[f-nsp] MLX and uRPF for RTBH
frnkblk at iname.com
frnkblk at iname.com
Thu Jul 14 22:32:24 EDT 2016
My own research on MLX support for uRPF made me very disappointed:
Note this from the release notes:
- If a default route is present on the router, loose mode will permit all traffic
- RPF can only be configured at the physical port level. It should not be configured on virtual interfaces on the Brocade MLX series and Brocade NetIron XMR.
o Brocade MLX series and Brocade NetIron XMR devices do not support uRPF for VE interfaces.
Also RPF is not compatible with this CAM profile: “ipv4-ipv6” I think we’re using that one.
https://tnotez.files.wordpress.com/2013/05/netironunified_05400a_configguide.pdf
Frank
From: foundry-nsp [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Michael Gehrmann
Sent: Wednesday, July 13, 2016 12:11 AM
To: foundry-nsp at puck.nether.net
Subject: [f-nsp] MLX and uRPF for RTBH
Hi All,
Wondering if anyone has used the uRPF feature on MLX to have the source address of traffic matched to null0 routes?
My reading so far has lead me to a config like this:
reverse-path-check
urpf-exclude-default
!
interface eth1/1
rpf-mode loose log
!
Example routes look like this:
device#sh ip route 2.144.0.0/24 <http://2.144.0.0/24>
Destination Gateway Port Cost Type Uptime src-vrf
1 2.144.0.0/24 <http://2.144.0.0/24> DIRECT drop 20/0 Be 3d1h -
My next step is the lab.
Cheers
--
Michael Gehrmann
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20160714/30abde0f/attachment.html>
More information about the foundry-nsp
mailing list