[j-nsp] RPF-Check

Jo Rhett jrhett at netconsonance.com
Tue Jan 17 20:11:53 EST 2012


I have found that running strict on customer ports and loose on transit interfaces is the best way to operate.

That said, it is entirely reasonable to tell this customer that the problem is on their side.  Sending their packets out through a provider they don't advertise through could be considered many things by you, and dropping packets in that scenario isn't entirely unreasonable.  That said, you'll probably find that it's easier to run loose.

On Jan 17, 2012, at 4:38 PM, Brendan Mannella wrote:
> I have a question regarding RPF-Check.
> 
> I currently have a edge router with two transits, getting full routes
> from both. "Asymmetric routing"
> 
> We have RPF-Check enabled on both the transit interfaces. We also have
> "unicast reverse path feasible-paths" enabled.
> 
> I am currently troubleshooting a issue when a customer cannot reach my
> network and believe its failing a RPF-Check.
> 
> Transit A is advertising the customer /20 to me, and a return path is
> in my routing table.
> Transit B i am not receiving a route, customers provider has "no
> export" on the route.
> 
> Customers traffic comes in on transit B and my traffic back to them
> takes Transit A, as thats the only route back.
> 
> My questions are..
> 
> Is there a way to get more detail with regard to the number of packets
> being discarded? Maybe even what source address?
> 
> Also do you think i am better off running in loose mode instead?
> 
> 
> Thanks in advance
> 
> Brendan
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

-- 
Jo Rhett
Net Consonance : consonant endings by net philanthropy, open source and other randomness



More information about the juniper-nsp mailing list