[nsp] Cisco 7600 and uRPF

Tim Stevenson tstevens at cisco.com
Wed Mar 3 11:24:09 EST 2004 

Sup720 actually can do two load-sharing RPF interfaces per prefix in hardware by default with normal IOS configuration, the interface group construct is necessary if you have 3+ RPF interfaces for any prefixes and you want h/w uRPF check.

Also, as mentioned in another post, sup2 has the shortcoming that enabling uRPF check halves the available FIB TCAM size, which is not true of sup720.

Tim

At 08:02 AM 3/3/2004, cisco-nsp-request at puck.nether.net contended:
>Message: 8
>Date: Wed, 03 Mar 2004 11:12:32 +1100
>From: Andrew Fort <afort at choqolat.org>
>Subject: Re: [nsp] Cisco 7600 and uRPF
>Cc: cisco-nsp at puck.nether.net
>Message-ID: <404522F0.6060806 at choqolat.org>
>Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
>On 3/03/2004 3:38 AM, Jared Mauch wrote:
>
>>    the box will only do one 'global' u-rpf mode on the sup2.
>>the sup1 it's done in software only, not in hw.
>>
>>    i can't recall if they "fixed" this in the 720.  i can go
>>check my notes in a few ..
>>
>>    - jared
>>    
>>  
>>
>
>Correct, it's basically the same on sup720 - you can pick only a single 
>mode (strict, loose, multi-interface 'strict') for the whole box on 
>Sup720, and on/off per interface as expected.  The new Sup720 specific 
>Multi-interface strict mode is where you can say "I want the URPF strict 
>check to be performed looking at this group of interfaces", rather than 
>a single interface only.  This is quite a useful compromise between the 
>two modes on an aggregation router (given suitable network 
>architecture), I feel, by grouping your customer and internodal (but not 
>core) facing interfaces, to allow multi-homed situations (across 
>multiple routers) to be URPF'd.
>
>-afort


Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Technical Marketing Engineer, Catalyst 6500
Cisco Systems, http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.

More information about the cisco-nsp mailing list