cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5339
Views
5
Helpful
7
Replies

not a gateway in "show ip traffic" output

csiracusa
Level 1
Level 1

"show ip traffic" output command shown an increment of "not a gateway" counter.

do you know why?!

what does it mean?!

Thanks!!!!

3560na-TEST#sh ip tra

IP statistics:

Rcvd: 13585264 total, 794744 local destination

0 format errors, 0 checksum errors, 23 bad hop count

0 unknown protocol, 2701628 not a gateway

0 security failures, 0 bad options, 2 with options

Opts: 2 end, 0 nop, 0 basic security, 0 loose source route

0 timestamp, 0 extended security, 2 record route

0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump

0 other

7 Replies 7

mihanlin
Level 1
Level 1

The "not a gateway" counter is incremented in the following ways:

1 - IP routing is disabled, and we received a packet destined for a unicast IP address which is not one of our addresses.

2 - IP routing is enabled, and we don't have a route for this packet (so we'll drop it).

If the packet has a martian destination, we increment the "not a gateway" counter. If the packet is for a non-martian destination, we increment the "no route" counter.

Hope this helps.

Mike

Cisco TAC (LAN Switching) - Australia

Mike,

I apologize for bringing this issue back, considering how old it is, but i hope that i can get some further clarification:

1. If IP routing is enabled and there is a 0.0.0.0 route, how is it possible that router will drop traffic going to an unknown destination? I actually have this happening on one of our 65K's with routing turned on and 0.0.0.0 learned from EIGRP while 'show ip traffic' command reports increments of "not a gateway" counter?

2. How does the router know to recognize martian destination and to discard it? I was under an impression that you need an ACL for this?

Any input will be greatly appreciated.

Thank you for your time.

Misha

Hi Miodrag,

I am not sure about the counters you are talking about but if you run "show mls statistics" and look under Errors section of the respective module and find out if there are any no route drops. This is a cumulative counter and I believe you need to do a clear mls statistics and check again if it is increasing.

Thanks,

Madhu

Hi Madhu,

I just tried to look under errors section of a show mls statistics output and i do  not see 'no route' in output?

Am i missing something, all output i get is below?

Errors

  MAC/IP length inconsistencies         : 2

  Short IP packets received             : 0

  IP header checksum errors             : 30

  TTL failures                          : 3252

  MTU failures                          : 0

Thank you for your response.

Misha

Hi Misha,

Not sure what version you are using may be this was added later as I could see only that counter is missing! My output is as below

PE5_pe01_grr#sh mls statistics module 5

Statistics for Earl in Module 5

L2 Forwarding Engine

  Total packets Switched                : 539807955

L3 Forwarding Engine

  Total packets Processed               : 291700871 @ 1899 pps

  Total packets L3 Switched             : 31 @ 0 pps

  Total Packets Bridged                 : 131155806

  Total Packets FIB Switched            : 31

  Total Packets ACL Routed              : 0

  Total Packets Netflow Switched        : 0

  Total Mcast Packets Switched/Routed   : 3112425

  Total ip packets with TOS changed     : 2

  Total ip packets with COS changed     : 4320

  Total non ip packets COS changed      : 286573

  Total packets dropped by ACL          : 0

  Total packets dropped by Policing     : 0

  Total packets exceeding CIR           : 0

  Total packets exceeding PIR           : 0

Errors

  MAC/IP length inconsistencies         : 0

  Short IP packets received             : 0

  IP header checksum errors             : 0

  No-route packet drops                 : 0

  TTL failures                          : 0

  MTU failures                          : 0

But still your originial quetion is still open. If there is not specifc route to a destination then we use the default route and route it. But you said you are still seeing the not a gateway drops...in that case if we can know what sort of packets are dropped and what are their IP addresses we can check if it falls in martian prefix range.

Thanks,

Madhu

Hi Madhu,

That makes sense, I am running on 12.2(33)SXI2a, I bet you are on 15.x

As far as the original question, I think that you have a good point that destination of 'not a gateway' dropped packets might be in martian range as Mike has indicated and that routing process somehow knows to discard packets alike, that would be my guess.

I will try to do some debugging and post what i find. Somewhere i have read that 'not a gateway' drops could possibly indicate a malware and I would like to trace it back.

Thanks for your help, it is time to upgrade to a newer code

Misha

Hi Misha,

Sure no worries. Post what you find!

Yes I am on 15.x code.

If it is not production may be “debug ip routing” might help to check what is going on.

Thanks,

Madhu

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco