In respect of uRPF, it is turned off, so we have not 'resolved' the issue. Anti-spoof filters are in place however.
Without considering which pasta shape best fits the scenario, I can tell you we'd have uRPF loose back on if it were feasible. :) -----Original Message----- From: Mark Tinka [mailto:mark.ti...@seacom.mu] Sent: 22 May 2019 12:57 To: Niall Donaghy <niall.dona...@geant.org>; adamv0...@netconsultings.com; 'Louis Kowolowski' <lou...@cryptomonkeys.org> Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] BGP Peering Policies - Best Practices On 22/May/19 13:30, Niall Donaghy wrote: > How about: > > uRPF causing discarded packets in a multi-VRF environment, eg: > - Internet VRF, Private VRF #1, Private VRF #2. > - Customers connect to all and advertise same prefixes to all. > - Peers connect to perhaps Internet and a Private VRF and advertise same > prefixes to all. > - Private VRFs reach Internet VRF via default routes over logical tunnels > (BGP). > - uRPF loose causes discards for some asymmetric traffic flows crossing > multiple VRFs. > > We've hit this problem. That sounds like quite the spaghetti. How have you resolved it? Mark. _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
