Routing

last person joined: 17 hours ago 

Ask questions and share experiences about ACX Series, CTP Series, MX Series, PTX Series, SSR Series, JRR Series, and all things routing, including portfolios and protocols.
Back to discussions
Expand all | Collapse all

Policy based routing problem on MX router

  • 1.  Policy based routing problem on MX router

    Posted 11-23-2015 00:02

     

     

    We have an MX80 router which has connection on ae0 to our isp

     

    root@mx80-core# show interfaces ae0
    aggregated-ether-options {
     minimum-links 1;
     lacp {
     active;
     periodic fast;
     }
    }
    unit 0 {
     family inet {
     filter {
     input FWDirect;
     }
     address 10.32.35.14/30;
     }
    }
    

[edit]
root@mx80-core# show firewall
filter FWDirect {
    term UDPFW {
        from {
            destination-address {
                185.9.159.86/32;
            }
            protocol udp;
        }
        then {
            log;
            routing-instance UDP-Routes;
        }
    }
    term TCPFW {
        from {
            destination-address {
                185.9.159.86/32;
            }
        }
        then {
            count TCPFWTR;
            log;
            routing-instance TCP-Routes;
        }
    }
    term Default {
        then accept;
    }
}

[edit]
root@mx80-core# show routing-instances
Normal-Routes {
    instance-type virtual-router;
}
TCP-Routes {
    instance-type forwarding;
    routing-options {
        static {
            route 0.0.0.0/0 next-hop 37.123.100.122;
        }
    }
}
UDP-Routes {
    instance-type forwarding;
    routing-options {
        static {
            route 0.0.0.0/0 next-hop 37.123.100.98;
        }
    }
}

[edit]
root@mx80-core# show protocols ospf
rib-group SPD-Route;
area 0.0.0.0 {
    interface all;
    interface ae0.0 {
        disable;
    }
}

[edit]

root@mx80-core# show routing-options rib-groups
SPD-Route {
    import-rib [ inet.0 UDP-Routes.inet.0 TCP-Routes.inet.0 ];
}

[edit]
root@mx80-core#

     

    The router has connection to routing instance ip addresses and logging the connections :

    root@mx80-core# run ping 37.123.100.122
PING 37.123.100.122 (37.123.100.122): 56 data bytes
64 bytes from 37.123.100.122: icmp_seq=0 ttl=64 time=1.194 ms
64 bytes from 37.123.100.122: icmp_seq=1 ttl=64 time=0.956 ms
^C
--- 37.123.100.122 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.956/1.075/1.194/0.119 ms

[edit]
root@mx80-core# run ping 37.123.100.98
PING 37.123.100.98 (37.123.100.98): 56 data bytes
64 bytes from 37.123.100.98: icmp_seq=0 ttl=64 time=0.490 ms
64 bytes from 37.123.100.98: icmp_seq=1 ttl=64 time=8.739 ms
64 bytes from 37.123.100.98: icmp_seq=2 ttl=64 time=0.422 ms
^C
--- 37.123.100.98 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.422/3.217/8.739/3.905 ms

[edit]
root@mx80-core# run show firewall log
Log :
Time      Filter    Action Interface     Protocol        Src Addr                         Dest Addr
08:44:20  pfe       A      ae0.0         ICMP            212.174.232.182                  185.9.159.86
08:44:19  pfe       A      ae0.0         ICMP            212.174.232.182                  185.9.159.86
08:44:18  pfe       A      ae0.0         ICMP            212.174.232.182                  185.9.159.86
08:44:17  pfe       A      ae0.0         ICMP            212.174.232.182                  185.9.159.86
08:44:16  pfe       A      ae0.0         ICMP            212.174.232.182                  185.9.159.86
08:44:15  pfe       A      ae0.0         ICMP            212.174.232.182                  185.9.159.86
08:44:14  pfe       A      ae0.0         ICMP            212.174.232.182                  185.9.159.86
08:44:13  pfe       A      ae0.0         ICMP            212.174.232.182                  185.9.159.86
08:44:12  pfe       A      ae0.0         ICMP            212.174.232.182                  185.9.159.86
08:44:11  pfe       A      ae0.0         ICMP            212.174.232.182                  185.9.159.86
08:44:10  pfe       A      ae0.0         ICMP            212.174.232.182                  185.9.159.86
08:44:09  pfe       A      ae0.0         ICMP            212.174.232.182                  185.9.159.86

