[168853] in North American Network Operators' Group
Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]
daemon@ATHENA.MIT.EDU (Seth Mattinen)
Wed Feb 5 19:35:15 2014
Date: Wed, 05 Feb 2014 16:34:59 -0800
From: Seth Mattinen <sethm@rollernet.us>
To: nanog@nanog.org
In-Reply-To: <5822441.7294.1391635482579.JavaMail.root@benjamin.baylink.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2/5/14, 13:24, Jay Ashworth wrote:
> The common answer, Octavio, at least*used to* be "our line cards aren't
> smart enough to implement strict-unicast-RPF, and our boxes don't have
> enough horsepower to handle every packet through the CPU".
>
> As I've noted, I'm not sure I believe that's true of current generation
> gear, and if it*is*, then it should cost manufacturers business.
In Cisco 6500 land - which were very popular - Earl7 uRPF is limited to
one of strict or loose (no mixing modes) for IPv4 only. Otherwise you
have to rely on ACLs and the possibility of running out of TCAM space
for them depending on density.
The Sup2T (Earl8) does fix these limitations: uRPF is configurable
per-interface basis and independent of IPv4/IPv6, and can be a mix of
loose or strict mode. But Sup2T only came out in 2011.
~Seth
