[nsp] RPF on Catalyst 6k
Florian Weimer
Weimer at CERT.Uni-Stuttgart.DE
Thu Dec 26 23:37:49 EST 2002
sthaug@nethelp.no writes:
> Using uRPF checks reduces the usable size of the CEF table to half of
> the original
Hmm, is this a problem? It seems that CEF entries are properly
aggregated before they are written to the table, so even 64K entries
should be enough for some time. At least the output of "show mls cef
hardware" is quite encouraging over here; there are much more prefixes
in our routing table than those that actually end up in the CEF TCAM.
(I'd like to run full-table BGP on the router just to be able to
detect bogus traffic more easily, and it would be a shame if we'd had
to sacrifice uRPF checking for that.)
--
Florian Weimer Weimer@CERT.Uni-Stuttgart.DE
University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/
RUS-CERT fax +49-711-685-5898
More information about the cisco-nsp
mailing list