DMAC=R2 SVI MAC?
I'm pretty sure it isn't. We ran a monitoring session (egress to GE)
mirroring the incoming 10GE on both R2 and R3, traffic was invisible on
both. The incoming 10GE on R2 has quite some load and packets were sent
by User1 by a low rate, so maybe the sniffer was not able to keep it up,
but on R3 there was way less traffic and it was not visible there as
well. Additionally we had a look into the "sh mls ip" entries on R4 and
attached an ACL on the ingress SVI on R4 logging all packets from User1,
none of them showed anything.
Regards,
Bernhard
More information about the cisco-nsp
mailing list