[c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k)

Aaron dudepron at gmail.com
Thu Aug 15 14:16:15 EDT 2013 

No label to the blackhole?
If LER1 isn't getting the routes how is it going to build the LSP to the
blackhole?


On Thu, Aug 15, 2013 at 2:05 PM, Aaron <aaron1 at gvtc.com> wrote:

> Yes mpls core.
>
> Traceroute on pc----- LER1---- mpls core-----LER2----- internet
>                                                 |
>                                                 Blackhole
>
> Yes LER1 doesn't not have those /32 blackhole routes.... it does have the
> def rt towards internet via LER2.
>
> Aaron
>
>
> -----Original Message-----
> From: LavoJM [mailto:lavojm at secureobscure.com]
> Sent: Thursday, August 15, 2013 12:41 PM
> To: 'Aaron'
> Subject: RE: [c-nsp] why are packets not following the more specific route
> -
> xr 4.1.2 (asr9k)
>
> Are you running MPLS in the core, and the first LER does not have a FEC for
> the /32, but it does have one for default/other-internet routes?
>
> 3
>
>
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Aaron
> Sent: Thursday, August 15, 2013 11:57 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] why are packets not following the more specific route
> -
> xr 4.1.2 (asr9k)
>
> (x.x.x.x is one of the /32 blackhole routes)
>
> Oh and when I do this on that boundary 9k "traceroute x.x.x.x vrf xyz
> source
> y.y.y.y" it appears to NOT follow the default route out to the internet and
> it seems that it does follow the more specific blackhole route.  why would
> mpls l3vpn located computers deeper into my internal network NOT follow
> this
> more specific route as the packets flow across the forwarding plane of this
> boundary 9k ??
>
> Aaron
>
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Aaron
> Sent: Thursday, August 15, 2013 11:49 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] why are packets not following the more specific route - xr
> 4.1.2 (asr9k)
>
> I have a blackhole security device injecting routes into my internet
> boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are
> installed in the per-vrf rib.  The next hop for those routes are via a
> directly connected interface towards the blackhole.. But for some reason I
> continue to see on traceroutes from a computer that's deeper into my
> internal network via mpls l3vpn, that this computer's traceroutes flow
> right
> passed that 9k's more specific routes and follows the default route out to
> the internet.  Any idea why ?
>
>
>
> Aaron
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list