[afnog] strict RPF ????

Frank Habicht geier at geier.ne.tz
Fri Oct 23 12:07:06 UTC 2015


Hi all,

update below.

On 10/18/2015 9:09 PM, Nishal Goburdhan wrote:
> frank,
> 
> for many years 2905 used strict rpf.  they are now 16637.  you can query
> lg1.za.mtnbusiness.net for more info.
> 
> without a name, you're just hamstringing any attempt to put you in touch
> with $responsible party...

AS5713. they do strict uRPF.
We got a reply, after contacting nnoc at saix.net , confirming this.
I believe I made the case to rather not drop packets.
No response yet ( 3 days ).

I strongly feel that asymmetric traffic should be forwarded - not
dropped. Even though we try to have traffic flowing symmetrically,
whenever we can.

I think providers that drop packets should tell that to their customers.
They are advertising a route somewhere, but then they drop the packets
they receive at place A, just because they prefer another route via place B.

As you see, I also believe it's time to name them (like Nishal).

When you use them, understand that you might not get all the packets
that are sent towards you.

Or maybe [paraphrasing Randy] I should ask my competitors to do just that?

To be clear:
I would be very happy to hear that operators doing strict uRPF on
non-customer links are going to re-consider this.

Frank

PS: details:
the destination was in 87.255.96.0/19, originated by AS5713 .
there is an agreement/agreements (I was informed) that 5713 would
advertise to 3741 who would advertise to 37100 where we (37084) would
learn it from. And it normally works - see here:

87.255.96.0/19     *[BGP/170] 3d 15:25:32, localpref 30
                      AS path: 37100 3741 5713 I

some part of this wasn't working (last Sunday), for this prefix at
least, maybe others as well, probably not for most from AS5713.

So we at 37084 were sending packets out towards Europe.
AS5713 received the packets from there, on a link that they did not use
for the return for our source. Because they had a better one via above
mentioned ASes.

So the policy there is to drop the packet.   :-(

Greetings,
Frank



More information about the afnog mailing list