[c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k)

Mattias Gyllenvarg mattias at gyllenvarg.se
Thu Aug 15 16:28:04 EDT 2013 

Yeah, then its the next hop of the 0/0 thats relevant.

How many routes do you have in ibgp then? Sounds like very few...


On Thu, Aug 15, 2013 at 10:25 PM, Aaron <aaron1 at gvtc.com> wrote:

> Internet routes?  I have only one…. Yours truly 0/0  ….I learn one route
> via ebgp from my upstream provider… 0/0****
>
> ** **
>
> I learn 1,000+ other routes via ebgp (multiphop serveral hops away) from
> another neighbor….this is the blackhole appliance injecting bgp routes into
> my same internet border asr9k….all those bh routes have a next hop of a
> private ip subnet that this same asr9k is directly connected to…so those
> routes have next hop of the bh interface of the appliance….****
>
> ** **
>
> Aaron****
>
> ** **
>
> ** **
>
> *From:* Mattias Gyllenvarg [mailto:mattias at gyllenvarg.se]
> *Sent:* Thursday, August 15, 2013 3:02 PM
>
> *To:* Aaron
> *Cc:* Aaron; cisco-nsp; LavoJM
> *Subject:* Re: [c-nsp] why are packets not following the more specific
> route - xr 4.1.2 (asr9k)****
>
> ** **
>
> The internet routes are the relevant ones. Do they point too lo0 or remote
> end?****
>
> ** **
>
>  Im sure one of the knights of the round table (Gert, Oliver, Adam etc)
> could answer about L3 processing at the end point.****
>
> ** **
>
> On Thu, Aug 15, 2013 at 9:35 PM, Aaron <aaron1 at gvtc.com> wrote:****
>
> The next hop of those bh routes is an ip address on the distant end of a
> layer 2 segment which is connected to that border asr9k****
>
>  ****
>
> Aaron****
>
>  ****
>
> *From:* Mattias Gyllenvarg [mailto:mattias at gyllenvarg.se]
> *Sent:* Thursday, August 15, 2013 2:27 PM
> *To:* Aaron
> *Cc:* Aaron; cisco-nsp; LavoJM****
>
>
> *Subject:* Re: [c-nsp] why are packets not following the more specific
> route - xr 4.1.2 (asr9k)****
>
>  ****
>
> I'm 100% on this but.****
>
>  ****
>
> Are they destined for the remote end of the link they might not get
> processed.****
>
> But if they are destined for the loopback of LER2 then they should.****
>
>  ****
>
> On Thu, Aug 15, 2013 at 8:24 PM, Aaron <aaron1 at gvtc.com> wrote:****
>
> If ler1 flows everything via 0/0 lsp towards ler2, doesn't ler2 pop all
> mpls
> tags prior to routing out towards internet via def rt ?..... if so couldn't
> a more specific routing decision be made at that point towards blackhole
> /32
> routes ?
>
>
>
> Aaron
>
>
>
> p.s. Why was vanilla ip forwarding more straightforward and easier than
> this
> ? J
>
>
>
>
>
> From: Aaron [mailto:dudepron at gmail.com]
> Sent: Thursday, August 15, 2013 1:16 PM
> To: Aaron
> Cc: LavoJM; cisco-nsp****
>
> Subject: Re: [c-nsp] why are packets not following the more specific route
> -
> xr 4.1.2 (asr9k)
>
>
>
> No label to the blackhole?
>
> If LER1 isn't getting the routes how is it going to build the LSP to the
> blackhole?
>
>
>
> On Thu, Aug 15, 2013 at 2:05 PM, Aaron <aaron1 at gvtc.com> wrote:
>
> Yes mpls core.
>
> Traceroute on pc----- LER1---- mpls core-----LER2----- internet
>                                                 |
>                                                 Blackhole
>
> Yes LER1 doesn't not have those /32 blackhole routes.... it does have the
> def rt towards internet via LER2.
>
> Aaron
>
>
>
> -----Original Message-----
> From: LavoJM [mailto:lavojm at secureobscure.com]
> Sent: Thursday, August 15, 2013 12:41 PM
> To: 'Aaron'
> Subject: RE: [c-nsp] why are packets not following the more specific route
> -
> xr 4.1.2 (asr9k)
>
> Are you running MPLS in the core, and the first LER does not have a FEC for
> the /32, but it does have one for default/other-internet routes?
>
>
> 3
>
>
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Aaron
>
> Sent: Thursday, August 15, 2013 11:57 AM
> To: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] why are packets not following the more specific route
> -
> xr 4.1.2 (asr9k)
>
> (x.x.x.x is one of the /32 blackhole routes)
>
> Oh and when I do this on that boundary 9k "traceroute x.x.x.x vrf xyz
> source
> y.y.y.y" it appears to NOT follow the default route out to the internet and
> it seems that it does follow the more specific blackhole route.  why would
> mpls l3vpn located computers deeper into my internal network NOT follow
> this
> more specific route as the packets flow across the forwarding plane of this
> boundary 9k ??
>
> Aaron
>
> -----Original Message-----
> From: cisco-nsp [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
> Aaron
> Sent: Thursday, August 15, 2013 11:49 AM
> To: cisco-nsp at puck.nether.net
> Subject: [c-nsp] why are packets not following the more specific route - xr
> 4.1.2 (asr9k)
>
> I have a blackhole security device injecting routes into my internet
> boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are
> installed in the per-vrf rib.  The next hop for those routes are via a
> directly connected interface towards the blackhole.. But for some reason I
> continue to see on traceroutes from a computer that's deeper into my
> internal network via mpls l3vpn, that this computer's traceroutes flow
> right
> passed that 9k's more specific routes and follows the default route out to
> the internet.  Any idea why ?
>
>
>
> Aaron
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/****
>
>
>
> ****
>
>  ****
>
> --
> *Med Vänliga Hälsningar*
> *Mattias Gyllenvarg*****
>
>
>
> ****
>
> ** **
>
> --
> *Med Vänliga Hälsningar*
> *Mattias Gyllenvarg*****
>



-- 
*Med Vänliga Hälsningar*
*Mattias Gyllenvarg*

More information about the cisco-nsp mailing list