[c-nsp] SXI3 strange issue, Loose mode uRPF jumps to strict by itself
Tim Stevenson
tstevens at cisco.com
Thu Jul 29 23:55:14 EDT 2010
CSCec39733 added just such a warning ages ago, back in the 12.1 days
- but I just checked a c6k running 12.2(33)SXH and it's not there any
more, so there seems to be a regression.
Tim
At 08:25 PM 7/29/2010, Church, Charles submitted:
>I got bit by this just a couple weeks ago. Building a new core router for a
>location, couldn't ping up through the Sidewinder gateways I'm only a little
>familiar with. Blaming it on my lack of Sidewinder experience, turns out my
>default had changed to strict mode after changing the inward facing ints to
>strict. Doh! Seems like a warning message would be nice, like they do
>with portfast.
>
>Chuck Church
>Network Planning Engineer, CCIE #8776
>Southcom
>Harris IT Services
>1210 N. Parker Rd.
>Greenville, SC 29609
>Office: 864-335-9473
>Cell: 864-266-3978
>E-mail: charles.church at harris.com
>Southcom E-mail: charles.church.ctr at hq.southcom.mil
>
>
>-----Original Message-----
>From: cisco-nsp-bounces at puck.nether.net
>[<mailto:cisco-nsp-bounces at puck.nether.net>mailto:cisco-nsp-bounces at puck.nether.net]
>On Behalf Of Jared Mauch
>Sent: Thursday, July 29, 2010 3:32 PM
>To: bas
>Cc: Cisco
>Subject: Re: [c-nsp] SXI3 strange issue, Loose mode uRPF jumps to strict by
>itself
>
>
>On the SUP720/EARL7 unicast-rpf is a global setting on the device.
>
>If someone changes *any* interface to strict, all interfaces with u-rpf
>enabled will change to strict.
>
>- jared
>
>On Jul 29, 2010, at 3:21 PM, bas wrote:
>
> > Hi All,
> >
> > Yesterday we had a strange issue.
> > Our monitoring tool alerted that one of our boxes (SUP720-3BXL - 6506
> > running SXI3) became unreachable.
> >
> > When we logged in everything looked ok.
> > BGP was up, OSPF was up and nothing special in logging.
> > Still traffic had dropped to near zero.
> >
> > With "debug ip cef drop" we immediately saw that traffic was dropped
> > due to uRPF feature.
> > All upstream interfaces had strict mode uRPF configured, before the
> > problems started it was loose mode uRPF.
> >
> > After manually changing them back too loose mode traffic was restored.
> >
> > A couple of minutes before the problems started an engineer had
> > configured a customer facing interface with strict mode uRPF.
> > Apparently this configuration changed triggered a bug that caused
> > upstream interface loose mode to be automagically turned to strict
> > mode.
> >
> > So, hereby a heads up. If your SXI3 boxes show strange behavior,
> > quickly check uRPF.
> >
> > Cya,
> >
> > Bas
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> >
> <https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at
> <http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/
>
>
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
><https://puck.nether.net/mailman/listinfo/cisco-nsp>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at
><http://puck.nether.net/pipermail/cisco-nsp/>http://puck.nether.net/pipermail/cisco-nsp/
>_______________________________________________
>cisco-nsp mailing list cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
Tim Stevenson, tstevens at cisco.com
Routing & Switching CCIE #5561
Distinguished Technical Marketing Engineer, Cisco Nexus 7000
Cisco - http://www.cisco.com
IP Phone: 408-526-6759
********************************************************
The contents of this message may be *Cisco Confidential*
and are intended for the specified recipients only.
More information about the cisco-nsp
mailing list