Yeah, then its the next hop of the 0/0 thats relevant. How many routes do you have in ibgp then? Sounds like very few...
On Thu, Aug 15, 2013 at 10:25 PM, Aaron <[email protected]> wrote: > Internet routes? I have only one…. Yours truly 0/0 ….I learn one route > via ebgp from my upstream provider… 0/0**** > > ** ** > > I learn 1,000+ other routes via ebgp (multiphop serveral hops away) from > another neighbor….this is the blackhole appliance injecting bgp routes into > my same internet border asr9k….all those bh routes have a next hop of a > private ip subnet that this same asr9k is directly connected to…so those > routes have next hop of the bh interface of the appliance….**** > > ** ** > > Aaron**** > > ** ** > > ** ** > > *From:* Mattias Gyllenvarg [mailto:[email protected]] > *Sent:* Thursday, August 15, 2013 3:02 PM > > *To:* Aaron > *Cc:* Aaron; cisco-nsp; LavoJM > *Subject:* Re: [c-nsp] why are packets not following the more specific > route - xr 4.1.2 (asr9k)**** > > ** ** > > The internet routes are the relevant ones. Do they point too lo0 or remote > end?**** > > ** ** > > Im sure one of the knights of the round table (Gert, Oliver, Adam etc) > could answer about L3 processing at the end point.**** > > ** ** > > On Thu, Aug 15, 2013 at 9:35 PM, Aaron <[email protected]> wrote:**** > > The next hop of those bh routes is an ip address on the distant end of a > layer 2 segment which is connected to that border asr9k**** > > **** > > Aaron**** > > **** > > *From:* Mattias Gyllenvarg [mailto:[email protected]] > *Sent:* Thursday, August 15, 2013 2:27 PM > *To:* Aaron > *Cc:* Aaron; cisco-nsp; LavoJM**** > > > *Subject:* Re: [c-nsp] why are packets not following the more specific > route - xr 4.1.2 (asr9k)**** > > **** > > I'm 100% on this but.**** > > **** > > Are they destined for the remote end of the link they might not get > processed.**** > > But if they are destined for the loopback of LER2 then they should.**** > > **** > > On Thu, Aug 15, 2013 at 8:24 PM, Aaron <[email protected]> wrote:**** > > If ler1 flows everything via 0/0 lsp towards ler2, doesn't ler2 pop all > mpls > tags prior to routing out towards internet via def rt ?..... if so couldn't > a more specific routing decision be made at that point towards blackhole > /32 > routes ? > > > > Aaron > > > > p.s. Why was vanilla ip forwarding more straightforward and easier than > this > ? J > > > > > > From: Aaron [mailto:[email protected]] > Sent: Thursday, August 15, 2013 1:16 PM > To: Aaron > Cc: LavoJM; cisco-nsp**** > > Subject: Re: [c-nsp] why are packets not following the more specific route > - > xr 4.1.2 (asr9k) > > > > No label to the blackhole? > > If LER1 isn't getting the routes how is it going to build the LSP to the > blackhole? > > > > On Thu, Aug 15, 2013 at 2:05 PM, Aaron <[email protected]> wrote: > > Yes mpls core. > > Traceroute on pc----- LER1---- mpls core-----LER2----- internet > | > Blackhole > > Yes LER1 doesn't not have those /32 blackhole routes.... it does have the > def rt towards internet via LER2. > > Aaron > > > > -----Original Message----- > From: LavoJM [mailto:[email protected]] > Sent: Thursday, August 15, 2013 12:41 PM > To: 'Aaron' > Subject: RE: [c-nsp] why are packets not following the more specific route > - > xr 4.1.2 (asr9k) > > Are you running MPLS in the core, and the first LER does not have a FEC for > the /32, but it does have one for default/other-internet routes? > > > 3 > > > -----Original Message----- > From: cisco-nsp [mailto:[email protected]] On Behalf Of > Aaron > > Sent: Thursday, August 15, 2013 11:57 AM > To: [email protected] > Subject: Re: [c-nsp] why are packets not following the more specific route > - > xr 4.1.2 (asr9k) > > (x.x.x.x is one of the /32 blackhole routes) > > Oh and when I do this on that boundary 9k "traceroute x.x.x.x vrf xyz > source > y.y.y.y" it appears to NOT follow the default route out to the internet and > it seems that it does follow the more specific blackhole route. why would > mpls l3vpn located computers deeper into my internal network NOT follow > this > more specific route as the packets flow across the forwarding plane of this > boundary 9k ?? > > Aaron > > -----Original Message----- > From: cisco-nsp [mailto:[email protected]] On Behalf Of > Aaron > Sent: Thursday, August 15, 2013 11:49 AM > To: [email protected] > Subject: [c-nsp] why are packets not following the more specific route - xr > 4.1.2 (asr9k) > > I have a blackhole security device injecting routes into my internet > boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are > installed in the per-vrf rib. The next hop for those routes are via a > directly connected interface towards the blackhole.. But for some reason I > continue to see on traceroutes from a computer that's deeper into my > internal network via mpls l3vpn, that this computer's traceroutes flow > right > passed that 9k's more specific routes and follows the default route out to > the internet. Any idea why ? > > > > Aaron > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/**** > > > > **** > > **** > > -- > *Med Vänliga Hälsningar* > *Mattias Gyllenvarg***** > > > > **** > > ** ** > > -- > *Med Vänliga Hälsningar* > *Mattias Gyllenvarg***** > -- *Med Vänliga Hälsningar* *Mattias Gyllenvarg* _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
