<div dir="ltr">Not that it's a "Fix" but have you tried rebooting the box? If this is a bug in the forwarding plane that might clear/rebuild it. And maybe it works correctly after that.<div><br></div><div>Friend saw something similar on a Juniper MX with DPC cards that had run out of FIB space. It would show correctly in all places, but was failing to install in FIB (Router cut a error about it in the log). So the actual traffic didn't follow the same path. I saw you specifically referenced "forwarding" in one of your copy pastes. And it looked right. But I don't know enough about Cisco to say if that's really what is in FIB. Or just what it thinks is in FIB.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 4, 2023 at 5:47 PM Mike Hammett <<a href="mailto:nanog@ics-il.net">nanog@ics-il.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg-4252437341358486265"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)">Via all mechanisms I could find in the router, it thinks the best path is the direct path, the packets just don't go that way.<div><br></div><div>The in traffic isn't a concern at this time, just the out (from my perspective).<br><br><div><span name="x"></span><br><br>-----<br>Mike Hammett<br>Intelligent Computing Solutions<br><a href="http://www.ics-il.com" target="_blank">http://www.ics-il.com</a><br><br>Midwest-IX<br><a href="http://www.midwest-ix.com" target="_blank">http://www.midwest-ix.com</a><span name="x"></span><br></div><br><hr id="m_-4252437341358486265zwchr"><div style="color:rgb(0,0,0);font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><b>From: </b>"David Bass" <<a href="mailto:davidbass570@gmail.com" target="_blank">davidbass570@gmail.com</a>><br><b>To: </b>"Mike Hammett" <<a href="mailto:nanog@ics-il.net" target="_blank">nanog@ics-il.net</a>><br><b>Cc: </b>"Matthew Huff" <<a href="mailto:mhuff@ox.com" target="_blank">mhuff@ox.com</a>>, "NANOG" <<a href="mailto:nanog@nanog.org" target="_blank">nanog@nanog.org</a>><br><b>Sent: </b>Tuesday, April 4, 2023 11:39:26 AM<br><b>Subject: </b>Re: Cisco Nexus 3k Route Selection\Packet Forwarding Debugging<br><br><div dir="auto">If you are both connected to the same upstream, but the customer wants traffic destined to the upstream to go through you (in and out), then they need to do something on their devices to try and affect the inbound path to their AS. From the upstream carrier in question they’ll take the best path to a prefix, which direct connection is generally going to be preferred over a transit AS (basic BGP best path algorithm stuff) unless there is some manipulation of the prefix advertisement happening. </div><div dir="auto"><br></div><div dir="auto">To confirm the path being taken you should be able to do a few trace routes from various locations as well as use looking glasses. </div><div dir="auto"><br></div><div dir="auto">Now the sflow data is an entirely different thing to analyze. </div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Apr 4, 2023 at 7:45 AM Mike Hammett <<a href="mailto:nanog@ics-il.net" target="_blank">nanog@ics-il.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)"><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:10pt"></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:10pt"><span style="font-size:10pt"><br></span></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:10pt"><div style="font-family:"Times New Roman";font-size:medium"><font face="arial, helvetica, sans-serif"><span style="font-size:10pt">sh ip bgp neighbor advertised-routes shows the only routes being advertised to Y are the routes that should be advertised to them. I checked a variety of other peers and have the expected results.