     

    but we can not access from outside the network :

     

    Request timeout for icmp_seq 14714
36 bytes from 10.32.35.14: Destination Net Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 938d   0 0000  38  01 d3ad 192.168.2.102  185.9.159.86

Request timeout for icmp_seq 14715
36 bytes from 10.32.35.14: Destination Net Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 28e7   0 0000  38  01 3e54 192.168.2.102  185.9.159.86

Request timeout for icmp_seq 14716
36 bytes from 10.32.35.14: Destination Net Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 ffb1   0 0000  38  01 6789 192.168.2.102  185.9.159.86

Request timeout for icmp_seq 14717
36 bytes from 10.32.35.14: Destination Net Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 99ee   0 0000  38  01 cd4c 192.168.2.102  185.9.159.86

Request timeout for icmp_seq 14718
36 bytes from 10.32.35.14: Destination Net Unreachable
Vr HL TOS  Len   ID Flg  off TTL Pro  cks      Src      Dst
 4  5  00 5400 a9d1   0 0000  38  01 bd69 192.168.2.102  185.9.159.86

     

    how can i over come this issue ?



  • 2.  RE: Policy based routing problem on MX router

    Posted 11-23-2015 05:45

    Hello,

     

    The following should help:

     

    set routing-options interface-routes rib-group SPD-Route

    if it does not then please post the printouts:

     

    show route table TCP-Routes | no-more
show route table UDP-Routes | no-more
show firewall filter FWDirect | no-more

    HTH

    Thx

    Alex



  • 3.  RE: Policy based routing problem on MX router

    Posted 11-23-2015 06:11

    Not worked

     

    root@mx80-core> show firewall filter FWDirect | no-more

Filter: FWDirect
Counters:
Name                                                Bytes              Packets
TCPFWTR                                        1334439267             30794375

    other route outputs are tooo much i could not copied them , now 185.9.157.15 now routed you should check with this ip's trace



  • 4.  RE: Policy based routing problem on MX router

    Posted 11-23-2015 06:23

    Hello,

     

    Then please post the printouts:

     

     

    show route 185.9.157.15 extensive | no-more
    show route 185.9.159.86 extensive | no-more

     

    HTH

    Thx

    Alex

     



  • 5.  RE: Policy based routing problem on MX router

    Posted 11-23-2015 06:39 
    root@mx80-core> show route 185.9.157.15 extensive | no-more

inet.0: 677 destinations, 680 routes (677 active, 0 holddown, 0 hidden)
185.9.157.0/27 (1 entry, 0 announced)
        *Direct Preference: 0
                Next hop type: Interface
                Address: 0x2b8a78c
                Next-hop reference count: 3
                Next hop: via irb.100, selected
                State: <Active Int>
                Local AS: 57844
                Age: 4d 0:57:01
                Validation State: unverified
                Task: IF
                AS path: I
                Secondary Tables: UDP-Routes.inet.0 TCP-Routes.inet.0

TCP-Routes.inet.0: 383 destinations, 383 routes (383 active, 0 holddown, 0 hidden)

185.9.157.0/27 (1 entry, 1 announced)
TSI:
KRT in-kernel 185.9.157.0/27 -> {Table}
        *Direct Preference: 0
                Next hop type: Interface
                Address: 0x2b8a78c
                Next-hop reference count: 3
                Next hop: via irb.100, selected
                State: <Secondary Active Int>
                Local AS: 57844
                Age: 32:11
                Validation State: unverified
                Task: IF
                Announcement bits (1): 1-KRT
                AS path: I
                Primary Routing Table inet.0

UDP-Routes.inet.0: 383 destinations, 383 routes (383 active, 0 holddown, 0 hidden)

