Single carrier multi-circuit asynchronous routing issue
I am curious to know if anyone has else has hit a problem like the one I am running into right now. I have two DS3 DIA's in my router, terminating on two separate routers at Sprint. We peer with BGP and I am prepending certain of my prefixes to balance the traffic load. src __________ dst 1.1.1.0 |----|- ds3 #1 -| sprint 1 |--( ) 2.2.2.0 ------- |me | ( internet ) ------- | | ( ) | | __________ ( ) |----|- ds3 #2 -| sprint 2 |--( ) If I were to prepend the network 1.1.1.0 to come in on 'sprint 1', but have a route to 2.2.2.0 via 'sprint 2' so that traffic comes in on one circuit but returns on the other, routing is broken. If I change my route so that packets directed to 2.2.2.0 return on the same circuit that the traffic is received on, everything works fine. Has anyone else run into an issue like this before? -- am
* aaron.millisor@bright.net (Aaron Millisor) [Wed 07 Jan 2009, 20:53 CET]: [..]
If I were to prepend the network 1.1.1.0 to come in on 'sprint 1', but have a route to 2.2.2.0 via 'sprint 2' so that traffic comes in on one circuit but returns on the other, routing is broken. If I change my route so that packets directed to 2.2.2.0 return on the same circuit that the traffic is received on, everything works fine.
You might be running into uRPF (unicast reverse path forward verification). -- Niels.
On 7 jan 2009, at 21.05, Niels Bakker wrote:
* aaron.millisor@bright.net (Aaron Millisor) [Wed 07 Jan 2009, 20:53 CET]: [..]
If I were to prepend the network 1.1.1.0 to come in on 'sprint 1', but have a route to 2.2.2.0 via 'sprint 2' so that traffic comes in on one circuit but returns on the other, routing is broken. If I change my route so that packets directed to 2.2.2.0 return on the same circuit that the traffic is received on, everything works fine.
You might be running into uRPF (unicast reverse path forward verification).
-- Niels.
Strict-mode uRPF will couse this, I am sure sprint support can help you with it.. ------------------------------ Anders Lindbäck anders.lindback@dnz.se
Thank you both. Strict mode uRPF was indeed the problem. Took awhile for them to fix it for me, but at least it's fixed. -- am Anders Lindbäck wrote:
On 7 jan 2009, at 21.05, Niels Bakker wrote:
* aaron.millisor@bright.net (Aaron Millisor) [Wed 07 Jan 2009, 20:53 CET]: [..]
If I were to prepend the network 1.1.1.0 to come in on 'sprint 1', but have a route to 2.2.2.0 via 'sprint 2' so that traffic comes in on one circuit but returns on the other, routing is broken. If I change my route so that packets directed to 2.2.2.0 return on the same circuit that the traffic is received on, everything works fine.
You might be running into uRPF (unicast reverse path forward verification).
-- Niels.
Strict-mode uRPF will couse this, I am sure sprint support can help you with it..
------------------------------ Anders Lindbäck anders.lindback@dnz.se
participants (3)
-
Aaron Millisor -
Anders Lindbäck -
Niels Bakker