I got bit by this just a couple weeks ago. Building a new core router for a location, couldn't ping up through the Sidewinder gateways I'm only a little familiar with. Blaming it on my lack of Sidewinder experience, turns out my default had changed to strict mode after changing the inward facing ints to strict. Doh! Seems like a warning message would be nice, like they do with portfast.
Chuck Church Network Planning Engineer, CCIE #8776 Southcom Harris IT Services 1210 N. Parker Rd. Greenville, SC 29609 Office: 864-335-9473 Cell: 864-266-3978 E-mail: charles.chu...@harris.com Southcom E-mail: charles.church....@hq.southcom.mil -----Original Message----- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jared Mauch Sent: Thursday, July 29, 2010 3:32 PM To: bas Cc: Cisco Subject: Re: [c-nsp] SXI3 strange issue, Loose mode uRPF jumps to strict by itself On the SUP720/EARL7 unicast-rpf is a global setting on the device. If someone changes *any* interface to strict, all interfaces with u-rpf enabled will change to strict. - jared On Jul 29, 2010, at 3:21 PM, bas wrote: > Hi All, > > Yesterday we had a strange issue. > Our monitoring tool alerted that one of our boxes (SUP720-3BXL - 6506 > running SXI3) became unreachable. > > When we logged in everything looked ok. > BGP was up, OSPF was up and nothing special in logging. > Still traffic had dropped to near zero. > > With "debug ip cef drop" we immediately saw that traffic was dropped > due to uRPF feature. > All upstream interfaces had strict mode uRPF configured, before the > problems started it was loose mode uRPF. > > After manually changing them back too loose mode traffic was restored. > > A couple of minutes before the problems started an engineer had > configured a customer facing interface with strict mode uRPF. > Apparently this configuration changed triggered a bug that caused > upstream interface loose mode to be automagically turned to strict > mode. > > So, hereby a heads up. If your SXI3 boxes show strange behavior, > quickly check uRPF. > > Cya, > > Bas > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/