There are a good many ways to deal with this. What you need to do is read up and make sure you understand what the labels are actually pointing to and what that means for the forwarding process, especially on a hardware platform like your endpoint in question.
This isn't one of those tell me how to do it problems, but one of those you need to understand the architecture so you can know what you want to do on your network to fix it. I would love to help more, but you haven't given enough information to offer suggestions on solutions, and honestly, you're probably better off deciding them yourself since you know your network better than anyone here would anyway. -Blake On Thu, Aug 15, 2013 at 2:35 PM, Aaron <[email protected]> wrote: > The next hop of those bh routes is an ip address on the distant end of a > layer 2 segment which is connected to that border asr9k > > > > Aaron > > > > From: Mattias Gyllenvarg [mailto:[email protected]] > Sent: Thursday, August 15, 2013 2:27 PM > To: Aaron > Cc: Aaron; cisco-nsp; LavoJM > Subject: Re: [c-nsp] why are packets not following the more specific route > - > xr 4.1.2 (asr9k) > > > > I'm 100% on this but. > > > > Are they destined for the remote end of the link they might not get > processed. > > But if they are destined for the loopback of LER2 then they should. > > > > On Thu, Aug 15, 2013 at 8:24 PM, Aaron <[email protected]> wrote: > > If ler1 flows everything via 0/0 lsp towards ler2, doesn't ler2 pop all > mpls > tags prior to routing out towards internet via def rt ?..... if so couldn't > a more specific routing decision be made at that point towards blackhole > /32 > routes ? > > > > Aaron > > > > p.s. Why was vanilla ip forwarding more straightforward and easier than > this > ? J > > > > > > From: Aaron [mailto:[email protected]] > Sent: Thursday, August 15, 2013 1:16 PM > To: Aaron > Cc: LavoJM; cisco-nsp > > Subject: Re: [c-nsp] why are packets not following the more specific route > - > xr 4.1.2 (asr9k) > > > > No label to the blackhole? > > If LER1 isn't getting the routes how is it going to build the LSP to the > blackhole? > > > > On Thu, Aug 15, 2013 at 2:05 PM, Aaron <[email protected]> wrote: > > Yes mpls core. > > Traceroute on pc----- LER1---- mpls core-----LER2----- internet > | > Blackhole > > Yes LER1 doesn't not have those /32 blackhole routes.... it does have the > def rt towards internet via LER2. > > Aaron > > > > -----Original Message----- > From: LavoJM [mailto:[email protected]] > Sent: Thursday, August 15, 2013 12:41 PM > To: 'Aaron' > Subject: RE: [c-nsp] why are packets not following the more specific route > - > xr 4.1.2 (asr9k) > > Are you running MPLS in the core, and the first LER does not have a FEC for > the /32, but it does have one for default/other-internet routes? > > > 3 > > > -----Original Message----- > From: cisco-nsp [mailto:[email protected]] On Behalf Of > Aaron > > Sent: Thursday, August 15, 2013 11:57 AM > To: [email protected] > Subject: Re: [c-nsp] why are packets not following the more specific route > - > xr 4.1.2 (asr9k) > > (x.x.x.x is one of the /32 blackhole routes) > > Oh and when I do this on that boundary 9k "traceroute x.x.x.x vrf xyz > source > y.y.y.y" it appears to NOT follow the default route out to the internet and > it seems that it does follow the more specific blackhole route. why would > mpls l3vpn located computers deeper into my internal network NOT follow > this > more specific route as the packets flow across the forwarding plane of this > boundary 9k ?? > > Aaron > > -----Original Message----- > From: cisco-nsp [mailto:[email protected]] On Behalf Of > Aaron > Sent: Thursday, August 15, 2013 11:49 AM > To: [email protected] > Subject: [c-nsp] why are packets not following the more specific route - xr > 4.1.2 (asr9k) > > I have a blackhole security device injecting routes into my internet > boundary asr9k.. I see that the bgp prefixes are rcv'd on my 9k and the are > installed in the per-vrf rib. The next hop for those routes are via a > directly connected interface towards the blackhole.. But for some reason I > continue to see on traceroutes from a computer that's deeper into my > internal network via mpls l3vpn, that this computer's traceroutes flow > right > passed that 9k's more specific routes and follows the default route out to > the internet. Any idea why ? > > > > Aaron > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > > > > > -- > Med Vänliga Hälsningar > Mattias Gyllenvarg > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
