[j-nsp] uRPF config
Pekka Savola
pekkas at netcore.fi
Thu Sep 18 14:37:00 EDT 2003
Hi,
First of all, juniper documentation (and also juniper support contacts
I've asked clarifications about this) really suck.. worthless.
Feasible is a superset of active path. For example, if you have BGP
session where you receive a route advertisement and you accept it (but it
is not active, because there's some other route with better preference),
that's considered a feasible path.
In other words, feasible path strict uRPF works in most cases also with
asymmetrical routing and multihomed scenarios. This is only implemented
by Juniper AFAIK.
Loose/strict RPF is more traditional. Loose means that a route exists in
the forwarding table in general, strict that it points toward the
interface in question.
HTH.
On Thu, 18 Sep 2003, Sonny Franslay wrote:
> What are the difference in the following configs:
>
> 1. [edit routing-options forwarding-table]
> unicast-reverse-path feasible-paths;
> and
> [edit interfaces fe-0/0/0]
> unit 0 {
> family inet {
> rpf-check;
> }
> }
>
> 2. [edit routing-options forwarding-table]
> unicast-reverse-path active-paths;
> and
> [edit interfaces fe-0/0/0]
> unit 0 {
> family inet {
> rpf-check;
> }
> }
>
> 3. [edit routing-options forwarding-table]
> unicast-reverse-path feasible-paths;
> and
> [edit interfaces fe-0/0/0]
> unit 0 {
> family inet {
> rpf-check; {
> mode loose;
> }
> }
> }
>
> 4. [edit routing-options forwarding-table]
> unicast-reverse-path active-paths;
> and
> [edit interfaces fe-0/0/0]
> unit 0 {
> family inet {
> rpf-check; {
> mode loose;
> }
> }
> }
>
> Which of these is for a loose-mode rpf in a border router deployment?
>
> I've searched through the archive but cannot find the info.
>
> thanks in advance,
>
> best regards,
> sonny
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
>
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the juniper-nsp
mailing list