[f-nsp] [FastIron] RIP routes does not get into CAM

[Youssef Ghorbal]

On Sat, Oct 2, 2010 at 2:52 PM, Youssef Ghorbal
<youssef.ghorbal at gmail.com> wrote:
>  I have a FastIron 800, learning routes from a RIP neighbor and having
> some directly attached networks.
>  I suspect that the network is facing an IP scan for all my prefixes'
> IPs and that is seeming to get the Fastiron a little distirbed :
>  - Directly attached networks have a PING RTT around 1ms which is normal.
>  - Networks learned from RIP have a PING RTT around 30ms which is not
> normal. The RIP neighbor is directly attached to the FastIron and the
> link is tested and good (direct PING between neighbors is <1ms)
>  When the scan seems to stop, the RIP networks get their 1ms PING RTT.
>
>  I suspect a CAM exhaustion situation under scan, the CAM seems to be
> filled with a lot of non assigned IP adresses and I can't see any RIP
> routes in it. I thought that prefixes learned get loaded in the CAM or
> am I mistaken ? At least thats the case of the neighbor (which is a
> MLX-16)
>
> How can I see CAM filling status of my uplink port ? ('free' figures
> in the show cam-partition module x does not seem near 0 for layer3)
> How can I make the FastIron "complain" (syslog or console messages)
> when it's in a CAM exhaustion situation ?
>
> In all situations (scan or not) when I ping a machine in a network
> learned by RIP, I don't find any entry about the destination machine
> (or it's prefix) in the CAM ? is their any magic command to see CAM
> modifications in real time ? maybe it's the CAM that is no longer
> accepting updates for some reasons

I was wrong about the IP scan hypothesis. I wasn't looking at the
right place for CAM entries. I had to look at the inbound interfaces
not the outbound ones. The CAM is correctly feeded by the correct
prefixes..

Youssef Ghorbal