[f-nsp] MLX and uRPF for RTBH
frnkblk at iname.com
frnkblk at iname.com
Sat Jul 16 10:08:50 EDT 2016
My gotcha is that I have a default router and I want to use it against ve's.
Frank
-----Original Message-----
From: Jörg Kost [mailto:jk at ip-clear.de]
Sent: Saturday, July 16, 2016 2:48 AM
To: frnkblk at iname.com
Cc: Michael Gehrmann <mgehrmann at atlassian.com>; foundry-nsp at puck.nether.net
Subject: Re: [f-nsp] MLX and uRPF for RTBH
Hi,
ipv4-ipv6-2 and multi-service-4 are supported profiles.
For my network I always lock down the individual physical ports facing
customers to strict modes, while keeping IX-ports loose and core-ports
without any.
Regards
Jörg Kost
On 15 Jul 2016, at 4:32, frnkblk at iname.com wrote:
> My own research on MLX support for uRPF made me very disappointed:
>
>
>
> Note this from the release notes:
>
> - If a default route is present on the router, loose mode
> will permit all traffic
>
> - RPF can only be configured at the physical port level. It
> should not be configured on virtual interfaces on the Brocade MLX
> series and Brocade NetIron XMR.
>
> o Brocade MLX series and Brocade NetIron XMR devices do not support
> uRPF for VE interfaces.
>
> Also RPF is not compatible with this CAM profile: “ipv4-ipv6” I
> think we’re using that one.
>
> https://tnotez.files.wordpress.com/2013/05/netironunified_05400a_configguide.pdf
>
>
>
> Frank
>
More information about the foundry-nsp
mailing list