Hi
Thought I just share this one:
Here the other day I came across one of those situations where common sense doesn't help. After setting up some GRE tunnels, one tunnel came up normal, but no traffic went across. I had configured a outbound traffic filter to stop spoofed packets. Only source address 10.47.4.0/24 where allowed out. The same type of filters where on other routers with GRE tunnels too.
After scratching the back of my head for some time, I tried to disable the anti-spoof filter. Voila, it the tunnel worked. When I enabled it again, the traffic stopped.
OK, so I had found the problem. Now it was time to find out what the heck was going on. i enabled the filter again, and added logging. Tried to ping through the tunnel and looked at the log. Nothing.
I thought it might be a strange multicast or broadcast that had to get out, so I tried only to stop source addresses in the range 0.0.0.0-10.46.255.255. Bang, the tunnel worked.
Ok, now it's just to cut the remaing range into halfs, until I could pin down which source address to let out.
To my amazement, the source address to let through the filter was 192.0.4.5!!!!
This address doesn't exist at all in my network. No routing to it. Nothing. Guess maybe I should send a bug report to Nortel, but I don't have the time to set it up in a lab enviroment. The software on the router with the problem was 14.20/7. The routers with 14.20/2 did not have this problem.
I don't know if this is still a problem with 15.3 software.
Anyway, maybe the strangest problem I've seen on nortel routers so far. Maybe the router is possesed?
It's vacation time....
-katamann
Thought I just share this one:
Here the other day I came across one of those situations where common sense doesn't help. After setting up some GRE tunnels, one tunnel came up normal, but no traffic went across. I had configured a outbound traffic filter to stop spoofed packets. Only source address 10.47.4.0/24 where allowed out. The same type of filters where on other routers with GRE tunnels too.
After scratching the back of my head for some time, I tried to disable the anti-spoof filter. Voila, it the tunnel worked. When I enabled it again, the traffic stopped.
OK, so I had found the problem. Now it was time to find out what the heck was going on. i enabled the filter again, and added logging. Tried to ping through the tunnel and looked at the log. Nothing.
I thought it might be a strange multicast or broadcast that had to get out, so I tried only to stop source addresses in the range 0.0.0.0-10.46.255.255. Bang, the tunnel worked.
Ok, now it's just to cut the remaing range into halfs, until I could pin down which source address to let out.
To my amazement, the source address to let through the filter was 192.0.4.5!!!!
This address doesn't exist at all in my network. No routing to it. Nothing. Guess maybe I should send a bug report to Nortel, but I don't have the time to set it up in a lab enviroment. The software on the router with the problem was 14.20/7. The routers with 14.20/2 did not have this problem.
I don't know if this is still a problem with 15.3 software.
Anyway, maybe the strangest problem I've seen on nortel routers so far. Maybe the router is possesed?
It's vacation time....
-katamann
