Re: [External] Re: uPRF strict more

On 10/1/21 01:51, Valdis Klētnieks wrote: Am I insufficently caffienated, or is uRPF the least of your problems if you don't have a full table *and* don't have a default route? A partial table with no default is perfectly fine for a peering router. As long as your peering router knows how

Re: IPv6 woes - RFC

> On Sep 30, 2021, at 19:35 , Victor Kuarsingh wrote: > > > > On Thu, Sep 30, 2021 at 10:01 PM Valdis Klētnieks > wrote: > On Wed, 29 Sep 2021 16:09:26 -0400, Victor Kuarsingh said: > > > - Both providers provide IPv6 and delegate a prefix to the router

Re: IPv6 woes - RFC

On Thu, Sep 30, 2021 at 10:01 PM Valdis Klētnieks wrote: > On Wed, 29 Sep 2021 16:09:26 -0400, Victor Kuarsingh said: > > > - Both providers provide IPv6 and delegate a prefix to the router (let's > > pretend the retail staff knew enough to sell this person a consumer box > > with 2x WAN

Re: IPv6 woes - RFC

On Wed, 29 Sep 2021 16:09:26 -0400, Victor Kuarsingh said: > - Both providers provide IPv6 and delegate a prefix to the router (let's > pretend the retail staff knew enough to sell this person a consumer box > with 2x WAN interfaces) So... do such boxes exist in any great quantity? Do consumers

Re: [External] Re: uPRF strict more

On Thu, 30 Sep 2021 18:12:51 +0200, Mark Tinka said: > I should have said "If you don't plan to run a full BGP table on a > device without a default a route as well, Am I insufficently caffienated, or is uRPF the least of your problems if you don't have a full table *and* don't have a default

Re: Cisco WAE

I've been looking through that as well and you can exclude nodes using the WAE UI but I'm looking for something on the command line. I thought that you might be able to do it in $CARIDEN_HOME/etc/inventory/master_exclude_list.txt but I wasn't clear if this file is meant to exclude entire nodes or

Re: [External] Re: uPRF strict more

- On Sep 30, 2021, at 9:13 AM, Andrew Smith andrew.william.sm...@gmail.com wrote: Hi, > In Ciscoland, you do have to explicitly state that the default route is > eligible > for URPF verification, otherwise you'll get unexpected traffic drops. > ip verify unicast source reachable-via any

RE: [External] Re: uPRF strict more

Hi > > > What it does allow is for *deliberate* blackholing for traffic; if you > > null-route a prefix, you now block incoming traffic from that subnet > > as well. This can be useful and it is how we are using URPF. > > I don't think it is implied here, but just for clarification this is >

Re: [External] Re: uPRF strict more

On Thu, 30 Sept 2021 at 19:00, Hunter Fuller via NANOG wrote: > What it does allow is for *deliberate* blackholing for traffic; if you > null-route a prefix, you now block incoming traffic from that subnet > as well. This can be useful and it is how we are using URPF. I don't think it is

Re: [External] Re: uPRF strict more

In Ciscoland, you do have to explicitly state that the default route is eligible for URPF verification, otherwise you'll get unexpected traffic drops. ip verify unicast source reachable-via any allow-default And yes, it's main purpose is for implementing source-based remotely-triggered

Re: [External] Re: uPRF strict more

On 9/30/21 17:56, Hunter Fuller wrote: On Thu, Sep 30, 2021 at 12:08 AM Mark Tinka wrote: If you don't plan to run a full BGP table on a device, don't enable uRPF, even loose-mode. At least in Ciscoland, loose URPF checks will pass if you have a default route. So I do not think it could

Re: [External] Re: uPRF strict more

On Thu, Sep 30, 2021 at 12:08 AM Mark Tinka wrote: > If you don't plan to run a full BGP table on a device, don't enable uRPF, > even loose-mode. At least in Ciscoland, loose URPF checks will pass if you have a default route. So I do not think it could result in inadvertent blackholing of

Re: Cisco WAE

See if this helps https://www.cisco.com/c/en/us/td/docs/net_mgmt/wae/6-4/platform/configuration/guide/WAE_Platform_Configuration_Guide/wp_col_overview.html#pgfId-1072022 On Thu, Sep 30, 2021 at 7:41 AM Mark Davis wrote: > Is anyone on the list familiar with configuring WAE to exclude

Cisco WAE

Is anyone on the list familiar with configuring WAE to exclude specific devices from collection? Thanks -- Mark William Davis mda...@gmail.com

Re: uPRF strict more

On 9/29/2021 5:30 PM, Sabri Berisha wrote: - On Sep 29, 2021, at 8:03 AM, Blake Hudson bl...@ispn.net wrote: Hi Blake,     200 deny ip 10.0.0.0 0.255.255.255 any (91057035 matches)     210 deny ip 172.16.0.0 0.15.255.255 any (1366408 matches)     220 deny ip 192.168.0.0 0.0.255.255