[c-nsp] ASR9000 ABF question
Hank Nussbacher
hank at efes.iucc.ac.il
Thu Jul 16 03:23:05 EDT 2015
At 09:10 16/07/2015 +0200, Gert Doering wrote:
>Hi,
>
>On Thu, Jul 16, 2015 at 10:06:02AM +0300, Hank Nussbacher wrote:
> > RP/0/RSP0/CPU0:GP1#show access-lists ipv4 catch hardware ingress location
> > 0/1/cpu0
> > Thu Jul 16 10:03:09.876 IDT
> > ipv4 access-list catch
> > 10 permit ipv4 host 111.107.97.111 any (next-hop: addr=128.139.217.4, vrf
>
>Is 128.139.217.4 directly adjacent to this router?
Yes.
RP/0/RSP0/CPU0:GP1#sho int GigabitEthernet0/1/0/10
Thu Jul 16 10:18:50.884 IDT
GigabitEthernet0/1/0/10 is up, line protocol is up
Hardware is GigabitEthernet, address is 5087.895f.2e3e (bia 5087.895f.2e3e)
Internet address is 128.139.217.1/24
RP/0/RSP0/CPU0:GP1#sho arp | incl 128.139.217
Thu Jul 16 10:17:58.551 IDT
128.139.217.1 - 5087.895f.2e3e Interface ARPA
GigabitEthernet0/1/0/10
128.139.217.4 00:01:04 000c.29cc.b396 Dynamic ARPA
GigabitEthernet0/1/0/10
Not only that, but I obviously shrunk the ACL I provided here since we have
some other IPs listed there which are being ABFed:
30 permit ipv4 host 111.64.157.111 any (2 hw matches) (next-hop:
addr=128.139.217.4, vrf name=default)
70 permit ipv4 host 111.25.226.111 any (1 hw match) (next-hop:
addr=128.139.217.4, vrf name=default)
80 permit ipv4 host 111.25.20.111 any (1 hw match) (next-hop:
addr=128.139.217.4, vrf name=default)
110 permit ipv4 host 111.254.28.111 any (70 hw matches) (next-hop:
addr=128.139.217.4, vrf name=default)
So some are being caught and others not. Bug?
Thanks,
Hank
>As far as I understand, this is a requirement for ABF to work.
>
>(I tested with 4.3.4 and a directly adjacent next-hop and it worked for me,
>but can't say much more about it)
>
>gert
>--
>USENET is *not* the non-clickable part of WWW!
>
>//www.muc.de/~gert/
>Gert Doering - Munich, Germany gert at greenie.muc.de
>fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
More information about the cisco-nsp
mailing list