I apologize for bringing this issue back, considering how old it is, but i hope that i can get some further clarification:
1. If IP routing is enabled and there is a 0.0.0.0 route, how is it possible that router will drop traffic going to an unknown destination? I actually have this happening on one of our 65K's with routing turned on and 0.0.0.0 learned from EIGRP while 'show ip traffic' command reports increments of "not a gateway" counter?
2. How does the router know to recognize martian destination and to discard it? I was under an impression that you need an ACL for this?
I am not sure about the counters you are talking about but if you run "show mls statistics" and look under Errors section of the respective module and find out if there are any no route drops. This is a cumulative counter and I believe you need to do a clear mls statistics and check again if it is increasing.
Not sure what version you are using may be this was added later as I could see only that counter is missing! My output is as below
PE5_pe01_grr#sh mls statistics module 5
Statistics for Earl in Module 5
L2 Forwarding Engine
Total packets Switched : 539807955
L3 Forwarding Engine
Total packets Processed : 291700871 @ 1899 pps
Total packets L3 Switched : 31 @ 0 pps
Total Packets Bridged : 131155806
Total Packets FIB Switched : 31
Total Packets ACL Routed : 0
Total Packets Netflow Switched : 0
Total Mcast Packets Switched/Routed : 3112425
Total ip packets with TOS changed : 2
Total ip packets with COS changed : 4320
Total non ip packets COS changed : 286573
Total packets dropped by ACL : 0
Total packets dropped by Policing : 0
Total packets exceeding CIR : 0
Total packets exceeding PIR : 0
MAC/IP length inconsistencies : 0
Short IP packets received : 0
IP header checksum errors : 0
No-route packet drops : 0
TTL failures : 0
MTU failures : 0
But still your originial quetion is still open. If there is not specifc route to a destination then we use the default route and route it. But you said you are still seeing the not a gateway drops...in that case if we can know what sort of packets are dropped and what are their IP addresses we can check if it falls in martian prefix range.
That makes sense, I am running on 12.2(33)SXI2a, I bet you are on 15.x
As far as the original question, I think that you have a good point that destination of 'not a gateway' dropped packets might be in martian range as Mike has indicated and that routing process somehow knows to discard packets alike, that would be my guess.
I will try to do some debugging and post what i find. Somewhere i have read that 'not a gateway' drops could possibly indicate a malware and I would like to trace it back.
Thanks for your help, it is time to upgrade to a newer code
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...