[c-nsp] benefit of uRFP with ACL over ACL on interface
sthaug at nethelp.no
sthaug at nethelp.no
Wed Sep 8 18:02:20 EDT 2004
> > In addition, certain common ACL entries (such as anti-spoofing
> > filters) don't fit very well into the general ACL structure and thus
> > require quite a bit of TCAM space. Using uRPF might reduce TCAM usage
> > in such a case. Of course, this is only relevant on very few
> > platforms. You often can't use uRPF in strict mode because it can't
> > cope with the current BGP table size.
>
> Why would one want to run uRPF in strict mode on an interface over
> which you get a full BGP feed? Or is the implementation so flawed
> that it requires to conserve "double space" of all the routes on the
> system, even if they weren't used on that particular interface?
I believe the Cisco 6500/7600 with Sup2/MSFC2/PFC2 works like that -
as soon as you turn on uRPF on one interface, your routing table is
programmed twice in the TCAM.
Steinar Haug, Nethelp consulting, sthaug at nethelp.no
More information about the cisco-nsp
mailing list