RARE user and assistance email list

[mc36 <>]

resending because xavier seemingly wont answer for a while...


-------- Forwarded Message --------
Subject: Re: Loopback interface
Date: Sun, 21 Aug 2022 18:28:08 +0200
From: mc36 <>
To: Everson Borges <>, Xavier Jeannin 
<>

hi,
so when you ping from poznan then the box picked up the outgoing interface as 
source, which is unlabelled...

POZ0001#ping 10.1.1.1 vrf CORE
pinging 10.1.1.1, src=null, vrf=CORE, cnt=5, len=64, df=false, tim=1000, 
gap=0, ttl=255, tos=0, sgt=0, flow=0, fill=0, alrt=-1, sweep=false, 
multi=false
!!!!!
result=100.0%, recv/sent/lost/err=5/5/0/0, took 115, min/avg/max/dev 
rtt=23/23.0/23/0.0, ttl 255/255/255/0.0, tos 0/0.0/0/0.0

as long as you select the loopback, it's clear that it does not work in this 
way either...

POZ0001#ping 10.1.1.1 vrf CORE source loopback0
pinging 10.1.1.1, src=10.4.4.4, vrf=CORE, cnt=5, len=64, df=false, tim=1000, 
gap=0, ttl=255, tos=0, sgt=0, flow=0, fill=0, alrt=-1, sweep=false, 
multi=false
.....
result=0.0%, recv/sent/lost/err=0/5/5/0, took 5002, min/avg/max/dev 
rtt=10000/0.0/0/0.0, ttl 256/0.0/0/0.0, tos 256/0.0/0/0.0
POZ0001#

after ping flooding, i found that the packets are arriving so then the 
dataplane dropped them...

at that point i started remembering a recent question series so i quickly 
found the culprit:

POZ0001#show startup-config | include tna
hostname POZ0001
alias exec tna-set-profile sticky-param RENATER_PEERING_L2

POZ0001#

xavier, how are the experiments going? do you have any results? and more 
importantly,
have you tried the new dataplane export specifically for your peering use 
case, which,
once configured and exported to the switch, is fully control plane free, that 
is, if
you wish, you can even kill the java process completely and the switch will 
operates
like before... in this case imho your security team cannot find a single 
point... :)

thanks,
cs





On 8/21/22 17:27, Everson Borges wrote:
> Hi  Csaba,
>
> I noticed something strange and I can't find the problem.
> When I ping POZ0001 from AMS0001 through the loopback0 interface it doesn't 
> work, but when I ping AMS0001 from POZ0001 works.
> Do you have any tips?
>
> AMS0001#sh run int l0
> interface loopback0
>    description AMD0001@lo0
>    vrf forwarding CORE
>    ipv4 address 10.1.1.1 255.255.255.255
>    ipv6 address fd00:51e5::a:1:1:1 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
>    template template1
>    router ospf4 1 unsuppress-prefix
>    router ospf6 1 unsuppress-prefix
>    no shutdown
>    exit
> !
>
> POZ0001#sh run int l0
> interface loopback0
>    description POZ0001@lo0
>    vrf forwarding CORE
>    ipv4 address 10.4.4.4 255.255.255.255
>    ipv6 address fd00:51e5::a:4:4:4 ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
>    template template1
>    router ospf4 1 unsuppress-prefix
>    router ospf6 1 unsuppress-prefix
>    no shutdown
>    exit
> !
>
> POZ0001#ping 10.1.1.1 vrf CORE
> pinging 10.1.1.1, src=null, vrf=CORE, cnt=5, len=64, df=false, tim=1000, 
> gap=0, ttl=255, tos=0, sgt=0, flow=0, fill=0, alrt=-1, sweep=false, 
> multi=false
> !!!!!
> result=100.0%, recv/sent/lost/err=5/5/0/0, took 115, min/avg/max/dev 
> rtt=22/22.6/23/0.2, ttl 255/255/255/0.0, tos 0/0.0/0/0.0
>
> AMS0001#ping 10.4.4.4 vrf CORE
> pinging 10.4.4.4, src=null, vrf=CORE, cnt=5, len=64, df=false, tim=1000, 
> gap=0, ttl=255, tos=0, sgt=0, flow=0, fill=0, alrt=-1, sweep=false, 
> multi=false
> .....
> result=0.0%, recv/sent/lost/err=0/5/5/0, took 5001, min/avg/max/dev 
> rtt=10000/0.0/0/0.0, ttl 256/0.0/0/0.0, tos 256/0.0/0/0.0
>
>
>
>
> Best Regards
> Everson