On Mon, Nov 18, 2013 at 12:45 PM, James Jun <[email protected]> wrote: > BCP38 at customer ports as best practice. Requiring a paid license to > enable sommething as simple as uRPF is Juniper's contribution to further > help discourage BCP38 implementation, imo.
uRPF on the small-EX switches has problems that go beyond licensing. When last I checked, you could only enable or disable it globally, even though Junos lets you configure it on an individual port/interface. If it is enabled and the switch has dual uplinks to your distribution / core which are on different interfaces ... it will just urpf-fail all traffic arriving from the uplink interface that isn't the current best-path for 0/0. Because it also won't do MPLS on SVI/RVIs, only on layer-3 ports, you can't design around this problem by using an SVI for your dual-homed layer-3 uplink and relying on STP to provide connection to two upstream devices on a single IFL, using a shared uRPF "filter." Unless, of course, you choose between either MPLS services or layer-3 services and don't mix them together in a stack. Basically, IMO, Juniper takes some great liberties when they claim these switches "support" "uRPF." -- Jeff S Wheeler <[email protected]> Sr Network Operator / Innovative Network Concepts _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
