[nsp] RPF checking bug?

From: Hank Nussbacher (hank@att.net.il)
Date: Mon Feb 11 2002 - 01:20:36 EST


I recently implemented RPF checking on 2 interfaces that are being load
balanced:

interface Serial2/4:0
  bandwidth 1984
  ip address 192.11x.75.145 255.255.255.252
  ip verify unicast reverse-path
  ip load-sharing per-packet
  encapsulation ppp
  no ip route-cache
  no cdp enable
!
interface Serial2/7:0
  bandwidth 1984
  ip address 192.11x.75.65 255.255.255.252
  ip verify unicast reverse-path
  ip load-sharing per-packet
  encapsulation ppp
  no ip route-cache
  no cdp enable

I found I was getting drops as follows:
24w3d: CEF-Drop: Packet from 192.11x.75.66 via Serial2/7:0 -- unicast rpf check
24w3d: CEF-Drop: Packet from 192.11x.75.146 via Serial2/4:0 -- unicast rpf
check

So I did a check on the routing:

Access-5#sho ip rou 192.11x.75.66
Routing entry for 192.11x.75.66/32
   Known via "connected", distance 0, metric 0 (connected, via interface)
   Redistributing via ospf 1
   Advertised by ospf 1 subnets
   Routing Descriptor Blocks:
   * directly connected, via Serial2/4:0
       Route metric is 0, traffic share count is 1
Access-5#sho ip rou 192.11x.75.65
Routing entry for 192.11x.75.64/30
   Known via "connected", distance 0, metric 0 (connected, via interface)
   Redistributing via ospf 1
   Advertised by ospf 1 subnets
   Routing Descriptor Blocks:
   * directly connected, via Serial2/7:0
       Route metric is 0, traffic share count is 1

I find this to be very strange. So I also checked the CEF table:

192.11x.75.64/30 attached Serial2/7:0
192.11x.75.64/32 receive
192.11x.75.65/32 receive
192.11x.75.66/32 attached Serial2/4:0
192.11x.75.67/32 receive
192.11x.75.144/30 attached Serial2/4:0
192.11x.75.144/32 receive
192.11x.75.145/32 receive
192.11x.75.146/32 attached Serial2/7:0
192.11x.75.147/32 receive

Is this normal? If so, RPF checking should state that load balanced
interfaces can't be RPF checked (I have added a RPF ACL to bypass the problem).

Thanks,
Hank



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:04 EDT