[c-nsp] uRPF Black hole routing with asymmetric traffic
Andrew Smith
andrew.william.smith at gmail.com
Tue Oct 13 15:58:22 EDT 2015
Does the router have a default-route? If so, "ip verify unicast source
reachable-via any allow-default" should accomplish what you want.
If the router is default-free, is it not able to receive reachability
information from the rest of your network for the prefixes that are getting
incorrectly dropped? (assuming that was the symptoms of "didn't work")
Finally, what are the contents of access-list 2699? I assume it's a
whitelist of IPs to not drop traffic from, even if there aren't discrete
routes in the routing table for?
On Tue, Oct 13, 2015 at 12:30 PM, <f287cd76 at opayq.com> wrote:
> Hi
> Looking for help on how to configure uRPF on Cisco IOS-XE 3.13 in an
> asymmetric multiple ISP Edge scenario
>
> We currently have a edge/customer router that receives a list of 'known
> bad'
> routes via BGP.
> These are re-routed to 192.0.2.1/NULL0 with a route-map.
>
> Today.. this router has only one ISP and all traffic is symmetric. uRPF
> works fine with this syntax
> -> " ip verify unicast source reachable-via any 2699"
>
> I'm moving to a router with multiple ISP and IX connections and some of
> our
> traffic is now asymmetric.
> The above uRPF config didn't work and was removed.
>
> But I still need to drop traffic sourced from any of the above 'bad'
> networks.
> In other words .. I'm looking for a configuration that only drops traffic
> from routes with a next-hop of Null0, and ignores the rest.
>
> Suggestions on how to configure for this now?
>
> thanks in advance
> (appologies if this posted twice )
>
> WS
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list