On Sun, 15 Nov 2009, Hector Herrera wrote:
Since the number of packets in the two commands above are very close to each other, I think I have identified the network interface with the large number of TTL-expired packets. It is a BGP interface, so my best guess is that a BGP neighbour is advertising routes that they don't actually carry in their routing tables and for some reason they are sending the packets back to me, and the question now is to locate the culprit route advertisement and contact the neighbor. Right?
Yes, or they didn't null-route their aggregate prefix and has default route to you (or you didn't null-route your prefix and you have a default route to them).
Best way is probably to port-mirror the port and look for the ICMP messages generated. You might also have luck with "debug icmp" on the 3550 and see whereto the ICMP messages are sent. There might also be a debug command to actually tell you what unreachables are being sent. Make sure you have "no logging console", and remember it's always a risk to debug things...
-- Mikael Abrahamsson email: swm...@swm.pp.se _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
