[j-nsp] Traceroute not working as expected
Saku Ytti
saku at ytti.fi
Mon Dec 18 16:17:13 EST 2017
On 18 December 2017 at 22:51, Dan White <dwhite at olp.net> wrote:
> ICMP redirect is the first thing that comes to mind, along with perhaps
> inconsistent ICMP filtering rules.
My bet as well, what I believe transpired
a) internet is down (or route to 10.2.0.1 does not exist at any rate)
b) best route to 10.2.0.1 from .1/carrier-router is to .2/fwA
c) .4/fwC tries to reach 10.2.0.1, packet goe to .1/carrier-router
d) carrier-router notices best route is back to sam interface, and
instructs 4/fwC vai ICMP redirect to use direct route instead, to
avoid unnecessary hop
e) .4/fwC believes this (typically installs local static route)
solution1) turn off IP rediredts on carrier router
solution2) drop incoming icmp redirects on fw[ABC]
--
++ytti
More information about the juniper-nsp
mailing list