[c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k)

Aaron aaron1 at gvtc.com
Thu Aug 15 14:56:31 EDT 2013 

Hmmm, thanks.  I really would prefer not to send all 1,000+ blackhole routes
to all of my customer-facing pe's..(me3600's and asr901's) .  is there
another way whereas I make that blackhole decision on that boundary 9k?

 

Aaron

 

 

From: LavoJM [mailto:lavojm at secureobscure.com] 
Sent: Thursday, August 15, 2013 1:32 PM
To: 'Aaron'
Subject: RE: [c-nsp] why are packets not following the more specific route -
xr 4.1.2 (asr9k)

 

No, the first LER can determine the egress interface on the far end edge
device. It may not perform an additional IP lookup as it is unnecessary
because the ingress frame was labeled (pop and forward, no ip lookup).

 

3

 

 

From: Aaron [mailto:aaron1 at gvtc.com] 
Sent: Thursday, August 15, 2013 1:24 PM
To: 'Aaron'
Cc: 'LavoJM'; 'cisco-nsp'
Subject: RE: [c-nsp] why are packets not following the more specific route -
xr 4.1.2 (asr9k)

 

If ler1 flows everything via 0/0 lsp towards ler2, doesn't ler2 pop all mpls
tags prior to routing out towards internet via def rt ?..... if so couldn't
a more specific routing decision be made at that point towards blackhole /32
routes ?

 

Aaron

 

p.s. Why was vanilla ip forwarding more straightforward and easier than this
? J  

 

 

From: Aaron [mailto:dudepron at gmail.com] 
Sent: Thursday, August 15, 2013 1:16 PM
To: Aaron
Cc: LavoJM; cisco-nsp
Subject: Re: [c-nsp] why are packets not following the more specific route -
xr 4.1.2 (asr9k)

 

No label to the blackhole?

If LER1 isn't getting the routes how is it going to build the LSP to the
blackhole?

 

On Thu, Aug 15, 2013 at 2:05 PM, Aaron <aaron1 at gvtc.com> wrote:

Yes mpls core.

Traceroute on pc----- LER1---- mpls core-----LER2----- internet
                                                |
                                                Blackhole

Yes LER1 doesn't not have those /32 blackhole routes.... it does have the
def rt towards internet via LER2.

Aaron



-----Original Message-----
From: LavoJM [mailto:lavojm at secureobscure.com]
Sent: Thursday, August 15, 2013 12:41 PM
To: 'Aaron'
Subject: RE: [c-nsp] why are packets not following the more specific route -
xr 4.1.2 (asr9k)

Are you running MPLS in the core, and the first LER does not have a FEC for
the /32, but it does have one for default/other-internet routes?


3


-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
Aaron

Sent: Thursday, August 15, 2013 11:57 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] why are packets not following the more specific route -
xr 4.1.2 (asr9k)

(x.x.x.x is one of the /32 blackhole routes)

Oh and when I do this on that boundary 9k "traceroute x.x.x.x vrf xyz source
y.y.y.y" it appears to NOT follow the default route out to the internet and
it seems that it does follow the more specific blackhole route.  why would
mpls l3vpn located computers deeper into my internal network NOT follow this
more specific route as the packets flow across the forwarding plane of this
boundary 9k ??

Aaron

-----Original Message-----
From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
Aaron
Sent: Thursday, August 15, 2013 11:49 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] why are packets not following the more specific route - xr
4.1.2 (asr9k)

I have a blackhole security device injecting routes into my internet
boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are
installed in the per-vrf rib.  The next hop for those routes are via a
directly connected interface towards the blackhole.. But for some reason I
continue to see on traceroutes from a computer that's deeper into my
internal network via mpls l3vpn, that this computer's traceroutes flow right
passed that 9k's more specific routes and follows the default route out to
the internet.  Any idea why ?



Aaron

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list