[EMAIL PROTECTED]
> Sent: Saturday, September 13, 2008 11:26 AM
> To: nanog@nanog.org; [EMAIL PROTECTED]
> Subject: Re: Cisco uRPF failures
>
> On Thu, Sep 11, 2008 at 08:11:28PM +0300, Saku Ytti wrote:
> >
> > Sound like these shops are using 3550 as router, which is common
On (2008-09-13 13:26 -0500), Brandon Ewing wrote:
Hey Brandon,
> Are you sure? According to the IOS guide for 3560E/3750E, "ip verify" is
> still an unsupported interface command. I don't have a 3560E handy to test
> on, but I know that a non-E 3560 refuses it with a notice regarding how
> veri
On Thu, Sep 11, 2008 at 08:11:28PM +0300, Saku Ytti wrote:
>
> Sound like these shops are using 3550 as router, which is common for
> smaller shops, especially in EU. And indeed, 3550 would not do uRPF.
> (3560E does).
>
Are you sure? According to the IOS guide for 3560E/3750E, "ip verify" is
On (2008-09-11 00:50 -0700), Jo Rhett wrote:
> As someone who does a lot of work talking to NOCs trying to chase down
> attack sources, I can honestly tell you that I haven't talked to a
> single NOC in the last 16 months who had BCP38 on every port, or even on
> most of their ports. And the
On Sep 11, 2008, at 10:11 AM, Saku Ytti wrote:
On (2008-09-11 00:50 -0700), Jo Rhett wrote:
As someone who does a lot of work talking to NOCs trying to chase
down
attack sources, I can honestly tell you that I haven't talked to a
single NOC in the last 16 months who had BCP38 on every port, o
On Sep 8, 2008, at 1:55 AM, Saku Ytti wrote:
To this day I've never met network operator not using uRPF on Cisco
gear.
(note: network operator. It's probably not used widely by enterprises)
As someone who does a lot of work talking to NOCs trying to chase down
attack sources, I can honestl
On Sep 6, 2008, at 10:20 AM, Anton Kapela wrote:
On Thu, Sep 4, 2008 at 11:35 AM, Jo Rhett <[EMAIL PROTECTED]>
wrote:
That's the surprising thing -- no scenario. Very basic
configuration.
Enabling uRPF and then hitting it with a few gig of non-routable
packets
consistently caused the sup
On (2008-09-04 09:35 -0700), Jo Rhett wrote:
> quickly, but that turns out not to be the case. To this day I've never
> found a network operator using uRPF on Cisco gear.
> (note: network operator. it's probably fine for several-hundred-meg
> enterprise sites)
To this day I've never met net
Jo Rhett wrote:
That's the surprising thing -- no scenario. Very basic
configuration. Enabling uRPF and then hitting it with a few gig of
non-routable packets consistently caused the sup module to stop
talking on the console, and various other problems to persist
throughout the unit, ie no a
On 9/6/08, Anton Kapela <[EMAIL PROTECTED]> wrote:
> On Thu, Sep 4, 2008 at 11:35 AM, Jo Rhett <[EMAIL PROTECTED]> wrote:
>
> > found a network operator using uRPF on Cisco gear.
> > (note: network operator. it's probably fine for several-hundred-meg
> > enterprise sites)
>
>
> Forgive me, but
On Thu, Sep 4, 2008 at 11:35 AM, Jo Rhett <[EMAIL PROTECTED]> wrote:
> That's the surprising thing -- no scenario. Very basic configuration.
> Enabling uRPF and then hitting it with a few gig of non-routable packets
> consistently caused the sup module to stop talking on the console, and
What d
(changing subject line)
On Sep 3, 2008, at 7:06 PM, Rubens Kuhl Jr. wrote:
This statement is patently false. The uRPF failures I dealt with
were based
entirely on the recommended settings, and were confirmed by Cisco.
Last I
heard (2 months ago) the problems remain. Cisco just isn't being
12 matches
Mail list logo
