<div dir="ltr">Let's see how we go. Working great at the moment.<div><br></div><div>Thanks all for your feedback.</div><div><br></div><div>Mike</div></div><div class="gmail_extra"><br><div class="gmail_quote">On 13 July 2016 at 17:04, Takahiro Masuda <span dir="ltr"><<a href="mailto:tmasuda@vpls.com" target="_blank">tmasuda@vpls.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div style="font-family:arial,helvetica,sans-serif;font-size:12pt;color:#000000"><div>I use this but sometimes during dos attacks it takes a toll on the lp cpu and have to remove it.<br></div><div></div><br><hr><div><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><b>From: </b>"Michael Gehrmann" <<a href="mailto:mgehrmann@atlassian.com" target="_blank">mgehrmann@atlassian.com</a>><br><b>To: </b><a href="mailto:foundry-nsp@puck.nether.net" target="_blank">foundry-nsp@puck.nether.net</a><br><b>Sent: </b>Tuesday, July 12, 2016 10:11:15 PM<br><b>Subject: </b>[f-nsp] MLX and uRPF for RTBH<br></blockquote></div><div><blockquote style="border-left:2px solid #1010ff;margin-left:5px;padding-left:5px;color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt"><div><div class="h5"><div dir="ltr">Hi All,<br><div>Wondering if anyone has used the uRPF feature on MLX to have the source address of traffic matched to null0 routes?</div><br><div>My reading so far has lead me to a config like this:</div><br><pre style="margin-top:0px;margin-bottom:0px;padding:0px;max-height:30em;overflow:auto;white-space:pre-wrap;word-wrap:normal;color:#333333;font-size:12px;line-height:16px;background-color:#f5f5f5">reverse-path-check
urpf-exclude-<span style="color:#000091">default</span>
!
<span style="color:#000091">interface</span> eth1/1
rpf-mode loose log</pre><pre style="margin-top:0px;margin-bottom:0px;padding:0px;max-height:30em;overflow:auto;white-space:pre-wrap;word-wrap:normal;color:#333333;font-size:12px;line-height:16px;background-color:#f5f5f5">!</pre><div><br><div>Example routes look like this:</div><div><br><div>device#sh ip route <a href="http://2.144.0.0/24" target="_blank">2.144.0.0/24</a></div><div> Destination Gateway Port Cost Type Uptime src-vrf<br></div><div>1 <a href="http://2.144.0.0/24" target="_blank">2.144.0.0/24</a> DIRECT drop 20/0 Be 3d1h - </div></div><br><div>My next step is the lab.</div><br><div>Cheers</div>-- <br><div><div dir="ltr"><div dir="ltr">Michael Gehrmann<br></div></div></div>
</div></div>
<br></div></div>______________________________<wbr>_________________<br>foundry-nsp mailing list<br><a href="mailto:foundry-nsp@puck.nether.net" target="_blank">foundry-nsp@puck.nether.net</a><br><a href="http://puck.nether.net/mailman/listinfo/foundry-nsp" target="_blank">http://puck.nether.net/<wbr>mailman/listinfo/foundry-nsp</a><br></blockquote></div></div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr">Michael Gehrmann<div>Senior Network Engineer - Atlassian</div><div>m: +61 407 570 658</div></div></div></div></div>
</div>