[j-nsp] BGP Peering Policies - Best Practices
Niall Donaghy
niall.donaghy at geant.org
Wed May 22 08:20:32 EDT 2019
In respect of uRPF, it is turned off, so we have not 'resolved' the issue.
Anti-spoof filters are in place however.
Without considering which pasta shape best fits the scenario, I can tell you we'd have uRPF loose back on if it were feasible. :)
-----Original Message-----
From: Mark Tinka [mailto:mark.tinka at seacom.mu]
Sent: 22 May 2019 12:57
To: Niall Donaghy <niall.donaghy at geant.org>; adamv0025 at netconsultings.com; 'Louis Kowolowski' <louisk at cryptomonkeys.org>
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] BGP Peering Policies - Best Practices
On 22/May/19 13:30, Niall Donaghy wrote:
> How about:
>
> uRPF causing discarded packets in a multi-VRF environment, eg:
> - Internet VRF, Private VRF #1, Private VRF #2.
> - Customers connect to all and advertise same prefixes to all.
> - Peers connect to perhaps Internet and a Private VRF and advertise same prefixes to all.
> - Private VRFs reach Internet VRF via default routes over logical tunnels (BGP).
> - uRPF loose causes discards for some asymmetric traffic flows crossing multiple VRFs.
>
> We've hit this problem.
That sounds like quite the spaghetti.
How have you resolved it?
Mark.
More information about the juniper-nsp
mailing list