[j-nsp] uRPF config

Pekka Savola pekkas at netcore.fi
Thu Sep 18 14:37:00 EDT 2003


Hi,

First of all, juniper documentation (and also juniper support contacts
I've asked clarifications about this) really suck.. worthless.

Feasible is a superset of active path.  For example, if you have BGP 
session where you receive a route advertisement and you accept it (but it 
is not active, because there's some other route with better preference), 
that's considered a feasible path.

In other words, feasible path strict uRPF works in most cases also with 
asymmetrical routing and multihomed scenarios.  This is only implemented 
by Juniper AFAIK.

Loose/strict RPF is more traditional.  Loose means that a route exists in
the forwarding table in general, strict that it points toward the
interface in question.

HTH.

On Thu, 18 Sep 2003, Sonny Franslay wrote:
> What are the difference in the following configs:
> 
> 1. [edit routing-options forwarding-table]
> 	unicast-reverse-path feasible-paths;
>    and
>    [edit interfaces fe-0/0/0]
>      unit 0 {
> 	family inet {
> 	    rpf-check;
>         }
>       }
> 
> 2. [edit routing-options forwarding-table]
> 	unicast-reverse-path active-paths;
>     and
>    [edit interfaces fe-0/0/0]
>      unit 0 {
> 	family inet {
> 	    rpf-check;
>          }
>       }
> 
> 3. [edit routing-options forwarding-table]
> 	unicast-reverse-path feasible-paths;
>    and
>    [edit interfaces fe-0/0/0]
>      unit 0 {
> 	family inet {
> 	    rpf-check; {
>         	mode loose;
>     	    }
>          }
>       }
> 
> 4. [edit routing-options forwarding-table]
> 	unicast-reverse-path active-paths;
>     and
>    [edit interfaces fe-0/0/0]
>      unit 0 {
> 	family inet {
> 	    rpf-check; {
>         	mode loose;
>       	    }
>          }
>       }
> 
> Which of these is for a loose-mode rpf in a border router deployment?
> 
> I've searched through the archive but cannot find the info.
> 
> thanks in advance,
> 
> best regards,
> sonny
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp
> 

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings



More information about the juniper-nsp mailing list