[107682] in North American Network Operators' Group
Re: Cisco uRPF failures
daemon@ATHENA.MIT.EDU (Jo Rhett)
Thu Sep 11 03:43:35 2008
From: Jo Rhett <jrhett@netconsonance.com>
To: Anton Kapela <tkapela@gmail.com>
In-Reply-To: <2e9d8ae50809061020x24bdfbf0x3ddcfe3ed8518df2@mail.gmail.com>
Date: Thu, 11 Sep 2008 00:43:20 -0700
Cc: NANOG <nanog@merit.edu>
Errors-To: nanog-bounces@nanog.org
On Sep 6, 2008, at 10:20 AM, Anton Kapela wrote:
> On Thu, Sep 4, 2008 at 11:35 AM, Jo Rhett <jrhett@netconsonance.com>
> wrote:
>
>> That's the surprising thing -- no scenario. Very basic
>> configuration.
>> Enabling uRPF and then hitting it with a few gig of non-routable
>> packets
>> consistently caused the sup module to stop talking on the console,
>> and
>
> What do you mean by 'non routable?'
Should have been dropped by UDP.
> What was the src/dst makeup of the test traffic?
Both random sources and singular sources demonstrated the problem.
> What version of code? Also, port-channel/lag or ECMP?
I don't have those details handy now, nor am I likely to anytime
soon. If they've been solved in recent code, great. But I've seen
nothing in the tech notes.
>> quickly, but that turns out not to be the case. To this day I've
>> never
>
> I've never seen the issues you speak of, so it could be
> code/platform/config specific.
>
> Also, what sup were you testing?
720s, as said repeatedly.
> Forgive me, but what does bits/sec have to do with anything?
The problem only appeared at high bits/sec, as I've said repeatedly.
--
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source
and other randomness
