[c-nsp] Troubleshooting ECMP/bundling issue (5-tuple black holing)

Lukas Tribus luky-37 at hotmail.com
Wed Mar 15 12:13:59 EDT 2017


Thanks for all the hints, in the end I used a simple for loop with curl to find affected source ports (works especially well with rejected ports):

for ((i=10001;i<=10020;i++)); do echo "Trying source-port $i"; curl -sSI "http://www.example.net:81/" --local-port $i -m 10 >/dev/null; done
Trying source-port 10001
curl: (7) Failed to connect to www.example.net port 81: Connection refused
[...]
Trying source-port 10013
*curl: (28) Connection timed out after 10001 milliseconds*
Trying source-port 10014
curl: (7) Failed to connect to www.example.net port 81: Connection refused
[...]



And tcptraceroute (which is in debian repositories) by specifying the tuple:

sudo tcptraceroute -p 10013 www.example.net 81
Selected device eth0, address 1.2.3.4, port 10013 for outgoing packets
Tracing the path to www.example.net on TCP port 81, 30 hops max
 1  192.168.0.1  0.169 ms  0.131 ms  0.160 ms
 2  po-20.ce42.cnsp-01.example.com (10.0.0.126)  0.482 ms  0.447 ms  0.547 ms
 3  xe-2-1-0.cr03.cnsp-01.example.com (10.0.0.127)  1.229 ms  0.381 ms  0.555 ms
 4  xe4-2-0-506.cnspter51.cnsp.example.org (10.0.1.5)  0.397 ms  0.395 ms  0.404 ms
 5  ae22.cnspter32.cnsp.example.org (10.0.1.6)  1.073 ms  1.031 ms  1.098 ms
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
Destination not reached



cheers,
lukas


More information about the cisco-nsp mailing list