(x.x.x.x is one of the /32 blackhole routes) Oh and when I do this on that boundary 9k "traceroute x.x.x.x vrf xyz source y.y.y.y" it appears to NOT follow the default route out to the internet and it seems that it does follow the more specific blackhole route. why would mpls l3vpn located computers deeper into my internal network NOT follow this more specific route as the packets flow across the forwarding plane of this boundary 9k ??
Aaron -----Original Message----- From: cisco-nsp [mailto:[email protected]] On Behalf Of Aaron Sent: Thursday, August 15, 2013 11:49 AM To: [email protected] Subject: [c-nsp] why are packets not following the more specific route - xr 4.1.2 (asr9k) I have a blackhole security device injecting routes into my internet boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are installed in the per-vrf rib. The next hop for those routes are via a directly connected interface towards the blackhole.. But for some reason I continue to see on traceroutes from a computer that's deeper into my internal network via mpls l3vpn, that this computer's traceroutes flow right passed that 9k's more specific routes and follows the default route out to the internet. Any idea why ? Aaron _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
