[j-nsp] RPF for peering interfaces
Mark Tinka
mtinka at globaltransit.net
Sat Dec 5 12:48:18 EST 2009
On Friday 04 December 2009 07:22:01 pm The Dark One wrote:
> what is the general opinion from ISP out there about
> using RPF on external peering interfaces? And which
> variant:
> -loose active-path
> -loose feasible-path
> -strict active-path
> -strict feasible-path
In general, we've found it safer to run with loose mode +
feasible paths on peering/edge routers that hold the full
routing table. This works well.
We've had issues when running uRPF on routers that don't
hold the full table, e.g., public and private peering
routers, because some of our peering partners end up leaking
our routes to their other peering partners, when they
shouldn't.
Cheers,
Mark.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <https://puck.nether.net/pipermail/juniper-nsp/attachments/20091206/a1bdc575/attachment.bin>
More information about the juniper-nsp
mailing list