nanog mailing list archives
Cisco uRPF failures
From: Jo Rhett <jrhett () netconsonance com>
Date: Thu, 4 Sep 2008 09:35:34 -0700
(changing subject line) On Sep 3, 2008, at 7:06 PM, Rubens Kuhl Jr. wrote:
This statement is patently false. The uRPF failures I dealt with were based entirely on the recommended settings, and were confirmed by Cisco. Last I heard (2 months ago) the problems remain. Cisco just isn't being honestwith you about them.Would you mind telling us what is the scenario so we can avoid it ?
That's the surprising thing -- no scenario. Very basic configuration. Enabling uRPF and then hitting it with a few gig of non-routable packets consistently caused the sup module to stop talking on the console, and various other problems to persist throughout the unit, ie no arp response. We were able to simulate this with two 2 pc's direction connected to a 6500 in a lab. If I remember right, we had to enable CEF to see the problem, but since CEF is a kitchen sink that dozens of other features require you simply couldn't disable it.
We also discovered problems related to uRPF and load balanced links, but those were difficult to reproduce in the lab and we couldn't affect their peering, so we had to disable uRPF and ignore so I don't have much details.
I kept thinking that this was a serious problem that Cisco would address quickly, but that turns out not to be the case. To this day I've never found a network operator using uRPF on Cisco gear. (note: network operator. it's probably fine for several-hundred-meg enterprise sites)
-- Jo RhettNet Consonance : consonant endings by net philanthropy, open source and other randomness
Current thread:
- Re: Force10 Gear - Opinions jim deleskie (Sep 01)
- Re: Force10 Gear - Opinions Owen DeLong (Sep 01)
- <Possible follow-ups>
- Re: Force10 Gear - Opinions Jo Rhett (Sep 03)
- RE: Force10 Gear - Opinions James Jun (Sep 03)
- Re: Force10 Gear - Opinions Jo Rhett (Sep 03)
- Re: Force10 Gear - Opinions Rubens Kuhl Jr. (Sep 03)
- Cisco uRPF failures Jo Rhett (Sep 04)
- Re: Cisco uRPF failures Anton Kapela (Sep 06)
- Re: Cisco uRPF failures Christopher Morrow (Sep 06)
- Re: Cisco uRPF failures Jo Rhett (Sep 11)
- Re: Cisco uRPF failures Sam Stickland (Sep 07)
- Re: Cisco uRPF failures Saku Ytti (Sep 08)
- Re: Cisco uRPF failures Jo Rhett (Sep 11)
- Re: Cisco uRPF failures Saku Ytti (Sep 11)
- Re: Cisco uRPF failures Jo Rhett (Sep 11)
- Re: Cisco uRPF failures Brandon Ewing (Sep 13)
- Re: Cisco uRPF failures Saku Ytti (Sep 13)
- RE: Force10 Gear - Opinions James Jun (Sep 03)