[f-nsp] CAM and ip net-aggregate or ip supernet aggregate - does it help to free the cam up ? WAS:AW: cam strangeness

Gerald Krause gk at ax.tc
Mon Mar 6 17:48:23 EST 2006 

On Monday 06 March 2006 22:05, Stephen J. Wilcox wrote:
> On Mon, 6 Mar 2006, Gerald Krause wrote:
> > On Monday 06 March 2006 16:48, Gunther Stammwitz wrote:
> > > What do the others say: does aggregation help and does the cam
> > > usually fill up in an isp enviorment?
> >
> >    I do not use aggregation yet but this might be also interesting:
> > I see a lot of /32 CAM entries for destinations that are reachable
> > through a supernet which the router learned via OSPF from two
> > neighbors via two Ethernet links (= 4 equal paths):
>
> i dont see this behaviour on both routers with and without
> aggregation enabled, i checked against routes learned in ospf with 2
> or 3 next hops of the same cost
>
> however i do observe /32s being added where the route is to discard
> (by having a static 0.0.0.0/0 to null0) - this may explain why my CAM
> is getting so full

   I also have a 0/0->null0 route in my config and after some deeper 
inspection I realize that all my /32s seems to be not reachable hosts 
(not configured on any other device - only the grounding routes 
via /18->null0 on the two other routers exist).

   The only hint I have so far is that I see this behavior only on a 
certain /18 (other /18s have proper CAM entries) and that this /18 is 
scanned very often for open ports. So the source of the problem could 
be related to the amount of different destinations foreign systems try 
to reach in our network.

   But this makes the situation not clearer to me. I simply would expect 
the NI forwarding all incomming packets towards the 4 next hops through 
4 /18 CAM entries regardless if the host is reachable in the end or 
not.

> >    Reading the 'Changing CAM Partitions' document on the Foundry
> > website does not really enlighten me - especially "Example 2" looks
> > weird for me. In my opinion the /32's would make sense for directly
> > connected systems or host routes only.... or have I missed
> > something?
>
> yeah i have no idea why they would need to use /32s when simply
> adding the /30 and not applying aggregation would be better

   Ack and I'am notably astonished about their conclusion "adding 
50.50.50.0/30 ... results in ... 50.1.1.1/32" without any comments - 
wtf?!? I'll like their drugs ;-)


-- 
Gerald

More information about the foundry-nsp mailing list