Re: 1)Accelar mirroring 2)JFWD

To: Brett Wilson <bwilson@tislabs.com>
Subject: Re: 1)Accelar mirroring 2)JFWD
From: Rob Duncan <roduncan@nortelnetworks.com>
Date: 07 Sep 2000 11:45:35 -0700
Cc: Rob Jaeger <rfj@cs.umd.edu>, "Wang, Phil " <pywang@americasm01.nt.com>, Open Networks <open_networks@openetlab.org>
Content-Type: text/plain; charset=US-ASCII
In-Reply-To: Brett Wilson's message of "Thu, 07 Sep 2000 12:03:05 -0400 (EDT)"
References: <XFMail.20000907120305.bwilson@tislabs.com>
Sender: owner-open_networks@openetlab.org

Comment below.

R.

Brett Wilson <bwilson@tislabs.com> writes:

> Okay. I did a little more verification using the following and removing
> any retransmitting by computer X to stop those annoying packet storms.
> 
> 
>             ------------------------------------
>            |              Router                |
>            | 1          2          3          4 |
>             ------------------------------------
>              |          |          |          |
>             ---        ---        ---        ---      
>            | A |      | B |      | C |      | X |
>             ---        ---        ---        ---
> 
> Mirror Port: 4
> 
> Filter is set to match:
>         Src: 0/0
>         Dst: A/32
>         Mir: Yes
>         Act: Deny
> 
> Filter is added to Port 2
> 
> 
> From B (port 2):
>         ping A
>         no response
>         but packets are seen reflected at port 4
> 
> From C (port 3):
>         ping A
>         get a response
>         and packet are still seen reflected at port 4
> 
> From X (port 4):
>         ping A
>         get a response
>         and echo request packet is seen reflected back out port 4
> 
> 
> Basically, what I see is the filter matching and denying ICMP to A
> just on port 2 like I set it up to do.  And the mirror only mirrors
> packets that match the particular IP header requirements.
> 
> But, it also mirrors ICMP packet not going through port 2.  The reason
> I mentioned the ethernet headers before is that I found it odd that
> they mirrored packets had the ethernet header information for the ethernet
> cards of Port1 and ComputerA which means that either it is mirroring things
> it saw on port 1 (the outgoing route of packets matching this filter) or
> it mirrored them after it had finished its routing decision and changed
> the hardware addresess.

According to the Accelar system software release notes for version 2.0
(p22), a `known software limitation or difference' is: "Source and
destination filters other than drop or forward (for example, mirror,
change priority, or modify Diffserv value) are applied to all matching
traffic ingressing any routed port, even if the port is not configured
for filtering."

I think this `difference' is still current.  My own experience is that
the Accelar descriptions of what the behaviour is supposed to be
leaves a lot to be desired.  Just because they say it's there, doesn't
make it so...  In particular, this is a severe `limitation' on the
usefulness of the mirror technique.

> Obviously this is not a key router issue as only silly people
> like me would be mirroring packet to then make decision with
> them on an external box but it was a test to see how well it
> worked as Dan was concerned as to how much in CPU filtering
> the router could do as its primary focus is on hardware routing.
> I just thought I would mention it.

R.

References:
- Re: 1)Accelar mirroring 2)JFWD
  - From: Brett Wilson <bwilson@tislabs.com>

Prev by Date: Re: 1)Accelar mirroring 2)JFWD
Next by Date: Re: 1)Accelar mirroring 2)JFWD
Prev by thread: Re: 1)Accelar mirroring 2)JFWD
Next by thread: Re: 1)Accelar mirroring 2)JFWD
Index(es):
- Date
- Thread

Home | Date Index | Thread Index