[107561] in North American Network Operators' Group
Re: Cisco uRPF failures
daemon@ATHENA.MIT.EDU (Anton Kapela)
Sat Sep 6 13:20:44 2008
Date: Sat, 6 Sep 2008 12:20:34 -0500
From: "Anton Kapela" <tkapela@gmail.com>
To: "Jo Rhett" <jrhett@netconsonance.com>
In-Reply-To: <5188BB8F-8EFC-4FCA-BA9F-E36E6C3CEB81@netconsonance.com>
Cc: NANOG <nanog@merit.edu>
Errors-To: nanog-bounces@nanog.org
On Thu, Sep 4, 2008 at 11:35 AM, Jo Rhett <jrhett@netconsonance.com> wrote:
> That's the surprising thing -- no scenario. Very basic configuration.
> Enabling uRPF and then hitting it with a few gig of non-routable packets
> consistently caused the sup module to stop talking on the console, and
What do you mean by 'non routable?'
What was the src/dst makeup of the test traffic?
> We also discovered problems related to uRPF and load balanced links, but
> those were difficult to reproduce in the lab and we couldn't affect their
> peering, so we had to disable uRPF and ignore so I don't have much details.
What version of code? Also, port-channel/lag or ECMP?
> quickly, but that turns out not to be the case. To this day I've never
I've never seen the issues you speak of, so it could be
code/platform/config specific.
Also, what sup were you testing?
> found a network operator using uRPF on Cisco gear.
> (note: network operator. it's probably fine for several-hundred-meg
> enterprise sites)
Forgive me, but what does bits/sec have to do with anything?
-Tk
