[c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k)

Mattias Gyllenvarg mattias at gyllenvarg.se
Thu Aug 15 14:44:37 EDT 2013


It can't and it won't.

This is a nice gotcha for MPLS, we where pulling our hair for a while until
we got it in our heads that MPLS packets are not processed at every L3-hop.


On Thu, Aug 15, 2013 at 8:16 PM, Aaron <dudepron at gmail.com> wrote:

> No label to the blackhole?
> If LER1 isn't getting the routes how is it going to build the LSP to the
> blackhole?
>
>
> On Thu, Aug 15, 2013 at 2:05 PM, Aaron <aaron1 at gvtc.com> wrote:
>
> > Yes mpls core.
> >
> > Traceroute on pc----- LER1---- mpls core-----LER2----- internet
> >                                                 |
> >                                                 Blackhole
> >
> > Yes LER1 doesn't not have those /32 blackhole routes.... it does have the
> > def rt towards internet via LER2.
> >
> > Aaron
> >
> >
> > -----Original Message-----
> > From: LavoJM [mailto:lavojm at secureobscure.com]
> > Sent: Thursday, August 15, 2013 12:41 PM
> > To: 'Aaron'
> > Subject: RE: [c-nsp] why are packets not following the more specific
> route
> > -
> > xr 4.1.2 (asr9k)
> >
> > Are you running MPLS in the core, and the first LER does not have a FEC
> for
> > the /32, but it does have one for default/other-internet routes?
> >
> > 3
> >
> >
> > -----Original Message-----
> > From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> > Aaron
> > Sent: Thursday, August 15, 2013 11:57 AM
> > To: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] why are packets not following the more specific
> route
> > -
> > xr 4.1.2 (asr9k)
> >
> > (x.x.x.x is one of the /32 blackhole routes)
> >
> > Oh and when I do this on that boundary 9k "traceroute x.x.x.x vrf xyz
> > source
> > y.y.y.y" it appears to NOT follow the default route out to the internet
> and
> > it seems that it does follow the more specific blackhole route.  why
> would
> > mpls l3vpn located computers deeper into my internal network NOT follow
> > this
> > more specific route as the packets flow across the forwarding plane of
> this
> > boundary 9k ??
> >
> > Aaron
> >
> > -----Original Message-----
> > From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> > Aaron
> > Sent: Thursday, August 15, 2013 11:49 AM
> > To: cisco-nsp at puck.nether.net
> > Subject: [c-nsp] why are packets not following the more specific route -
> xr
> > 4.1.2 (asr9k)
> >
> > I have a blackhole security device injecting routes into my internet
> > boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the
> are
> > installed in the per-vrf rib.  The next hop for those routes are via a
> > directly connected interface towards the blackhole.. But for some reason
> I
> > continue to see on traceroutes from a computer that's deeper into my
> > internal network via mpls l3vpn, that this computer's traceroutes flow
> > right
> > passed that 9k's more specific routes and follows the default route out
> to
> > the internet.  Any idea why ?
> >
> >
> >
> > Aaron
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



-- 
*Med Vänliga Hälsningar*
*Mattias Gyllenvarg*


More information about the cisco-nsp mailing list