[c-nsp] Loose uRPF behaving like strict mode on 7600
Jon Lewis
jlewis at lewis.org
Fri May 8 11:37:38 EDT 2009
On Wed, 6 May 2009, Jose wrote:
> Well, according to the TAC case I had opened on this, it seems that because
> the SUP32 has its TCAM full and is getting exception errors (it has the full
> internet routing tables), this is likely the culprit to why uRPF in loose
> mode is not behaving as expected.
I glossed over the fact that you're running SUP32's with full BGP tables.
I didn't think that was even possible due to TCAM limitations.
The important bit from the URL I sent is:
Configuring the Unicast RPF Check Mode
There are two unicast RPF check modes:
•Strict check mode, which verifies that the source IP address exists in
the FIB table and verifies that the source IP address is reachable through
the input port.
•Exist-only check mode, which only verifies that the source IP address
exists in the FIB table.
Note The most recently configured mode is automatically applied to all
ports configured for unicast RPF check.
I assumed you were trying to mix loose and strict RPF.
Assuming you can't immediately upgrade to SUP720-3bxl or better, you might
consider some filtering. Have a look at
http://jonsblog.lewis.org/2008/01/19#bgp
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list