Hi Tyler, Unfortunately we had a limited window to test so could not check the reverse path.
During our failover testing we stopped advertising out the primary path and only advertised out the secondary path. Routes are advertised out the secondary path through a DDOS prevention company called F5 Silverline which is reached via a GRE tunnel running over the Optimum Lightpath network. So outgoing traffic would go from NYULH going out the Optimum Lightpath circuit and return traffic coming in on F5 Silverline’s network then tunneled over Optimum Lightpath back to NYULH. So traffic was definitely routing asymmetrically. However F5 Silverline assured us they have many customers using a similar setup but have no issues with Akamai. I would think that many customers using similar DDOS prevention services such as F5 Silverline and Prolexic are routing asymmetrically as well, wouldn’t uRPF be affecting them all? Thanks, Greg [http://www.cisco.com/web/europe/images/email/signature/logo05.jpg] Gregory Gombas CCIE# 19649 – R&S Network Consulting Engineer Advanced Services grgom...@cisco.com<mailto:grgom...@cisco.com> Office: +1-212-714-4497 Mobile: +1-201-675-9457 Cisco Systems Limited One Penn Plaza 6th & 9th Floors New York, NY 10119 United States Cisco.com [Think before you print.]Think before you print. This email may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message. For corporate legal information go to: http://www.cisco.com/web/about/doing_business/legal/cri/index.html From: Tyler Conrad [mailto:ty...@tgconrad.com] Sent: Tuesday, November 14, 2017 1:30 PM To: james machado <hvgeekwt...@gmail.com> Cc: Greg Gombas -X (grgombas) <grgom...@cisco.com>; nanog@nanog.org Subject: Re: Issues with 4-octet BGP AS and Akamai? Are you advertising out multiple circuits? Check the pathing both directions if you can. A lot of CDNs enforce uRPF strict. On Tuesday, November 14, 2017, james machado <hvgeekwt...@gmail.com<mailto:hvgeekwt...@gmail.com>> wrote: Greg, I have a 4 byte ASN and have not had any issues with reach ability, including the 2 websites you have linked. James
