No label to the blackhole? If LER1 isn't getting the routes how is it going to build the LSP to the blackhole?
On Thu, Aug 15, 2013 at 2:05 PM, Aaron <[email protected]> wrote: > Yes mpls core. > > Traceroute on pc----- LER1---- mpls core-----LER2----- internet > | > Blackhole > > Yes LER1 doesn't not have those /32 blackhole routes.... it does have the > def rt towards internet via LER2. > > Aaron > > > -----Original Message----- > From: LavoJM [mailto:[email protected]] > Sent: Thursday, August 15, 2013 12:41 PM > To: 'Aaron' > Subject: RE: [c-nsp] why are packets not following the more specific route > - > xr 4.1.2 (asr9k) > > Are you running MPLS in the core, and the first LER does not have a FEC for > the /32, but it does have one for default/other-internet routes? > > 3 > > > -----Original Message----- > From: cisco-nsp [mailto:[email protected]] On Behalf Of > Aaron > Sent: Thursday, August 15, 2013 11:57 AM > To: [email protected] > Subject: Re: [c-nsp] why are packets not following the more specific route > - > xr 4.1.2 (asr9k) > > (x.x.x.x is one of the /32 blackhole routes) > > Oh and when I do this on that boundary 9k "traceroute x.x.x.x vrf xyz > source > y.y.y.y" it appears to NOT follow the default route out to the internet and > it seems that it does follow the more specific blackhole route. why would > mpls l3vpn located computers deeper into my internal network NOT follow > this > more specific route as the packets flow across the forwarding plane of this > boundary 9k ?? > > Aaron > > -----Original Message----- > From: cisco-nsp [mailto:[email protected]] On Behalf Of > Aaron > Sent: Thursday, August 15, 2013 11:49 AM > To: [email protected] > Subject: [c-nsp] why are packets not following the more specific route - xr > 4.1.2 (asr9k) > > I have a blackhole security device injecting routes into my internet > boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are > installed in the per-vrf rib. The next hop for those routes are via a > directly connected interface towards the blackhole.. But for some reason I > continue to see on traceroutes from a computer that's deeper into my > internal network via mpls l3vpn, that this computer's traceroutes flow > right > passed that 9k's more specific routes and follows the default route out to > the internet. Any idea why ? > > > > Aaron > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