</span></font></div><div><font face="arial, helvetica, sans-serif"><span style="font-size:10pt"><br></span></font></div><div><font face="arial, helvetica, sans-serif"><span style="font-size:10pt"><br></span></font></div></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:10pt"><span style="font-size:10pt"><br></span></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:10pt"><span style="font-size:10pt">From my perspective: </span></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:10pt"><span style="font-size:10pt"><br></span></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:10pt"><span style="font-size:10pt">Packets come in on port A, supposed to leave on port X, but they leave on port Y. All of the troubleshooting steps I've done on my own (or suggested by mailing lists) say the packets should be leaving on the desired port X.</span></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:10pt"><span style="font-size:10pt"><br></span></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:10pt"><span style="font-size:10pt"><br></span></div><div><font face="arial, helvetica, sans-serif"><span style="font-size:10pt">From the customer's perspective, they're supposed to be coming from me on port X, but they're arriving on port Y, another </span><span style="font-size:13.3333px">network</span><span style="font-size:10pt">.</span></font></div><div><font face="arial, helvetica, sans-serif"><span style="font-size:10pt"><br></span></font></div><div><font face="arial, helvetica, sans-serif"><span style="font-size:10pt">Port X in both scenarios is our direct connection, while port Y is a mutual upstream provider.</span></font></div><div><font face="arial, helvetica, sans-serif"><span style="font-size:10pt"><br></span></font></div><div><font face="arial, helvetica, sans-serif"><span style="font-size:10pt"><br></span></font></div><div><font face="arial, helvetica, sans-serif"><span style="font-size:10pt">Without knowing more about the specific platform, it seems to me like a bug in the platform. If all indicators (not just configurations, but show commands as well) say the packet should be leaving on X and it leaves on Y, then I'm not sure what else it could be, besides a bug.</span></font></div><div><br></div><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:10pt"><div><span></span><br><br>-----<br>Mike Hammett<br>Intelligent Computing Solutions<br><a href="http://www.ics-il.com" target="_blank">http://www.ics-il.com</a><br><br>Midwest-IX<br><a href="http://www.midwest-ix.com" target="_blank">http://www.midwest-ix.com</a><span></span><br></div><br><hr id="m_-4252437341358486265m_1646315070463243225zwchr"><div style="color:rgb(0,0,0);font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><b>From: </b>"David Bass" <<a href="mailto:davidbass570@gmail.com" target="_blank">davidbass570@gmail.com</a>><br><b>To: </b>"Mike Hammett" <<a href="mailto:nanog@ics-il.net" target="_blank">nanog@ics-il.net</a>><br><b>Cc: </b>"Matthew Huff" <<a href="mailto:mhuff@ox.com" target="_blank">mhuff@ox.com</a>>, "NANOG" <<a href="mailto:nanog@nanog.org" target="_blank">nanog@nanog.org</a>><br><b>Sent: </b>Monday, April 3, 2023 9:12:52 PM</div></div></div></div><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)"><div style="color:rgb(0,0,0);font-family:arial,helvetica,sans-serif;font-size:10pt"><div style="color:rgb(0,0,0);font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><br><b>Subject: </b>Re: Cisco Nexus 3k Route Selection\Packet Forwarding Debugging<br><br><div dir="auto">You said that they are seeing traffic from another upstream…are you advertising the prefix to them? Are you advertising their prefix to your upstream?</div><div dir="auto"><br></div><div dir="auto">Looks like the route maps are involved in some dual redistribution…might want to make sure everything is matching correctly, and being advertised like you want. </div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Apr 3, 2023 at 4:20 PM Mike Hammett <<a href="mailto:nanog@ics-il.net" target="_blank">nanog@ics-il.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div><div style="font-family:"Times New Roman";font-size:12pt;color:rgb(0,0,0)"><div>I don't see any route-maps applied to interfaces, so there must not be any PBR going on. I only see ACLs, setting communities, setting local pref, etc. in the route maps that are applied to neighbors.