[c-nsp] Symmetrical Routing

Adrian Turcu adriant at domeit.net
Fri Mar 22 07:20:12 EDT 2013 

if strict mode configured, your best path must be on the interface you receive the traffic
if loose mode, the source address must appear in the routing table

i believe the phrase you're referring is taken out of context, relative to your question:

--- cite --
The behavior of strict RPF varies slightly by platform, number of recursion levels, and number of paths in Equal-Cost Multipath (ECMP) scenarios. A platform may switch to loose RPF check for some or all prefixes, even though strict RPF is configured. This is referred to as auto-fallback mechanism.
--- /cite ---

and further down:

--- cite --
Strict mode uRPF requires maintenance of uRPF interfaces list for the prefixes. The list contains only strict mode uRPF configured interfaces pointed by the prefix path. uRPF interface list is shared among the prefixes wherever possible. Size of this list is 12 for ASR 9000 Ethernet Line Cards and 64 for integrated 20G SIP cards. Strict to loose mode uRPF fallback happens when the list goes beyond the maximum supported value.
--- /cite ---

If you're just starting on uRPF now, it would probably be best to read generic documentation like this for example, many others around (Google is your best friend if not familiar with the topic). Then you should move towards the specific implementation on a platform you are using or intend to use.... and finally, test in a lab before going in production.


On 22 Mar 2013, at 09:56, Pavel Vraštiak wrote:

> I am looking into uRPF now - is it true for all platforms that, with uRPF enabled, packets must be received on the best path only? Is there any list of platforms that can handle multipath? Can some hande unequal-cost-MP?
> 
> Notes like this are a little confusing for me:
> The behavior of strict RPF varies slightly by platform, number of recursion levels, and number of paths in Equal-Cost Multipath (ECMP) scenarios. A platform may switch to loose RPF check for some or all prefixes, even though strict RPF is configured.
> 
> Best regards
> pV
> 
> On 03/21/2013 11:05 PM, Nick Hilliard wrote:
>> On 21/03/2013 09:41, M K wrote:
>>> Hi I have many international links active and each link is exported with
>>> certain prefixMy question is should the outbound traffic go through the
>>> same link as well , symmetrical ? or it's not an issue to have the
>>> export from a link and the import for the same prefix from another one
>>> ?
>> it depends on your upstream configuration.  If they have strict urpf
>> enabled, then asymmetric routing will be a problem.  If they don't, then it
>> should be fine.  Your router is not a firewall, so it doesn't care about
>> receiving packets on the "wrong" interface unless you tell it to via urpf /
>> acls.
>> 
>> Nick
>> 
>> 
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list