nanog mailing list archives

Re: Where is the edge of the Internet? Re: no ip forged-source-address

From: "Christopher L. Morrow" <chris () UU NET>
Date: Wed, 6 Nov 2002 23:49:29 +0000 (GMT)


Ok, so I'll respond to one more of the messages I missed yesterday.

On Mon, 4 Nov 2002, Matt Buford wrote:


On Mon, 4 Nov 2002 sean () donelan com wrote:

The only equipment I'm heard here which has serious issues related to
feature availability is the 12000 (which was never a particularly good
aggregation device to begin with). RPF works fine on 7200, 7500, and
6500, from my experience. I've not used 12000's for customer aggregation
since they historically haven't been designed for or adequate in that
respect.


Alot of large providers have 'all 12000' or 'alot of 12000' devices, so
this is a hint at the problem :( Most large, where large == continental,
providers  don't have very many 7200/6500 gear in their network.

Keep in mind that sometimes what platform you choose 12 months ago you may
get stuck with in a longer term than originally anticipated. That platform
may have been chosen because it was the only viable platform at the
initial buy time :(


As such, I can understand providers not being able to apply RPF

immediately

on 12000's, at least unless they are acquiring E3 cards for new installs.


Wow, by E3 I assume you mean: Engine 3... This is a VERY BAD PLAN, if my
experience with them is anything to judge from. Both E2 and E3 cards have
some serious limitations when it comes to access lists and uRPF. For
instance, I've been in config mode where:

int blah1/0.123
ip access<tab>

yields nothing... in other words, 'ip access-group 123 out' is not even in
the valid config for these cards :( even more depressing is the hope that
it'll work and the unfortunate reality that it'll apply to the interface
and never access list any traffic at all :(

To Cisco's credit they are now addressing the intricacies of the 12000
platform, the combinations of linecard, IOS, config bits, routing
situations... This is a complex beast, and its not known anywhere near as
well as  it should be.

Current thread:

Re: no ip forged-source-address Bob Martinez (Nov 03)
- <Possible follow-ups>
- Re: no ip forged-source-address bdragon (Nov 04)
- Re: no ip forged-source-address bdragon (Nov 04)
- Re: no ip forged-source-address bdragon (Nov 04)
  - Where is the edge of the Internet? Re: no ip forged-source-address Sean Donelan (Nov 04)
    - Re: Where is the edge of the Internet? Re: no ip forged-source-address bdragon (Nov 04)
    - Re: Where is the edge of the Internet? Re: no ip forged-source-address Matt Buford (Nov 04)
    - Re: Where is the edge of the Internet? Re: no ip forged-source-address Christopher L. Morrow (Nov 06)
    - Re: Where is the edge of the Internet? Re: no ip forged-source-address bdragon (Nov 07)
    - Re: Where is the edge of the Internet? Re: no ip forged-source-address alok (Nov 04)
    - Re: Where is the edge of the Internet? Martin (Nov 04)
    - Re: Where is the edge of the Internet? alok (Nov 04)
    - Re: Where is the edge of the Internet? Martin (Nov 05)
    - Re: Where is the edge of the Internet? alok (Nov 05)
    - Re: Where is the edge of the Internet? Martin (Nov 05)
    - Re: Where is the edge of the Internet? alok (Nov 05)
    - Re: Where is the edge of the Internet? Martin (Nov 05)
    - Re: Where is the edge of the Internet? Valdis . Kletnieks (Nov 05)

(Thread continues...)