[f-nsp] MLX and uRPF for RTBH

frnkblk at iname.com frnkblk at iname.com
Thu Jul 14 22:32:24 EDT 2016


My own research on MLX support for uRPF made me very disappointed:

 

Note this from the release notes:

-          If a default route is present on the router, loose mode will permit all traffic

-          RPF can only be configured at the physical port level. It should not be configured on virtual interfaces on the Brocade MLX series and Brocade NetIron XMR.

o   Brocade MLX series and Brocade NetIron XMR devices do not support uRPF for VE interfaces.

Also RPF is not compatible with this CAM profile: “ipv4-ipv6”  I think we’re using that one.

https://tnotez.files.wordpress.com/2013/05/netironunified_05400a_configguide.pdf

 

Frank

 

From: foundry-nsp [mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Michael Gehrmann
Sent: Wednesday, July 13, 2016 12:11 AM
To: foundry-nsp at puck.nether.net
Subject: [f-nsp] MLX and uRPF for RTBH

 

Hi All,

 

Wondering if anyone has used the uRPF feature on MLX to have the source address of traffic matched to null0 routes?

 

My reading so far has lead me to a config like this:

 

reverse-path-check
urpf-exclude-default
!
interface eth1/1
rpf-mode loose log
!

 

Example routes look like this:

 

device#sh ip route 2.144.0.0/24 <http://2.144.0.0/24> 

        Destination        Gateway         Port          Cost          Type Uptime src-vrf

1       2.144.0.0/24 <http://2.144.0.0/24>        DIRECT          drop          20/0          Be   3d1h   - 

 

My next step is the lab.

 

Cheers

-- 

Michael Gehrmann

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/foundry-nsp/attachments/20160714/30abde0f/attachment.html>


More information about the foundry-nsp mailing list