</div><div><br></div><div><br><br>-----<br>Mike Hammett<br>Intelligent Computing Solutions<br><a href="http://www.ics-il.com" target="_blank">http://www.ics-il.com</a><br><br>Midwest-IX<br><a href="http://www.midwest-ix.com" target="_blank">http://www.midwest-ix.com</a></div><div><br></div><hr id="m_-4252437341358486265m_1646315070463243225m_7724116877795660385zwchr"><div><b>From: </b>"Mike Hammett" <<a href="mailto:nanog@ics-il.net" target="_blank">nanog@ics-il.net</a>><br><b>To: </b>"Matthew Huff" <<a href="mailto:mhuff@ox.com" target="_blank">mhuff@ox.com</a>><br><b>Cc: </b>"NANOG" <<a href="mailto:nanog@nanog.org" target="_blank">nanog@nanog.org</a>><br><b>Sent: </b>Monday, April 3, 2023 8:26:30 AM</div></div></div><div><div style="font-family:"Times New Roman";font-size:12pt;color:rgb(0,0,0)"><div><br><b>Subject: </b>Re: Cisco Nexus 3k Route Selection\Packet Forwarding Debugging<br></div><div><br></div><div><div style="font-family:arial,helvetica,sans-serif;font-size:10pt;color:rgb(0,0,0)">Only two VRFs, default and manangement. IIRC, everything I saw before mentioned the default VRF.<br><br>I do see a ton of route-maps. It's mostly Greek to me, so I'll have to dig through this a bit to see what's going on.<br><br><div><br><br>-----<br>Mike Hammett<br>Intelligent Computing Solutions<br><a href="http://www.ics-il.com" target="_blank">http://www.ics-il.com</a><br><br>Midwest-IX<br><a href="http://www.midwest-ix.com" target="_blank">http://www.midwest-ix.com</a><br></div><br><hr id="m_-4252437341358486265m_1646315070463243225m_7724116877795660385zwchr"><div style="color:rgb(0,0,0);font-weight:normal;font-style:normal;text-decoration:none;font-family:helvetica,arial,sans-serif;font-size:12pt"><b>From: </b>"Matthew Huff" <<a href="mailto:mhuff@ox.com" target="_blank">mhuff@ox.com</a>><br><b>To: </b>"Mike Hammett" <<a href="mailto:nanog@ics-il.net" target="_blank">nanog@ics-il.net</a>><br><b>Cc: </b>"NANOG" <<a href="mailto:nanog@nanog.org" target="_blank">nanog@nanog.org</a>><br><b>Sent: </b>Monday, April 3, 2023 8:06:51 AM<br><b>Subject: </b>RE: Cisco Nexus 3k Route Selection\Packet Forwarding Debugging<br><br>What about VRFs and/or policy based routing? <br><br>switch-core1# show vrf<br>VRF-Name VRF-ID State Reason <br>default 1 Up -- <br>management 2 Up -- <br><br>switch-core1# show route-map <br>route-map rmap_bgp_to_eigrp_b2b, permit, sequence 10 <br> Match clauses:<br> interface: Ethernet1/33 <br> route-type: internal <br> Set clauses:<br> metric 40000000 10 255 1 1500 <br>route-map rmap_bgp_to_eigrp_b2b, permit, sequence 20 <br> Match clauses:<br> interface: Ethernet1/34 <br> route-type: internal <br> Set clauses:<br> metric 40000000 30 255 1 1500 <br>route-map rmap_static_to_eigrp, permit, sequence 10 <br> Match clauses:<br> ip address prefix-lists: prefix_static_to_eigrp <br> Set clauses:<br>route-map rmap_static_to_eigrp_v6, permit, sequence 10 <br> Match clauses:<br> ipv6 address prefix-lists: prefix_ipv6_static_to_eigrp <br> Set clauses:<br><br><br><br>From: Mike Hammett <<a href="mailto:nanog@ics-il.net" target="_blank">nanog@ics-il.net</a>> <br>Sent: Monday, April 3, 2023 9:00 AM<br>To: Matthew Huff <<a href="mailto:mhuff@ox.com" target="_blank">mhuff@ox.com</a>><br>Cc: NANOG <<a href="mailto:nanog@nanog.org" target="_blank">nanog@nanog.org</a>><br>Subject: Re: Cisco Nexus 3k Route Selection\Packet Forwarding Debugging<br><br>It could be an sFlow bug, but I come at this from a reported problem and gathering data on that problem as opposed to looking at data for problems.<br><br>The snmp if index reported by the Nexus matches the if index in ElastiFlow.