185.9.157.0/27 (1 entry, 1 announced)
TSI:
KRT in-kernel 185.9.157.0/27 -> {Table}
        *Direct Preference: 0
                Next hop type: Interface
                Address: 0x2b8a78c
                Next-hop reference count: 3
                Next hop: via irb.100, selected
                State: <Secondary Active Int>
                Local AS: 57844
                Age: 32:11
                Validation State: unverified
                Task: IF
                Announcement bits (1): 1-KRT
                AS path: I
                Primary Routing Table inet.0

root@mx80-core> show route 185.9.159.86 extensive | no-more

inet.0: 677 destinations, 680 routes (677 active, 0 holddown, 0 hidden)
185.9.159.0/24 (2 entries, 1 announced)
TSI:
Page 0 idx 0, (group Netdirekt type External) Type 1 val 287ad9c (adv_entry)
   Advertised metrics:
     Nexthop: Self
     AS path: [57844] I
     Communities: 9121:444 43391:111
Path 185.9.159.0 Vector len 4.  Val: 0
        *Direct Preference: 0
                Next hop type: Interface
                Address: 0x2b8a7d8
                Next-hop reference count: 3
                Next hop: via irb.100, selected
                State: <Active Int>
                Local AS: 57844
                Age: 4d 0:57:01
                Validation State: unverified
                Task: IF
                Announcement bits (1): 5-BGP_RT_Background
                AS path: I
                Secondary Tables: UDP-Routes.inet.0 TCP-Routes.inet.0
         Static Preference: 5
                Next hop type: Discard
                Address: 0x260b808
                Next-hop reference count: 51
                State: <Int Ext>
                Inactive reason: Route Preference
                Local AS: 57844
                Age: 4d 12:25:53
                Validation State: unverified
                Task: RT
                AS path: I

TCP-Routes.inet.0: 383 destinations, 383 routes (383 active, 0 holddown, 0 hidden)

185.9.159.0/24 (1 entry, 1 announced)
TSI:
KRT in-kernel 185.9.159.0/24 -> {Table}
        *Direct Preference: 0
                Next hop type: Interface
                Address: 0x2b8a7d8
                Next-hop reference count: 3
                Next hop: via irb.100, selected
                State: <Secondary Active Int>
                Local AS: 57844
                Age: 32:11
                Validation State: unverified
                Task: IF
                Announcement bits (1): 1-KRT
                AS path: I
                Primary Routing Table inet.0

UDP-Routes.inet.0: 383 destinations, 383 routes (383 active, 0 holddown, 0 hidden)

185.9.159.0/24 (1 entry, 1 announced)
TSI:
KRT in-kernel 185.9.159.0/24 -> {Table}
        *Direct Preference: 0
                Next hop type: Interface
                Address: 0x2b8a7d8
                Next-hop reference count: 3
                Next hop: via irb.100, selected
                State: <Secondary Active Int>
                Local AS: 57844
                Age: 32:11
                Validation State: unverified
                Task: IF
                Announcement bits (1): 1-KRT
                AS path: I
                Primary Routing Table inet.0


  • 6.  RE: Policy based routing problem on MX router

    Posted 11-23-2015 06:46

    Our network schema will work like this : 

     

     

     

     

    Screen Shot 2015-11-23 at 13.06.56.png

     

     

    Traffic will return back to MX80 after cleaned up.

    This is why we want to route the traffic on ingress port on policy filter of ae0 

     



  • 7.  RE: Policy based routing problem on MX router

    Posted 11-23-2015 07:03

    Hello,

    Thanks for posting the printouts.

    After You added "routing-options interface-routes", I see that it does not work for a different reason.

    But let me ask questions first:

    1/ are the networks 185.9.157.0/27 and 185.9.159.0/24 also locally-attached to irb.100 on Your MX80?

    2/ do these addresses 185.9.157.15 and 185.9.159.86 answer ARP when pinged from irb.100? Please post printouts:

     

     

    ping 185.9.157.15
    ping 185.9.159.86
    show arp hostname 185.9.157.15
show arp hostname 185.9.159.86

     

    3/ if these addresses do not answer ARP from MX80 irb.100, but rather exist elsewhere on Your network, then You have to add import policy to rib-group SPD-Route to import only the connected routes where 37.123.100.98 and 37.123.100.122 reside. Example below:

     

    set policy-options policy-statement select-connected term 1 from protocol direct
set policy-options policy-statement select-connected term 1 from route-filter 37.123.100.0/24 orlonger
set policy-options policy-statement select-connected term 1 then accept 
set policy-options policy-statement select-connected term 2 the reject

     

    And then You need to construct a separate rib-group for interface-routes since RG SPD-Route is also used for OSPF. 

    HTH

    Thx

    Alex

     



  • 8.  RE: Policy based routing problem on MX router

    Posted 11-23-2015 07:17

    1/ are the networks 185.9.157.0/27 and 185.9.159.0/24 also locally-attached to irb.100 on Your MX80?

