[f-nsp] found a null0 route bug?

Vinny Abello vinny at tellurian.com
Wed Jun 6 01:34:12 EDT 2007 

I can't test this specific setup with my XMR running 3300a, but I can
tell you that it works properly if the address is not directly attached
to an interface. I null routed a test IP address upstream on my XMR and
it successfully drops the packets. Sounds like it is specific to having
the device attached directly to an interface on the XMR. It looks like
the update routine for the CAM doesn't remove the entry if directly
attached when null routing it. I would open a case with Foundry. Smells
like a bug.

Daniel wrote:
> Hi all,
> 
> i think i found a bug on a Foundry XMR with IronWare 3300a.
> First off all here a very simple and short network plan:
> 
> Internet -> XMR -> Switch -> Switch -> Customers/Clients
> 
> I did a null0 route for an IP like:
> 
> ip route 192.168.0.100/32 null0
> 
> Oke, in normal cases the IP is null0 routed and no traffic is accessible
> to the "client". The funny think is, the null0 route gets ignored.
> The "client" is accessible as normal.
> 
> The ip route command shows following:
> 
>         Destination        Gateway         Port         Cost       Type
> 1       192.168.0.100/32   DIRECT          drop         1/1        S
> 
> In my eyes it looks normal and shows me "oke, drop requests to this ip"
> 
> Now the interesting point of that issue:
> 
> Slot Index      IP_Address                   MAC            Age VLAN Out Port
> 1    0x017ed(L) 192.168.0.100/32             000c.2957.8593 2   172  1/11
> 1    0x4dd6a(R) 192.168.0.100/32             N/A            Dis N/A  Drop
> 
> I see both entries in the cam, normal route and the null0 route.
> Nothing get dropped by the null0 route. The network is directly
> connected on the router (ve172).
> 
> I tested it on a JetCore with the same config and there it works
> without any problems.
> 
> Is it a feature, a bug or any hints? Share your experience
> 
> 

-- 

Vinny Abello
Network Engineer
vinny at tellurian.com
(973)940-6100
PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0  E935 5325 FBCB 0100 977A

Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com (888)TELLURIAN

"Courage is resistance to fear, mastery of fear - not absence of fear"
-- Mark Twain

More information about the foundry-nsp mailing list