[nsp] "ip verify unicast reverse-path" broken, or is it just me?
Vincent De Keyzer
vincent at dekeyzer.net
Mon Dec 15 03:52:47 EST 2003
Hello,
I have been testing "ip verify unicast reverse-path" on my routers
yesterday, and it seemingly did not work. Is it an IOS issue, or is it me
who does not understand?
Test set-up:
* an ISP network with managed CPEs
* created interface "loopback123" on a CPE with IP 123.123.123.123/30
* started pinging from the CPE a linux box at the other end of the
network (with source address 123.123.123.123)
* started a tcpdump on the linux box, shows incoming icmp echo request
packets with source address 123.123.123.123
* check that there is no route for 123.123.123.123 on the access
router (default route of the access router is obviously not the CPE, in case
that matters)
* added "ip verify unicast reverse-path" on the customer interface of
the access router: pings keep coming in on the the linux box! No good.
What did I do wrong?
Access router is a 2621 running "IOS (tm) C2600 Software (C2600-JS-M),
Version 12.2(5), RELEASE SOFTWARE (fc1)".
Vincent
More information about the cisco-nsp
mailing list