[f-nsp] CAM and ip net-aggregate or ip supernet aggregate - does it help to free the cam up ? WAS:AW: cam strangeness

Kristian Larsson kristian at juniks.net
Tue Mar 7 01:55:52 EST 2006 

On Mon, Mar 06, 2006 at 11:48:23PM +0100, Gerald Krause wrote:
> On Monday 06 March 2006 22:05, Stephen J. Wilcox wrote:
> > On Mon, 6 Mar 2006, Gerald Krause wrote:
> > > On Monday 06 March 2006 16:48, Gunther Stammwitz wrote:
> > > > What do the others say: does aggregation help and does the cam
> > > > usually fill up in an isp enviorment?
> > >
> > >    I do not use aggregation yet but this might be also interesting:
> > > I see a lot of /32 CAM entries for destinations that are reachable
> > > through a supernet which the router learned via OSPF from two
> > > neighbors via two Ethernet links (= 4 equal paths):
> >
> > i dont see this behaviour on both routers with and without
> > aggregation enabled, i checked against routes learned in ospf with 2
> > or 3 next hops of the same cost
> >
> > however i do observe /32s being added where the route is to discard
> > (by having a static 0.0.0.0/0 to null0) - this may explain why my CAM
> > is getting so full
> 
>    I also have a 0/0->null0 route in my config and after some deeper 
> inspection I realize that all my /32s seems to be not reachable hosts 
> (not configured on any other device - only the grounding routes 
> via /18->null0 on the two other routers exist).
> 
>    The only hint I have so far is that I see this behavior only on a 
> certain /18 (other /18s have proper CAM entries) and that this /18 is 
> scanned very often for open ports. So the source of the problem could 
> be related to the amount of different destinations foreign systems try 
> to reach in our network.
> 
>    But this makes the situation not clearer to me. I simply would expect 
> the NI forwarding all incomming packets towards the 4 next hops through 
> 4 /18 CAM entries regardless if the host is reachable in the end or 
> not.
checkout ip hw-drop-def-in-hardware or something
like that..
> 
> > >    Reading the 'Changing CAM Partitions' document on the Foundry
> > > website does not really enlighten me - especially "Example 2" looks
> > > weird for me. In my opinion the /32's would make sense for directly
> > > connected systems or host routes only.... or have I missed
> > > something?
> >
> > yeah i have no idea why they would need to use /32s when simply
> > adding the /30 and not applying aggregation would be better
> 
>    Ack and I'am notably astonished about their conclusion "adding 
> 50.50.50.0/30 ... results in ... 50.1.1.1/32" without any comments - 
> wtf?!? I'll like their drugs ;-)
> 
> 
> -- 
> Gerald
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp

More information about the foundry-nsp mailing list