Cisco uRPF failures
Sam Stickland
sam_mailinglists at spacething.org
Sun Sep 7 08:36:45 UTC 2008
Jo Rhett wrote:
> That's the surprising thing -- no scenario. Very basic
> configuration. Enabling uRPF and then hitting it with a few gig of
> non-routable packets consistently caused the sup module to stop
> talking on the console, and various other problems to persist
> throughout the unit, ie no arp response. We were able to simulate
> this with two 2 pc's direction connected to a 6500 in a lab. If I
> remember right, we had to enable CEF to see the problem, but since CEF
> is a kitchen sink that dozens of other features require you simply
> couldn't disable it.
Definately sounds like it could be a problem - I'd like to try and
replicate this. What do you mean by non-routable traffic - traffic whose
destination has no route (I assume you are running defaultless), or
traffic that fails the uRPF check?
And correct me if I'm wrong but I thought you can't disable CEF on the
6500 platform?
hs-6513-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
hs-6513-1(config)#no ip cef
% Incomplete command.
hs-6513-1(config)#no ip cef ?
accounting Enable CEF accounting
distributed Distributed Cisco Express Forwarding
event-log CEF event log commands
interface CEF linecard commands
linecard CEF linecard commands
load-sharing Load sharing
nsf Set CEF non-stop forwarding (NSF) characteristics
table Set CEF forwarding table characteristics
traffic-statistics Enable collection of traffic statistics
hs-6513-1(config)#no ip cef distributed
%Cannot disable CEF on this platform
hs-6513-1(config)#exit
hs-6513-1#sh version | inc IOS
IOS (tm) s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version
12.2(18)SXF11, RELEASE SOFTWARE (fc1)
Sam
More information about the NANOG
mailing list