who is using RPF on peers?

John Hawkinson jhawk at bbnplanet.com
Sat Mar 13 23:01:39 UTC 1999


> Almost a month ago, certain nets of ours (AS10368) lost connectivity to a
> major provider. The problem was tracked down to the major provider having
> enabled RPF, or "ip verify unicast reverse-path" in IOS-speak, on one of their
> private peers with one of our upstreams to whom we don't announce those nets.
> 
> At the time, I decided not to post a warning to nanog as it appeared to be a
> mistake and an isolated case.
> 
> Apparently, the same major provider had/has RPF enabled on other peering
> interfaces also and one more instances were tracked down in the last 24 hours.

There was an instance of this ocurring in our network that's probably
the one you refer to there.

As a matter of policy we certainly don't enable RPF to our peers. It's
not clear to me as of yet how this particular error ocurred, but it
certainly was an error on someone's part and we certainly do know better.
We're still attempting to track down what particular sequence of events
caused this misconfiguration.

--jhawk





More information about the NANOG mailing list