<br><br><br><br><br>-----<br>Mike Hammett<br>Intelligent Computing Solutions<br><a href="http://www.ics-il.com" target="_blank">http://www.ics-il.com</a><br><br>Midwest-IX<br><a href="http://www.midwest-ix.com" target="_blank">http://www.midwest-ix.com</a><br><br>________________________________________<br>From: "Matthew Huff" <mailto:<a href="mailto:mhuff@ox.com" target="_blank">mhuff@ox.com</a>><br>To: "Mike Hammett" <mailto:<a href="mailto:nanog@ics-il.net" target="_blank">nanog@ics-il.net</a>><br>Cc: "NANOG" <mailto:<a href="mailto:nanog@nanog.org" target="_blank">nanog@nanog.org</a>><br>Sent: Monday, April 3, 2023 7:50:08 AM<br>Subject: RE: Cisco Nexus 3k Route Selection\Packet Forwarding Debugging<br>SFlow misconfiguration or bug on either the nexus or the sflow monitor? On the monitor, can you verify that the snmp interfaces are mapped to the correct ones on the nexus?<br> <br> <br> <br> <br> <br>From: Mike Hammett <mailto:<a href="mailto:nanog@ics-il.net" target="_blank">nanog@ics-il.net</a>> <br>Sent: Monday, April 3, 2023 8:47 AM<br>To: Matthew Huff <mailto:<a href="mailto:mhuff@ox.com" target="_blank">mhuff@ox.com</a>><br>Cc: NANOG <mailto:<a href="mailto:nanog@nanog.org" target="_blank">nanog@nanog.org</a>><br>Subject: Re: Cisco Nexus 3k Route Selection\Packet Forwarding Debugging<br> <br>It shows the desired result.<br><br><br>-----<br>Mike Hammett<br>Intelligent Computing Solutions<br><a href="http://www.ics-il.com" target="_blank">http://www.ics-il.com</a><br><br>Midwest-IX<br><a href="http://www.midwest-ix.com" target="_blank">http://www.midwest-ix.com</a><br> <br>________________________________________<br>From: "Matthew Huff" <mailto:<a href="mailto:mhuff@ox.com" target="_blank">mhuff@ox.com</a>><br>To: "Mike Hammett" <mailto:<a href="mailto:nanog@ics-il.net" target="_blank">nanog@ics-il.net</a>>, "NANOG" <mailto:<a href="mailto:nanog@nanog.org" target="_blank">nanog@nanog.org</a>><br>Sent: Monday, April 3, 2023 5:38:23 AM<br>Subject: RE: Cisco Nexus 3k Route Selection\Packet Forwarding Debugging<br><br>switch-core1# sh forwarding route x.x.x.x<br><br>slot 1<br>=======<br><br><br>IPv4 routes for table default/base<br><br>------------------+-----------------------------------------+----------------------+-----------------+-----------------<br>Prefix | Next-hop | Interface | Labels | Partial Install <br>------------------+-----------------------------------------+----------------------+-----------------+-----------------<br>x.x.x.x/24 x.x.x.250 Ethernet1/29 <br><br><br>switch-core1# show routing hash x.x.x.x y.y.y.y<br>Load-share parameters used for software forwarding:<br>load-share mode: address source-destination port source-destination<br>Hash for VRF "default"<br>Hashing to path *y.y.y.y Eth1/29<br>For route:<br>y.y.y.0/24, ubest/mbest: 1/0<br> *via z.z.z.z, Eth1/29, [90/3072], 1w2d, eigrp-100, internal<br><br><br><br><br>From: NANOG <mailto:<a href="mailto:nanog-bounces%2Bmhuff" target="_blank">nanog-bounces+mhuff</a>=<a href="mailto:ox.com@nanog.org" target="_blank">ox.com@nanog.org</a>> On Behalf Of Mike Hammett<br>Sent: Monday, April 3, 2023 1:21 AM<br>To: NANOG <mailto:<a href="mailto:nanog@nanog.org" target="_blank">nanog@nanog.org</a>><br>Subject: Cisco Nexus 3k Route Selection\Packet Forwarding Debugging<br><br>We have a Nexus 3064 that is setup with partial BGP tables and is routing based on that. <br><br><br>I've done a show ip bgp for an IP of interest and it has an expected next hop IP. I show ip arp on that next hop IP and it has the expected interface. <br><br><br>However, sFlows show the packets leaving on a different interface, the one that would carry the default route for routes not otherwise known. <br><br><br>If the next hop IP is expected and the ARP of that next hop IP is expected, why are packets leaving out an unexpected interface? <br><br><br>-----<br>Mike Hammett<br>Intelligent Computing Solutions<br><a href="http://www.ics-il.com" target="_blank">http://www.ics-il.com</a><br><br>Midwest-IX<br><a href="http://www.midwest-ix.com" target="_blank">http://www.midwest-ix.com</a><br> <br><br></div></div><br></div></div></div></blockquote></div></div>
</div><br></div></div></div></blockquote></div></div>
</div><br></div></div></div></div></blockquote></div>