One of the reasons I'm not very keen on using merchant silicon for high-touch routing.
Mark. On 24/Feb/18 10:19, Chris Welti wrote: > Hi David, > > uRPF on the NCS5500 is a mess due to limitations of the Jericho > chipset. It has to do with the TCAM optimizations and twice the number > of route lookups needed for uRPF (src/dst) > > From what I understand: > > On SE-models for uRPF to work you need to disable double-capacity mode > (you will lose space for half of the routes!) > > hw-module tcam fib ipv4 scaledisable > > depending on the software you are running, you might also need to > reserve IPv6 space in the eTCAM: > > hw-module profile tcam fib ipv4 unicast percent 50 > hw-module profile tcam fib ipv6 unicast percent 50 > > For non-SE models you need to disable all the iTCAM optimizations > > hw-module fib ipv4 scale host-optimized-disable > hw-module fib ipv6 scale internet-optimized-disable > > Unfortunately, that way the current full table won't fit anymore in > non-SE models. > > IMHO it's best not to use uRPF at all on this platform. > > See also bugID CSCvf44418, and the excellent Cisco Live presentation > "NCS5500: Deepdive in the Merchant Silicon High-end SP Routers - > BRKSPG-2900" from Nicolas Fevrier. Make sure you get the latest one > from Barcelona 2018, which includes details about uRPF. > > Regards, > Chris > > Am 23.02.18 um 22:58 schrieb David Hubbard: >> Hi all, curious if anyone has run into issues with IPv6 uRPF on >> NCS5500 and/or XR 6.2.3? I have an interface where I added: >> >> Ipv4 verify unicast source reachable-via any >> ipv6 verify unicast source reachable-via any >> >> and immediately lost my ability to talk to a BGP peer connected to it >> using a local /126 range; no ping, tcp, etc. There’s obviously a >> route in FIB given it’s connected and up, but I did check. The same >> issue does not occur with the remote IPv4 peering address on a /30 >> net, suggesting uRPF for ipv4 doesn’t have the same bug. >> >> Thanks >> >> >> _______________________________________________ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/