     

    yes , we want that when the traffic come back from the SRX to ae1 let it join to irb.100

     

    2/ do these addresses 185.9.157.15 and 185.9.159.86 answer ARP when pinged from irb.100? Please post printouts:

    root@mx80-core> show arp no-resolve | grep "185.9.157.15"
00:50:56:b6:13:5a 185.9.157.15    xe-0/0/3.0           none
    root@mx80-core> show arp hostname 185.9.157.15
MAC Address       Address         Name                      Interface           Flags
00:50:56:b6:13:5a 185.9.157.15    185.9.157.15              xe-0/0/3.0          none
    root@mx80-core> ping 185.9.157.15
PING 185.9.157.15 (185.9.157.15): 56 data bytes
64 bytes from 185.9.157.15: icmp_seq=0 ttl=64 time=0.584 ms
64 bytes from 185.9.157.15: icmp_seq=1 ttl=64 time=0.475 ms
64 bytes from 185.9.157.15: icmp_seq=2 ttl=64 time=0.495 ms
^C
--- 185.9.157.15 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.475/0.518/0.584/0.047 ms

     

    3/ if these addresses do not answer ARP from MX80 irb.100, but rather exist elsewhere on Your network, then You have to add import policy to rib-group SPD-Route to import only the connected routes where 37.123.100.98 and 37.123.100.122 reside. Example below:

     

    Ip addresses reachable from the world. But the problem it is not routing the traffic to the srx.



  • 9.  RE: Policy based routing problem on MX router

    Posted 11-23-2015 07:54

    Hello,

     

    @SPDNet wrote:

     

     

    Ip addresses reachable from the world. But the problem it is not routing the traffic to the srx.

    If You would post the following:

    1/ a detailed diagram with interface names, IP addressing and OSPF areas

    2/ how do You want the traffic to flow with FBF

    3/ why do You inject OSPF routes into forwarding instance

    4/ why do You also need 0/0 route in forwarding instance

    - that would help to understand Your scenario. 

    At the moment I still think You need to use policy to limit interface-route insertion into forwarding instances to 37.123.100.0/24 subnet only but there may be other gotchas You haven't told us about.

    HTH

    Thx

    Alex



  • 10.  RE: Policy based routing problem on MX router

    Posted 11-23-2015 08:32

    That is how we want to let the traffic work

     

    we are getting traffic from ae0

    we want to let the route some subnets directly to the TCP and UDP firewalls 

    and let it get return to router from the 4x1G and then let the work routes / vlans

     

     

     

    Screen Shot 2015-11-23 at 18.29.51.png

     

     

     

    Screen Shot 2015-11-23 at 18.52.43.png



  • 11.  RE: Policy based routing problem on MX router

    Posted 11-24-2015 14:32

    hello,

    You did not answer my other questions re OSPF routes together with 0/0 route in forwarding-instances.

    In other words - do You want the FBF-ed packet to travel along OSPF route or along 0/0 route?

    But I will try to help You anyway - below is the config to test:

     

    delete routing-options interface-routes
set routing-options rib-groups IFL-2-FI import-rib [ inet.0 TCP-Routes.inet.0 UDP-Routes.inet.0 ]
set routing-options rib-groups IFL-2-FI import-policy IFL-Import
set routing-options interface-routes rib-group  IFL-2-FI
set policy-options policy-statement IFL-Import term 1 from protocol direct
set policy-options policy-statement IFL-Import term 1 from route-filter 37.123.100.0/24 longer
set policy-options policy-statement IFL-Import term 1 then accept
set policy-options policy-statement IFL-Import term 2 then reject

    Please test and report back.

    HTH

    Thx

    Alex

     

     

     



  • 12.  RE: Policy based routing problem on MX router

    Posted 11-25-2015 02:36

    Dear alex ,

     

        we have nearly 50x /24 classes do i need to add all to route filter  as this : 

     

    set policy-options policy-statement IFL-Import term 1 from route-filter 37.123.100.0/24 longer

     we have added ospf with no special reason. It just same on the instructions of the mx documenteration 

     

     

        



  • 13.  RE: Policy based routing problem on MX router

    Posted 11-25-2015 03:07

    Now the traces shows that the routes are ok but this time there is sth. strange. 

