Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
0
Helpful
2
Replies

RTBH telemetry

ehaparna
Level 1
Level 1

‎08-08-2023 02:22 AM - edited ‎08-13-2023 01:09 AM

RTBH usecase advocates collecting telemetry on dropped sessions by cause. 

 Rfc5635#section-3.2  refers to this practice as collecting telemetry 

 Cisco blackhole Whitepaper @page=25  referees to this practice as "Regionalized" RTBH

 

The above references advocate using multiple blackhole addresses. 

ip route 192.0.2.1 255.255.255.255 null 0

ip route 192.0.2.2 255.255.255.255 null 0

etc.

 

And setting in the blocking device for each trigger community a different next hop

e.g. 

match tag 66
set ip next-hop 192.0.2.1
set local-preference 200

--

match tag 67
set ip next-hop 192.0.2.2

etc.
set local-preference 200

 

The counting on the null0 interface seems to be a single counter. 

So what is the recommended way to collect telemetry for each cause? 

Please advise. 

 

Labels:
0 Helpful
2 Replies 2

fcuiller
Cisco Employee
Cisco Employee

‎08-08-2023 08:35 AM

Hi

On IOS XR based systems, null0 drops are reported in 'show cef drops' command:

RP/0/RP0/CPU0:8201-32FH#sh cef drops
Tue Aug  8 15:27:42.851 UTC
CEF Drop Statistics
Node: 0/RP0/CPU0
  Unresolved drops     packets :               0
  Unsupported drops    packets :               0
  Null0 drops          packets :               1337 <<<<<<<
  No route drops       packets :             192
  No Adjacency drops   packets :               0
  Checksum error drops packets :               0
  RPF drops            packets :               0
  RPF suppressed drops packets :               0
  RP destined drops    packets :               0
  Discard drops        packets :               0
  GRE lookup drops     packets :               0
  GRE processing drops packets :               0
  LISP punt drops      packets :               0
  LISP encap err drops packets :               0
  LISP decap err drops packets :               0

 These counters can be retrieved through Modern Driven Telemetry through following YANG models: Cisco-IOS-XR-fib-common-oper

Fred

0 Helpful

ehaparna
Level 1
Level 1
In response to fcuiller

‎08-09-2023 11:38 PM - edited ‎08-09-2023 11:39 PM

Thank you,

I the question is more geared toward how to count per cause. There are different recursive paths resolved into null0. There is some expectation to be able to count per cause - i.e.

Path resolved through 192.0.2.1 counted seperatarly 

and count resolved through 192.0.2.2 etc. 

So I wonder how this can be done. 

I see in SEF that it doesn't flatten the FIB - and the fact that a route is recursively resolved is shown in the FIB. So I wonder if that could be resolved by multiple instances of null0 or what is an alternative approach that addresses counting per cause - i.e. per traffic resolved through each of the BH addresses.  

0 Helpful
Customers Also Viewed These Support Documents