Re: [nsp] 12.0(14)S/new uRPF code

From: Basil Kruglov (basil@cifnet.com)
Date: Sun Jan 07 2001 - 19:07:50 EST


On Fri, Jan 05, 2001 at 05:11:09PM -0500, Jared Mauch wrote:
> I've had no problems with it doing a
> "ip verify unicast source reachable-via any" on any of my
> equipment running 14S.. except for GSR Engine2 linecards which
> do not support it (yet).
>
> It's useful to drop spoofed rfc1918 srces that may be part
> of a smurf or some other DoS in the core. It removes the martians
> from packet tracking.. now spoofed sources that are real ips become the
> whole new problem. We need more dialup/dsl anti-spoofing to happen,
> but that's not a subject for here.

Could not find any notes at CCO... is this feature going to work in asymmetric
environment?

Also, is 12.0.14S+ the only version where this feature available at the
moment?

-Basil



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:24 EDT