[c-nsp] SXI3 strange issue, Loose mode uRPF jumps to strict by itself
Church, Charles
Charles.Church at harris.com
Thu Jul 29 23:25:27 EDT 2010
I got bit by this just a couple weeks ago. Building a new core router for a
location, couldn't ping up through the Sidewinder gateways I'm only a little
familiar with. Blaming it on my lack of Sidewinder experience, turns out my
default had changed to strict mode after changing the inward facing ints to
strict. Doh! Seems like a warning message would be nice, like they do
with portfast.
Chuck Church
Network Planning Engineer, CCIE #8776
Southcom
Harris IT Services
1210 N. Parker Rd.
Greenville, SC 29609
Office: 864-335-9473
Cell: 864-266-3978
E-mail: charles.church at harris.com
Southcom E-mail: charles.church.ctr at hq.southcom.mil
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Jared Mauch
Sent: Thursday, July 29, 2010 3:32 PM
To: bas
Cc: Cisco
Subject: Re: [c-nsp] SXI3 strange issue, Loose mode uRPF jumps to strict by
itself
On the SUP720/EARL7 unicast-rpf is a global setting on the device.
If someone changes *any* interface to strict, all interfaces with u-rpf
enabled will change to strict.
- jared
On Jul 29, 2010, at 3:21 PM, bas wrote:
> Hi All,
>
> Yesterday we had a strange issue.
> Our monitoring tool alerted that one of our boxes (SUP720-3BXL - 6506
> running SXI3) became unreachable.
>
> When we logged in everything looked ok.
> BGP was up, OSPF was up and nothing special in logging.
> Still traffic had dropped to near zero.
>
> With "debug ip cef drop" we immediately saw that traffic was dropped
> due to uRPF feature.
> All upstream interfaces had strict mode uRPF configured, before the
> problems started it was loose mode uRPF.
>
> After manually changing them back too loose mode traffic was restored.
>
> A couple of minutes before the problems started an engineer had
> configured a customer facing interface with strict mode uRPF.
> Apparently this configuration changed triggered a bug that caused
> upstream interface loose mode to be automagically turned to strict
> mode.
>
> So, hereby a heads up. If your SXI3 boxes show strange behavior,
> quickly check uRPF.
>
> Cya,
>
> Bas
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6595 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20100729/0f880090/attachment.bin>
More information about the cisco-nsp
mailing list