It can't and it won't. This is a nice gotcha for MPLS, we where pulling our hair for a while until we got it in our heads that MPLS packets are not processed at every L3-hop.
On Thu, Aug 15, 2013 at 8:16 PM, Aaron <[email protected]> wrote: > No label to the blackhole? > If LER1 isn't getting the routes how is it going to build the LSP to the > blackhole? > > > On Thu, Aug 15, 2013 at 2:05 PM, Aaron <[email protected]> wrote: > > > Yes mpls core. > > > > Traceroute on pc----- LER1---- mpls core-----LER2----- internet > > | > > Blackhole > > > > Yes LER1 doesn't not have those /32 blackhole routes.... it does have the > > def rt towards internet via LER2. > > > > Aaron > > > > > > -----Original Message----- > > From: LavoJM [mailto:[email protected]] > > Sent: Thursday, August 15, 2013 12:41 PM > > To: 'Aaron' > > Subject: RE: [c-nsp] why are packets not following the more specific > route > > - > > xr 4.1.2 (asr9k) > > > > Are you running MPLS in the core, and the first LER does not have a FEC > for > > the /32, but it does have one for default/other-internet routes? > > > > 3 > > > > > > -----Original Message----- > > From: cisco-nsp [mailto:[email protected]] On Behalf Of > > Aaron > > Sent: Thursday, August 15, 2013 11:57 AM > > To: [email protected] > > Subject: Re: [c-nsp] why are packets not following the more specific > route > > - > > xr 4.1.2 (asr9k) > > > > (x.x.x.x is one of the /32 blackhole routes) > > > > Oh and when I do this on that boundary 9k "traceroute x.x.x.x vrf xyz > > source > > y.y.y.y" it appears to NOT follow the default route out to the internet > and > > it seems that it does follow the more specific blackhole route. why > would > > mpls l3vpn located computers deeper into my internal network NOT follow > > this > > more specific route as the packets flow across the forwarding plane of > this > > boundary 9k ?? > > > > Aaron > > > > -----Original Message----- > > From: cisco-nsp [mailto:[email protected]] On Behalf Of > > Aaron > > Sent: Thursday, August 15, 2013 11:49 AM > > To: [email protected] > > Subject: [c-nsp] why are packets not following the more specific route - > xr > > 4.1.2 (asr9k) > > > > I have a blackhole security device injecting routes into my internet > > boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the > are > > installed in the per-vrf rib. The next hop for those routes are via a > > directly connected interface towards the blackhole.. But for some reason > I > > continue to see on traceroutes from a computer that's deeper into my > > internal network via mpls l3vpn, that this computer's traceroutes flow > > right > > passed that 9k's more specific routes and follows the default route out > to > > the internet. Any idea why ? > > > > > > > > Aaron > > > > _______________________________________________ > > cisco-nsp mailing list [email protected] > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > _______________________________________________ > > cisco-nsp mailing list [email protected] > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > _______________________________________________ > > cisco-nsp mailing list [email protected] > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > -- *Med Vänliga Hälsningar* *Mattias Gyllenvarg* _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
