[c-nsp] Loose uRPF behaving like strict mode on 7600

Jon Lewis jlewis at lewis.org
Fri May 8 11:37:38 EDT 2009

On Wed, 6 May 2009, Jose wrote:

> Well, according to the TAC case I had opened on this, it seems that because 
> the SUP32 has its TCAM full and is getting exception errors (it has the full 
> internet routing tables), this is likely the culprit to why uRPF in loose 
> mode is not behaving as expected.

I glossed over the fact that you're running SUP32's with full BGP tables. 
I didn't think that was even possible due to TCAM limitations.

The important bit from the URL I sent is:

Configuring the Unicast RPF Check Mode

There are two unicast RPF check modes:

•Strict check mode, which verifies that the source IP address exists in 
the FIB table and verifies that the source IP address is reachable through 
the input port.

•Exist-only check mode, which only verifies that the source IP address 
exists in the FIB table.

Note The most recently configured mode is automatically applied to all 
ports configured for unicast RPF check.

I assumed you were trying to mix loose and strict RPF.

Assuming you can't immediately upgrade to SUP720-3bxl or better, you might 
consider some filtering.  Have a look at 

  Jon Lewis                   |  I route
  Senior Network Engineer     |  therefore you are
  Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________

More information about the cisco-nsp mailing list