[146132] in North American Network Operators' Group
Re: Route server: Route-server.ip.att.net
daemon@ATHENA.MIT.EDU (Mark Kamichoff)
Fri Nov 4 17:00:36 2011
Date: Fri, 4 Nov 2011 16:59:22 -0400
From: Mark Kamichoff <prox@prolixium.com>
To: Michael Sabino <michael.rocco.sabino@gmail.com>
In-Reply-To: <CAH85JoEwqAqWktqu=UXygNhugSPDz51ttyuT=cZbJKsXhaBVVg@mail.gmail.com>
X-SA-Exim-Mail-From: prox@prolixium.com
Cc: jayb@att.com, nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--ikeVEW9yuYc//A+q
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Fri, Nov 04, 2011 at 03:39:43PM -0500, Michael Sabino wrote:
> Could you give me the relevant configs explaining why when I
> traceroute to 12.83.43.9 on route-server.ip.att.net, the first hop is
> " j6300.cbbtier3.att.net (12.0.1.202)". However, when I type "show ip
> route 12.83.43.9", the RIB shows, "* 12.122.83.91, from 12.122.83.91,
> 7w0d ago".
A couple things here:
12.122.83.91 is the BGP next-hop in the RIB. It needs to be resolved.
In this case it's being resolved via a /13 static route:
route-server>sho ip route 12.122.83.91
Routing entry for 12.120.0.0/13
Known via "static", distance 1, metric 0
Redistributing via bgp 65000
Advertised by bgp 65000
Routing Descriptor Blocks:
* 12.0.1.1, via GigabitEthernet0/1
Route metric is 0, traffic share count is 1
In real life it'd probably be resolved via an IGP such as OSPF or IS-IS,
but this is a route server, not a transit router.
So, the real next-hop is 12.0.1.1. You can also verify this with the
following, since it's a Cisco box:
route-server>show ip cef 12.83.43.9 =20
12.0.0.0/9
nexthop 12.0.1.1 GigabitEthernet0/1
However, you don't see 12.0.1.1 in the traceroute because it looks to be
the VRRP address of the Juniper J6300 upstream router (just judging by
the hostname):
route-server>sho arp 12.0.1.1
Protocol Address Age (min) Hardware Addr Type Interface
Internet 12.0.1.1 81 0000.5e00.0101 ARPA
GigabitEthernet0/1
The MAC address is a giveaway that it's VRRP, since 00-00-5E-00-01 is
reserved by IANA for VRRP (IPv4 only):
http://tools.ietf.org/html/rfc5798#section-7.3
The Juniper router will send back ICMP TTL-exceeded messages from the
real IP on its interface, which appears to be 12.0.1.202.
Hope this helps.
- Mark
--=20
Mark Kamichoff
prox@prolixium.com
http://www.prolixium.com/
--ikeVEW9yuYc//A+q
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk60UioACgkQ0TYC9KtF8BNESgCePTQxm0CRE+yELf48sN5Dxoyn
qVYAmwVz1H0BdsJp0mYfigKUhFya88yg
=2j4N
-----END PGP SIGNATURE-----
--ikeVEW9yuYc//A+q--
