[j-nsp] RPF check
Pekka Savola
pekkas at netcore.fi
Wed May 5 06:39:27 EDT 2004
On Wed, 5 May 2004, Anton Schweitzer wrote:
> forwarding-table {
> unicast-reverse-path feasible-paths;
> }
>
> and on the interface :
>
> rpf-check fail-filter count_rpf_fail
>
> The box is receiving two BGP prefixes from an external AS.
> It is getting a 1.1.1.1/28 over the interface with the rpf check
> enabled and a 1.1.1.1/29 from a BGP peer. As far as i understand
> it should then have a feasible path to 1.1.1.1 over the interface
> where the rpf is enabled. But the rpf check for packets from 1.1.1.1
> coming in from the rpf interface fails....
No, 1.1.1.1/28 is not feasible with respect to 1.1.1.1, it's a more
specific.
If both advertised the same prefix length, it would be considered
feasible.
The advertisement have to be consistent. See RFC3704 section 2.3.
--
Pekka Savola "You each name yourselves king, yet the
Netcore Oy kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
More information about the juniper-nsp
mailing list