Cisco uRPF failures

Sam Stickland sam_mailinglists at spacething.org
Sun Sep 7 03:36:45 CDT 2008


Jo Rhett wrote:
> That's the surprising thing -- no scenario.  Very basic 
> configuration.  Enabling uRPF and then hitting it with a few gig of 
> non-routable packets consistently caused the sup module to stop 
> talking on the console, and various other problems to persist 
> throughout the unit, ie no arp response.  We were able to simulate 
> this with two 2 pc's direction connected to a 6500 in a lab.  If I 
> remember right, we had to enable CEF to see the problem, but since CEF 
> is a kitchen sink that dozens of other features require you simply 
> couldn't disable it.

Definately sounds like it could be a problem - I'd like to try and 
replicate this. What do you mean by non-routable traffic - traffic whose 
destination has no route (I assume you are running defaultless), or 
traffic that fails the uRPF check?

And correct me if I'm wrong but I thought you can't disable CEF on the 
6500 platform?

hs-6513-1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
hs-6513-1(config)#no ip cef
% Incomplete command.

hs-6513-1(config)#no ip cef ?
  accounting          Enable CEF accounting
  distributed         Distributed Cisco Express Forwarding
  event-log           CEF event log commands
  interface           CEF linecard commands
  linecard            CEF linecard commands
  load-sharing        Load sharing
  nsf                 Set CEF non-stop forwarding (NSF) characteristics
  table               Set CEF forwarding table characteristics
  traffic-statistics  Enable collection of traffic statistics


hs-6513-1(config)#no ip cef distributed
%Cannot disable CEF on this platform
hs-6513-1(config)#exit
hs-6513-1#sh version | inc IOS
IOS (tm) s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 
12.2(18)SXF11, RELEASE SOFTWARE (fc1)

Sam





More information about the NANOG mailing list