[c-nsp] Unicast Reverse Path Forwarding - Loose Mode

Mark Tinka mtinka at globaltransit.net
Sun Apr 18 01:44:11 EDT 2010


On Thursday 08 April 2010 08:48:39 pm Steve Bertrand wrote:

> I guess what I'm trying to say is that enabling it is
>  good,...

Agree.

>  and I've never run into any situation where
>  enabling loose mode has caused problems.

The only problem we've had is when peering privately with 
other networks and you ask them to ensure they don't 
announce your prefixes to the general Internet (they should 
be kept only within their AS + their [BGP] customers).

Well, what happens is that when they (mistakenly, I hope) 
announce your prefixes to the Internet, they become a 
transit path back to you. But because your private peering 
router does not hold a full table, inbound traffic from some 
soul on the Internet (who is not a customer of your peering 
partner) gets dropped because a route back to said soul 
doesn't exist in your peering router.

There have been many a situation like this for us, and it's 
not pretty. Be watchful of your private (and public) peers 
when running uRPF.

One could announce prefixes with a NO_EXPORT community to 
the peers, but this assumes they support BGP communities. 
Also, it could potentially mean your routes won't get into 
their BGP customers' networks (which is likely not what you 
want).

Alternatively, one's peering router could hold a full table, 
but there's probably more to it than just simply that.

Cheers,

Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20100418/b2d0be11/attachment.bin>


More information about the cisco-nsp mailing list