Print | Rate this content

HP Switch 7750 - Does not drop traffic when a null route is configured

3Com Knowledgebase Article

Title:

HP Switch 7750 - does not drop traffic when a null route is configured

SoftwareFirmware Version:

All current software for all types of fabric

Product:

0231A43G - S7500 Fabric 768G

0235A13T - S7506 Chassis w/2 AC PSU & Fan

0235A13X - S7506R Chassis + 2 AC PS

0235A13Y - S7506R Chassis + 2 DC PS

0235A14B - S7502 Chassis

0235A14T - S7503 Chassis

0231A43H - S7500 96Gbps Salience III SRPU

0231A43F - S7500 Fabric 384G 4 SFP

3C16894 - Switch 7754 4-slot Chassis Kit w/out Fabric

3C16895 - Switch 7757 7-slot Chassis Kit w/out Fabric

3C16896 - Switch 7758 8-slot Redundant AC Chassis Kit

3C16886 - Switch 7750 96Gig Switch Fabric for all Chassis

3CR1686593-V3.3 - Switch 7750 Advanced Feature Software Version 3.3 for 96Gbps Switch Fabric

3CR16870093-301 - Switch 7700 Advanced Feature Software Version 301.51 for 32/64Gbps Switch Fabrics

Fix:

Instead of having a static route for 20.1.1.100/32, it is suggested to have the following static arp entry configured:

#

arp static 20.1.1.100 0011-2222-3333 20 g 2/0/1

#

Once this line is configured, the return traffic to 20.1.1.100 will be delivered to G2/0/1 with MAC address of 0011-2222-3333, which the PC will not respond to.

Symptom:

SW7750 - does not drop traffic when null route is configured.

The following configuration is on the SW7750:

#

interface Vlan-interface20

description user

ip address 20.1.1.1 255.255.255.0

#

interface NULL0

#

ip route-static 20.1.1.100 255.255.255.255 NULL 0 preference 60

#

The purpose of the Null 0 ip route configuration is to prevent the PC with IP address 20.1.1.100 to communicate with any devices outside of the subnet. However when the static route is applied to the SW7750, it is seen that the 20.1.1.100/32 was still able to communicate with devices outside of local subnet.

Fact:

When dealing with the local subnet the SW7750 does not use the routing table for routing, instead the arp table, which has the port information and MAC address information for 20.1.1.100/32 - the routing table is not indeed used for local subnet.

In this case, since the arp table has the 20.1.1.100 entry already, the routing table is bypassed - traffic is delivered to 20.1.1.100/32 directly from arp table lookup.

Provide feedback

Please rate the information on this page to help us improve our content. Thank you!