Hi Adam, Yes I can show:
- When we had the internet table in inet.0, with uRPF loose, we did not have any problem. - When we moved internet into its own VRF, we had to disable uRPF loose to cure the issue of some packet loss (as I described). So you see, coming at it from the other direction - the problem was created by moving out of inet.0 vs. solved by moving into inet.0. :-) Convoluted setup, spaghetti ... yes yes - I'm not advocating, recommending, defending. Take my input for what it is - a real-world example which was asked for. The takeaway is not that I was able to give examples, but that these examples ought to serve as a caution to those trying to mix multiple VRFs - internet in one of those. uRPF behaviour may cause problems for you. urpf-fail-filters may or may not provide a workaround for you. Br, Niall -----Original Message----- From: adamv0...@netconsultings.com [mailto:adamv0...@netconsultings.com] Sent: 22 May 2019 14:22 To: Niall Donaghy <niall.dona...@geant.org>; 'Louis Kowolowski' <lou...@cryptomonkeys.org>; 'Mark Tinka' <mark.ti...@seacom.mu> Cc: juniper-nsp@puck.nether.net Subject: RE: [j-nsp] BGP Peering Policies - Best Practices > From: Niall Donaghy <niall.dona...@geant.org> > Sent: Wednesday, May 22, 2019 12:31 PM > > OP>> Are there non-technical reasons for leaving the Internet on the default > RIB? > Adam> Are there technical reasons please? > > How about: > > uRPF causing discarded packets in a multi-VRF environment, eg: > - Internet VRF, Private VRF #1, Private VRF #2. > - Customers connect to all and advertise same prefixes to all. > - Peers connect to perhaps Internet and a Private VRF and > advertise same > prefixes to all. > - Private VRFs reach Internet VRF via default routes over logical tunnels > (BGP). > - uRPF loose causes discards for some asymmetric traffic flows crossing > multiple VRFs. > I have a sympathy for your convoluted setup, however the above argument is a strawman logical fallacy unless you can show how moving to Internet in a default table would have helped to solve the uRPF problem. adam _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp