[nsp] uRPF stability on 6500's
Matt Buford
matt@overloaded.net
Tue, 26 Nov 2002 15:48:44 -0500
On Tue, 26 Nov 2002, Alex Rubenstein wrote:
> On Tue, 26 Nov 2002, Steve Francis wrote:
> > I've seen other posts of people not wanting to hit the 122,000 FIB limit
> > with uRPF enabled. (We're at 116,000)
>
> I was told by people at cisco, that when you hit the above, the system
> continues to forward. However, any entries outside of the 122k will be
> software switched.
I tried a large number of IOS versions (up to current about a month ago) and
never found one that handled this properly. The standard problem I ran into
was that things appeared to work at first glance, but over time entries in
the FIB table for directly connected interfaces would start showing up as
"drop" instead of "punt". "sh mls cef | i drop" showed many of these broken
entries. Shutdown then no shutdown of each affected interface would
generally fix the entries back to punt ... for a while.
I also ran into some other random FIB corruption weirdness when exceeding
the limit. For example, the FIB default route would get two entries - one
to punt and one to drop. This resulted in packets not matching entries that
fit in the FIB being load balanced between software switching and hardware
dropping. This was relatively rare in comparison the the directly connected
interface drop entries though.
I have since disabled uRPF on all 6509s and all of these constant problems
have gone away.