[j-nsp] J-series & "protocols mpls ipv6-tunneling" == packet corruption
Phil Mayers
p.mayers at imperial.ac.uk
Thu Mar 17 12:44:18 EDT 2011
All,
This is a follow-up to my previous email.
We're seeing the following problem on our J4350 routers under 10.x
versions of JunOS - certainly still present under 10.4R2.7, as well as 10.1
Basically, enabling:
protocols {
mpls {
ipv6-tunneling
}
}
...causes the J-series to start corrupting IPv4 packets which it
forwards. Seemingly this is *only* for packets matching 0.0.0.0/0 and
*only* for packets received on interfaces outside of a routing instance.
We basically see a packet with:
ip src=x dst=y ttl=64 frag-offset=0 checksum=1234
...turned into the following on egress:
mpls label=X ttl=255
ip src=x dst=y ttl=64 frag-offset=2040 checksum=1234
i.e. the J-series seems to be corrupting/writing data into the IP
"flags" field, setting a fragment offset, and making the packet
completely invalid (as well as breaking the checksum)
If we disable ipv6-tunneling and then cause a routing event (e.g. clear
bgp neighbours, flap an interfaces) we see:
mpls label=X ttl=63
ip src=x dst=y ttl=64 frag-offset=0 checksum=1234
i.e. valid. Note the different MPLS ttl.
Anyone else seen anything like this? Anyone at all using ipv6-tunneling
with J-series?
I'm wondering if it's something specific to our config, but I can't
figure out what, given it only affects packets with a 0.0.0.0/0 route
match, even when the next-hop interface & MPLS label are the same.
Anyone got any suggestion how I can dig deeper?
More information about the juniper-nsp
mailing list