[c-nsp] CFC linecards on 7600 - traffic punted to RP

Jiri Prochazka jiri.prochazka at superhosting.cz
Wed Nov 5 06:32:17 EST 2014 

Hi,

it does not matter on which interface I enable uRPF. v4 only is used.

As soon as I enable uRPF on ANY interface (even shutdowned SVI of Vlan, 
which is not used anywhere), it punts all incoming traffic on all other 
interfaces active on CFC cards to the RP.

Number of carried routes does not make difference, the box is now in a 
lab, with no active routing protocol. Situation is still the same.

As soon as I add 'ip verify unicast source reachable-via any' to ANY 
interface on the router (it does not matter if it's in use, or if it's 
carrying any traffic) all traffic coming on ALL ports on CFC equpped 
line cards gets punted to the RP.


So, as soon as I configure something like this ->

Interface vlan 4899
  description This SVI is not used anywhere, Vlan4899 does not exist
  ip address 192.168.100.1 255.255.255.252
  ip verify unicast source reachable-via any


all traffic coming from CFC cards starts to flow to RP. No matter if 
it's terminated on SVI or on physical port.


We will try the same setup with another RSP720-3CXL. I am getting to the 
point it may be faulty Sup, even it seems very odd for me. Everything 
works, but uRPF on CFC equipped cards..

PS: another IOS does not help. We have tried both 12.2.33 and 15.2 trains.


Jiri




Dne 5.11.2014 2:14, Roland Dobbins napsal(a):
>
> On 5 Nov 2014, at 0:23, Jiri Prochazka wrote:
>
>> As soon as any mode (loose/strict) of uRPF is enabled on ANY interface
>> (even shutdowned), the switch punts all traffic carried on ALL
>> linecards equipped with CFC modules to route-processor.
>
> Are you using the same uRPF mode on all interfaces on the box?  Are you
> sure it was enabled only on the interface with which you were
> experimenting?
>
> Are you using uRPF for IPv4 only, or for IPv6, as well?
>
> Do you (attempt to, given EARL7 limitations and continued growth of the
> global routing table) carry full tables on this box?
>
> -----------------------------------
> Roland Dobbins <rdobbins at arbor.net>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
Jiri Prochazka
network administrator (AS39392)
SuperNetwork s.r.o.

m: +420 777 87 37 67
w: http://www.superhosting.cz
e: jiri.prochazka at superhosting.cz

More information about the cisco-nsp mailing list