About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: Please don't use 11.1-MFIB with DVMRP-mode tunnels

  • To: David Meyer < >
    Hugh LaMaster < >
  • From: Hugh LaMaster < >
  • Date: Wed, 1 Apr 1998 09:47:50 -0800 (PST)
Guilty as charged.  Mea culpa, mea culpa.  How embarrassing.  
I caught this flu by copying configs without looking too closely.  
What is worse, I think I passed it on to others.  Strangely 
enough, though, it doesn't seem to cause any problems with some 
IOS versions, giving one a false sense of security that the config 
is correct, while other versions of IOS break.  Given the problem
description, I'm surprised it ever works.

--
 Hugh LaMaster, M/S 233-21,    ASCII Email: hlamaster@localhost
 NASA Ames Research Center     Or:          lamaster@localhost
 Moffett Field, CA 94035-1000  No Junkmail: USC 18 section 2701
 Phone: 650/604-1056           Disclaimer:  Unofficial, personal *opinion*.


On Tue, 31 Mar 1998, David Meyer wrote:

> 
> 	Bill,
> 	
> >>  Please don't use the 11.1-MFIB branch with DVMRP-mode tunnels.
> >> There is a bug (which Cisco knows about and is working on) which
> >> can cause DVMRP-mode tunnels to black hole all traffic flowing
> >> through them.
> 
> 	The basic problem is that when a downstream neighbor poisoned 
> 	the cisco, the tunnel didn't get put into the OLIST for the 
> 	(for that (S,G)). On inspection, it turns out that this
> 	occurs only when ip dvmrp unicast-routing is configured on
> 	a dvmrp tunnel. Turning off 'dvmrp unicast-routing' on the
> 	tunnel solves this problem. We'll harden this up (i.e.,
> 	check for 'ip dvmrp unicast-routing' on a dvmrp tunnel)
> 	so that this doesn't occur again.

This error check would be greatly appreciated.  This would be
a static check when the config is changed, and should be easy.

A dynamic check would also be appreciated, but may be more 
difficult: when a tunnel is in DVMRP mode to an mrouted 
neighbor, and then, the neighbor brings the mrouted box down and 
puts a Cisco in its place, the tunnel can come back up.  It will
exchange routes.  "mrinfo" shows the tunnel up.  But, it doesn't
forward traffic.  Is it possible to dynamically detect this error 
condition and shut down the tunnel?  Strangely enough, this sort
of swapping happens pretty often, and people often don't realize
the significance.  Unfortunately, it is a problem which a change
on someone else's router can cause a problem locally.  If it just 
forced the tunnel down, it would be much better than the tunnel 
appearing up, exchanging routes, and then blackholing traffic.
  • Post To The List:
<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | Copyright Statement
RIPE.NET Homepage LIR Portal RIPE Community