[f-nsp] MLX and uRPF for RTBH
Michael Gehrmann
mgehrmann at atlassian.com
Mon Aug 15 00:18:21 EDT 2016
Let's see how we go. Working great at the moment.
Thanks all for your feedback.
Mike
On 13 July 2016 at 17:04, Takahiro Masuda <tmasuda at vpls.com> wrote:
> I use this but sometimes during dos attacks it takes a toll on the lp cpu
> and have to remove it.
>
> ------------------------------
>
> *From: *"Michael Gehrmann" <mgehrmann at atlassian.com>
> *To: *foundry-nsp at puck.nether.net
> *Sent: *Tuesday, July 12, 2016 10:11:15 PM
> *Subject: *[f-nsp] MLX and uRPF for RTBH
>
> Hi All,
> Wondering if anyone has used the uRPF feature on MLX to have the source
> address of traffic matched to null0 routes?
>
> My reading so far has lead me to a config like this:
>
> reverse-path-check
> urpf-exclude-default
> !interface eth1/1
> rpf-mode loose log
>
> !
>
>
> Example routes look like this:
>
> device#sh ip route 2.144.0.0/24
> Destination Gateway Port Cost
> Type Uptime src-vrf
> 1 2.144.0.0/24 DIRECT drop 20/0 Be
> 3d1h -
>
> My next step is the lab.
>
> Cheers
> --
> Michael Gehrmann
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
>
--
Michael Gehrmann
Senior Network Engineer - Atlassian
m: +61 407 570 658
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20160815/43c9300f/attachment.html>
More information about the foundry-nsp
mailing list