[c-nsp] Troubleshooting ECMP/bundling issue (5-tuple black holing)
Lukas Tribus
luky-37 at hotmail.com
Wed Mar 15 12:13:59 EDT 2017
Thanks for all the hints, in the end I used a simple for loop with curl to find affected source ports (works especially well with rejected ports):
for ((i=10001;i<=10020;i++)); do echo "Trying source-port $i"; curl -sSI "http://www.example.net:81/" --local-port $i -m 10 >/dev/null; done
Trying source-port 10001
curl: (7) Failed to connect to www.example.net port 81: Connection refused
[...]
Trying source-port 10013
*curl: (28) Connection timed out after 10001 milliseconds*
Trying source-port 10014
curl: (7) Failed to connect to www.example.net port 81: Connection refused
[...]
And tcptraceroute (which is in debian repositories) by specifying the tuple:
sudo tcptraceroute -p 10013 www.example.net 81
Selected device eth0, address 1.2.3.4, port 10013 for outgoing packets
Tracing the path to www.example.net on TCP port 81, 30 hops max
1 192.168.0.1 0.169 ms 0.131 ms 0.160 ms
2 po-20.ce42.cnsp-01.example.com (10.0.0.126) 0.482 ms 0.447 ms 0.547 ms
3 xe-2-1-0.cr03.cnsp-01.example.com (10.0.0.127) 1.229 ms 0.381 ms 0.555 ms
4 xe4-2-0-506.cnspter51.cnsp.example.org (10.0.1.5) 0.397 ms 0.395 ms 0.404 ms
5 ae22.cnspter32.cnsp.example.org (10.0.1.6) 1.073 ms 1.031 ms 1.098 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Destination not reached
cheers,
lukas
More information about the cisco-nsp
mailing list