[j-nsp] RPF check

Anton Schweitzer schweita at de.cw.net
Wed May 5 05:42:19 EDT 2004


Hi,
i have the following problem with rpf :

configuration :

forwarding-table {
    unicast-reverse-path feasible-paths;
}

and on the interface :

rpf-check fail-filter count_rpf_fail

The box is receiving two BGP prefixes from an external AS.
It is getting a 1.1.1.1/28 over the interface with the rpf check
enabled and a 1.1.1.1/29 from a BGP peer. As far as i understand
it should then have a feasible path to 1.1.1.1 over the interface
where the rpf is enabled. But the rpf check for packets from 1.1.1.1
coming in from the rpf interface fails....

Any ideas ?


Cheers

Anton

-- 
Anton Schweitzer                        phone: +49 89 92699 0
Security Engineer                       fax  : +49 89 92699 809
Cable & Wireless                        mailto:schweita at de.cw.net
Telecommunication Services GmbH		
D-80687 Muenchen / Germany
http://www.cw.com/de





More information about the juniper-nsp mailing list