    It is not working (our web site) from the inside of the network or from the outside of the network it is acting like in loop in the network ?  It was actually worked for a minute then lost the connection. It seems it does not route to outside / or looping

     

     

     

     

    Screen Shot 2015-11-25 at 13.05.14.png



  • 14.  RE: Policy based routing problem on MX router
    Best Answer

    Posted 11-25-2015 03:28

    Hello,

    I take it that FBF on MX is working now?

    And Your new grief is that the packet is getting back to the same MX where it is FBF-ed again to Your SRX/other box?

    If Your SRX or whatever other box BEHIND MX returns the traffic back to same interface where MX FBF filter is attached, then You should investigate why SRX/other box is doing it.

    In case You are stuck, please contact Your nearest friendly Juniper SE to buy some Juniper Professional Services, we are good at fixing customer problems, You know 🙂

    HTH

    Thx

    Alex

    P.S. You still did not answer my direct question - do You want the FBFed packet to travel along 0/0 route or along more specific OSPF route?



  • 15.  RE: Policy based routing problem on MX router

    Posted 11-25-2015 03:33

    I just want to get back cleaned packets from 4x1Gbps ae1 on mx80 like it is coming from the second isp 🙂

    I just want to route incoming traffic to the xe-0/0/1 and 2 ports for TCP / UDP 

     

    that is all. Our firewalls has been tested and this system was working while we were using Ex4500 as L3 switch in the past 😞

     



  • 16.  RE: Policy based routing problem on MX router

    Posted 11-25-2015 03:41 
     3140  206K DROP       all  --  !lo    *       212.174.232.182      0.0.0.0/0
   93 24080 LOGDROPOUT  all  --  *      !lo     0.0.0.0/0            212.174.232.182

    Yes i am correct sth. causing a loop in the network of the ip when we add to filter centos machine has been blocked my ip address because of hitting thousands of time 



  • 17.  RE: Policy based routing problem on MX router

    Posted 11-25-2015 04:52

    I am sorry for this much messages i have traced all the traffic for  185.9.159.86

     

    Traffic come to MX 

    TCP goes to SRX

    UDP goes to UDP Fw

    Then udp traffic pass to the SRX

    SRX send back the traffic to the MX 

    MX routed it to server correctly 

    Server handle and responed the traffic

     

    ---- This is where i lost what will happen after that. It is looping or it is dropping packets 😞



  • 18.  RE: Policy based routing problem on MX router

    Posted 11-25-2015 07:01

    I am so sorry for that routing interface / policy was the correct solution 

     

    thank you



  • 19.  RE: Policy based routing problem on MX router

    Posted 11-25-2015 03:31

    I am sorry for the 3rd message , I have changed the code as this which has no touch to UDP traffic.

     

     

    filter FWDirect {
    term UDPFW {
        from {
            destination-address {
                185.9.159.86/32;
            }
            protocol udp;
        }
        then {
            log;
            routing-instance UDP-Routes;
        }
    }
    term TCPFW {
        from {
            destination-address {
                185.9.159.86/32;
                185.9.157.15/32;
            }
            protocol tcp;
        }
        then {
            count TCPFWTR;
            log;
            routing-instance TCP-Routes;
        }
    }
    term Default {
        then accept;
    }
}

     

    but i realize that : 

     

