[j-nsp] uRPF and 0.0.0.0/0

Clue Store cluestore at gmail.com
Tue Aug 25 11:06:01 EDT 2009 

I should have included some additional info in my original post. It
"appears" that the default is not just accepting all packets as per the show
commands below.

max at m10i> show firewall log
Log :
Time      Filter    Action Interface     Protocol Src
Addr                              Dest Addr
10:04:21  pfe       A      ge-1/0/0.462  TCP
200.1.1.21                            208.66.60.31
10:04:18  pfe       A      ge-1/0/0.462  TCP
200.1.1.21                            208.66.60.31
10:00:36  pfe       A      ge-1/0/0.462  ICMP
216.187.124.117                       208.83.95.203
10:00:36  pfe       A      ge-1/0/0.462  ICMP
216.187.124.178                       208.83.95.203
10:00:36  pfe       A      ge-1/0/0.462  ICMP
216.187.124.106                       208.83.95.203
09:58:23  pfe       A      ge-1/0/0.462  TCP
197.37.1.49                           74.113.89.49
09:58:20  pfe       A      ge-1/0/0.462  TCP
197.37.1.49                           74.113.89.49


An also a

max at JuniperM10i> show interfaces ge-1/0/0.462 extensive
  Logical interface ge-1/0/0.462 (Index 70) (SNMP ifIndex 80) (Generation
136)

    Flags: SNMP-Traps VLAN-Tag [ 0x8100.462 ]  Encapsulation: ENET2
    Traffic statistics:
     Input  bytes  :         467896977932
     Output bytes  :         285570117310
     Input  packets:            610042022
     Output packets:            694086375
     IPv6 transit statistics:
      Input  bytes  :                   0
      Output bytes  :                   0
      Input  packets:                   0
      Output packets:                   0
    Local statistics:
     Input  bytes  :            117353676
     Output bytes  :           1303699876
     Input  packets:               900649
     Output packets:              1656364
    Transit statistics:
     Input  bytes  :         467779624256             53061464 bps
     Output bytes  :         284266417434             23944592 bps
     Input  packets:            609141373                 8724 pps
     Output packets:            692430011                10148 pps
     IPv6 transit statistics:
      Input  bytes  :                   0
      Output bytes  :                   0
      Input  packets:                   0
      Output packets:                   0
    Protocol inet, MTU: 1500, Generation: 141, Route table: 0
   *   Flags: uRPF
      RPF Failures: Packets: 1807, Bytes: 100458*
      Filters: Input: netflow, Output: netflow
      Addresses, Flags: Is-Preferred Is-Primary

On Tue, Aug 25, 2009 at 10:00 AM, Roland Dobbins <rdobbins at arbor.net> wrote:

>
> On Aug 25, 2009, at 9:51 PM, Clue Store wrote:
>
>  Does this config hose up uRPF (either loose
>> or strict)??
>>
>
> There's an 'allow-default' option for Cisco routers, unsure about Juniper -
> but would be surprised if there isn't one for Js, as well.
>
> -----------------------------------------------------------------------
> Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
>
> Sorry, sometimes I mistake your existential crises for technical
> insights.
>
>                        -- xkcd #625
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>

More information about the juniper-nsp mailing list