[c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k)

Mattias Gyllenvarg mattias at gyllenvarg.se
Thu Aug 15 16:02:23 EDT 2013


The internet routes are the relevant ones. Do they point too lo0 or remote
end?

 Im sure one of the knights of the round table (Gert, Oliver, Adam etc)
could answer about L3 processing at the end point.


On Thu, Aug 15, 2013 at 9:35 PM, Aaron <aaron1 at gvtc.com> wrote:

> The next hop of those bh routes is an ip address on the distant end of a
> layer 2 segment which is connected to that border asr9k****
>
> ** **
>
> Aaron****
>
> ** **
>
> *From:* Mattias Gyllenvarg [mailto:mattias at gyllenvarg.se]
> *Sent:* Thursday, August 15, 2013 2:27 PM
> *To:* Aaron
> *Cc:* Aaron; cisco-nsp; LavoJM
>
> *Subject:* Re: [c-nsp] why are packets not following the more specific
> route - xr 4.1.2 (asr9k)****
>
> ** **
>
> I'm 100% on this but.****
>
> ** **
>
> Are they destined for the remote end of the link they might not get
> processed.****
>
> But if they are destined for the loopback of LER2 then they should.****
>
> ** **
>
> On Thu, Aug 15, 2013 at 8:24 PM, Aaron <aaron1 at gvtc.com> wrote:****
>
> If ler1 flows everything via 0/0 lsp towards ler2, doesn't ler2 pop all
> mpls
> tags prior to routing out towards internet via def rt ?..... if so couldn't
> a more specific routing decision be made at that point towards blackhole
> /32
> routes ?
>
>
>
> Aaron
>
>
>
> p.s. Why was vanilla ip forwarding more straightforward and easier than
> this
> ? J
>
>
>
>
>
> From: Aaron [mailto:dudepron at gmail.com]
> Sent: Thursday, August 15, 2013 1:16 PM
> To: Aaron
> Cc: LavoJM; cisco-nsp****
>
> Subject: Re: [c-nsp] why are packets not following the more specific route
> -
> xr 4.1.2 (asr9k)
>
>
>
> No label to the blackhole?
>
> If LER1 isn't getting the routes how is it going to build the LSP to the
> blackhole?
>
>
>
> On Thu, Aug 15, 2013 at 2:05 PM, Aaron <aaron1 at gvtc.com> wrote:
>
> Yes mpls core.
>
> Traceroute on pc----- LER1---- mpls core-----LER2----- internet
>                                                 |
>                                                 Blackhole
>
> Yes LER1 doesn't not have those /32 blackhole routes.... it does have the
> def rt towards internet via LER2.
>
> Aaron
>
>
>
> -----Original Message-----
> From: LavoJM [mailto:lavojm at secureobscure.com]
> Sent: Thursday, August 15, 2013 12:41 PM
> To: 'Aaron'
> Subject: RE: [c-nsp] why are packets not following the more specific route
> -
> xr 4.1.2 (asr9k)
>
> Are you running MPLS in the core, and the first LER does not have a FEC for
> the /32, but it does have one for default/other-internet routes?
>
>
> 3
>
>
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Aaron
>
> Sent: Thursday, August 15, 2013 11:57 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] why are packets not following the more specific route
> -
> xr 4.1.2 (asr9k)
>
> (x.x.x.x is one of the /32 blackhole routes)
>
> Oh and when I do this on that boundary 9k "traceroute x.x.x.x vrf xyz
> source
> y.y.y.y" it appears to NOT follow the default route out to the internet and
> it seems that it does follow the more specific blackhole route.  why would
> mpls l3vpn located computers deeper into my internal network NOT follow
> this
> more specific route as the packets flow across the forwarding plane of this
> boundary 9k ??
>
> Aaron
>
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Aaron
> Sent: Thursday, August 15, 2013 11:49 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] why are packets not following the more specific route - xr
> 4.1.2 (asr9k)
>
> I have a blackhole security device injecting routes into my internet
> boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are
> installed in the per-vrf rib.  The next hop for those routes are via a
> directly connected interface towards the blackhole.. But for some reason I
> continue to see on traceroutes from a computer that's deeper into my
> internal network via mpls l3vpn, that this computer's traceroutes flow
> right
> passed that 9k's more specific routes and follows the default route out to
> the internet.  Any idea why ?
>
>
>
> Aaron
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/****
>
>
>
> ****
>
> ** **
>
> --
> *Med Vänliga Hälsningar*
> *Mattias Gyllenvarg*****
>



-- 
*Med Vänliga Hälsningar*
*Mattias Gyllenvarg*


More information about the cisco-nsp mailing list