North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: what's that smell?

  • From: Jared Mauch
  • Date: Tue Oct 08 12:08:44 2002

On Tue, Oct 08, 2002 at 11:52:27AM -0400, Jason Lixfeld wrote:
> 
> > > I am sure thats part of it.  Also, it might be a CPU issue as well.
> > > 
> > Unicast RPF is affordable CPU-wise even in the most mediocre 
> > boxes people tend to have.
> 
> In more cases than not, especially now adays with lots of networks
> peering all over gods creation, RPF can have some pretty detrimental
> effects if your routing is somewhat asymmetrical.

	A strict rpf can be detrimental in these cases, yes, that is a
well known fact.

	The problem is when people do not apply the safe checks and leak
these 1918 space out (as Paul originally pointed out how much traffic
he is observing improperly sourced that they can't return).

	This is not complicated to enable the "any" check and you will
not lose any valid traffic.

	I've seen at a public exchange point a significant amount
of traffic that has been dropped that came from invalid/unreachable
sources:

(sh ip int x/y output)
  IP verify source reachable-via ANY
   707032454 verification drops

	- Jared

-- 
Jared Mauch  | pgp key available via finger from [email protected]
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.