    root2@server [~]# tcpdump -n udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:27:56.926316 IP 192.168.168.18.netbios-ns > 192.168.168.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:27:56.926642 IP 213.238.172.18.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:27:57.675939 IP 213.238.172.18.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:27:57.676312 IP 192.168.168.18.netbios-ns > 192.168.168.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:27:58.426062 IP 192.168.168.18.netbios-ns > 192.168.168.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:27:58.426488 IP 213.238.172.18.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:27:59.573224 IP 192.168.168.18.netbios-ns > 192.168.168.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:27:59.573627 IP 213.238.172.18.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:00.323388 IP 213.238.172.18.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:00.323737 IP 192.168.168.18.netbios-ns > 192.168.168.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:01.073130 IP 192.168.168.18.netbios-ns > 192.168.168.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:01.073495 IP 213.238.172.18.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:02.138635 IP 192.168.168.18.netbios-ns > 192.168.168.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:02.138958 IP 213.238.172.18.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:02.462677 IP 213.238.172.26.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:02.888424 IP 213.238.172.18.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:02.888774 IP 192.168.168.18.netbios-ns > 192.168.168.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:03.212390 IP 213.238.172.26.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:03.638284 IP 192.168.168.18.netbios-ns > 192.168.168.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:03.638662 IP 213.238.172.18.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:03.962350 IP 213.238.172.26.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:05.214787 IP 213.238.172.69.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:05.964566 IP 213.238.172.69.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:06.714659 IP 213.238.172.69.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:08.421816 IP 213.238.172.69.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:08.738968 IP 213.238.172.62.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:09.171622 IP 213.238.172.69.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:09.488843 IP 213.238.172.62.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:09.921851 IP 213.238.172.69.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:10.238849 IP 213.238.172.62.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:22.000444 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:22.749006 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:23.499179 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:24.578052 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:25.327382 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:26.077396 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:27.581163 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:28.330399 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:29.080438 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:30.158267 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:30.908510 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:31.658472 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:32.300194 IP 178.20.231.21.netbios-dgm > 178.20.231.255.netbios-dgm: NBT UDP PACKET(138)
13:28:33.115639 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:33.865748 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:34.113991 IP 0.0.0.0.rrac > 255.255.255.255.rrac: UDP, length 108
13:28:34.615461 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:35.697369 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:36.446810 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:37.196562 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:38.602141 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:39.351618 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:40.101534 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:41.181270 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:41.931998 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:42.683224 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:43.392491 IP 185.9.157.15.34795 > 8.8.8.8.domain: 57094+ PTR? 66.39.247.88.in-addr.arpa. (43)
13:28:43.467855 IP 8.8.8.8.domain > 185.9.157.15.34795: 57094 1/0/0 PTR 88.247.39.66.static.ttnet.com.tr. (89)
13:28:43.468122 IP 185.9.157.15.51199 > 8.8.8.8.domain: 49089+ PTR? 82.202.0.95.in-addr.arpa. (42)
13:28:43.596869 IP 8.8.8.8.domain > 185.9.157.15.51199: 49089 1/0/0 PTR 95.0.202.82.dynamic.ttnet.com.tr. (88)
13:28:43.850268 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:44.599457 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:45.349568 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:46.427392 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:47.176598 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:47.926577 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:49.091256 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:49.840837 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:50.590680 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:51.668290 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:52.417751 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:53.167749 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:54.335366 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:55.084716 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:55.834659 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:56.912200 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:57.661764 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:58.411773 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:28:59.531375 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:00.280969 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:01.030779 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:01.918116 IP 185.9.157.14.netbios-dgm > 185.9.157.31.netbios-dgm: NBT UDP PACKET(138)
13:29:02.108394 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:02.857745 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:03.608150 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:05.046629 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:05.795700 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:06.545878 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:07.623380 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:08.372816 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:09.122693 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:10.289510 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:11.038898 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:11.294975 IP 213.238.172.62.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:11.790286 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:12.044716 IP 213.238.172.62.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:12.794801 IP 213.238.172.62.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:12.868436 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:13.113935 IP 213.238.172.69.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:13.134235 IP 213.238.172.69.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:13.616901 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:13.863929 IP 213.238.172.69.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:13.883744 IP 213.238.172.69.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:14.366854 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:14.613835 IP 213.238.172.69.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:14.633578 IP 213.238.172.69.netbios-ns > 213.238.172.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:15.536492 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:15.860885 IP 213.238.172.240.netbios-dgm > 213.238.172.255.netbios-dgm: NBT UDP PACKET(138)
13:29:16.286306 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:17.035810 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:18.114754 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:18.863863 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:19.613831 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:20.780559 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:21.530084 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:22.279939 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:23.359539 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:24.109125 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:24.858917 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:26.335606 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:27.084976 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:27.835035 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:28.912606 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:29.662031 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:30.412041 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:31.577645 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:32.326916 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:33.077062 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:34.122759 IP 0.0.0.0.rrac > 255.255.255.255.rrac: UDP, length 108
13:29:34.156674 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:34.906195 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:35.655952 IP 178.20.231.21.netbios-ns > 178.20.231.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:46.744404 IP 185.9.156.26.netbios-ns > 185.9.156.31.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:47.494207 IP 185.9.156.26.netbios-ns > 185.9.156.31.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
13:29:48.244219 IP 185.9.156.26.netbios-ns > 185.9.156.31.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

     

     

    No external traffic is arriving to the server.

    When i delete the routing instance it works like charm . what should block the udp traffic ? there is no rule ?