[nsp] Cisco 7600 and uRPF
Andrew Fort
afort at choqolat.org
Tue Mar 2 19:12:32 EST 2004
On 3/03/2004 3:38 AM, Jared Mauch wrote:
> the box will only do one 'global' u-rpf mode on the sup2.
>the sup1 it's done in software only, not in hw.
>
> i can't recall if they "fixed" this in the 720. i can go
>check my notes in a few ..
>
> - jared
>
>
>
Correct, it's basically the same on sup720 - you can pick only a single
mode (strict, loose, multi-interface 'strict') for the whole box on
Sup720, and on/off per interface as expected. The new Sup720 specific
Multi-interface strict mode is where you can say "I want the URPF strict
check to be performed looking at this group of interfaces", rather than
a single interface only. This is quite a useful compromise between the
two modes on an aggregation router (given suitable network
architecture), I feel, by grouping your customer and internodal (but not
core) facing interfaces, to allow multi-homed situations (across
multiple routers) to be URPF'd.
-afort
More information about the cisco-nsp
mailing list