North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cisco uRPF failures

  • From: Sam Stickland
  • Date: Sun Sep 07 04:37:01 2008

Jo Rhett wrote:
That's the surprising thing -- no scenario. Very basic configuration. Enabling uRPF and then hitting it with a few gig of non-routable packets consistently caused the sup module to stop talking on the console, and various other problems to persist throughout the unit, ie no arp response. We were able to simulate this with two 2 pc's direction connected to a 6500 in a lab. If I remember right, we had to enable CEF to see the problem, but since CEF is a kitchen sink that dozens of other features require you simply couldn't disable it.

Definately sounds like it could be a problem - I'd like to try and replicate this. What do you mean by non-routable traffic - traffic whose destination has no route (I assume you are running defaultless), or traffic that fails the uRPF check?

And correct me if I'm wrong but I thought you can't disable CEF on the 6500 platform?

hs-6513-1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
hs-6513-1(config)#no ip cef
% Incomplete command.

hs-6513-1(config)#no ip cef ?
 accounting          Enable CEF accounting
 distributed         Distributed Cisco Express Forwarding
 event-log           CEF event log commands
 interface           CEF linecard commands
 linecard            CEF linecard commands
 load-sharing        Load sharing
 nsf                 Set CEF non-stop forwarding (NSF) characteristics
 table               Set CEF forwarding table characteristics
 traffic-statistics  Enable collection of traffic statistics

hs-6513-1(config)#no ip cef distributed
%Cannot disable CEF on this platform
hs-6513-1#sh version | inc IOS
IOS (tm) s72033_rp Software (s72033_rp-ADVENTERPRISEK9_WAN-M), Version 12.2(18)SXF11, RELEASE SOFTWARE (fc1)