[j-nsp] uRPF config

Pekka Savola pekkas at netcore.fi
Thu Sep 18 15:42:19 EDT 2003


On Thu, 18 Sep 2003, Sonny Franslay wrote:
> > In other words, feasible path strict uRPF works in most cases also with
> > asymmetrical routing and multihomed scenarios.  This is only implemented
> > by Juniper AFAIK.
> 
> so what is the significant of "rpf-check mode loose" on the interface when
> I use feasible path?

No different when you're using active paths.  Remember that with loose
mode, you allow any route anyway.  If you only mean to use loose mode
though, I'd recommend use active paths -- fewer things to keep track of.  
The difference between feasible and active paths in this context is just a
race condition, it seems.  

By the definition, feasible paths just gives you "more"  than just one
active path.  The list of all paths is still the same.
 
> Also what would the be the effect when I have a default route configured?

For (strict) routes, it depends on where the default route points to.  If
it's a real default route, I think the loose mode is useless -- but this
should be confirmed or tested -- there are some implementations which
ignore default routes when doing a loose RPF lookup.

What we've been unable to get a clear answer from is whether a _static 
null default route_ will yield the same behaviour as a default route 
pointing to some real interface.

I think our non-tested analysis was that null default routes and loose RPF 
were compatible, but I wouldn't depend on that.

> As far as I can gather from the juniper.net/techpubs is this:
> "Loose mode—All packets are automatically accepted. For this reason, we
> recommend that you not configure unicast RPF loose mode on interfaces that
> the default route uses."

Right, but this doesn't really answer the question of these typically
necessary "null default routes"..

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings



More information about the juniper-nsp mailing list