RE: [nsp] ip verify unicast reverse-path

• Next message: 'Dmitri Kalintsev': "Re: pVLANs question (cross-customer connectivity problem)"
• Previous message: FreeLSD: "Re: Full BGP and memory"
• In reply to: Jeff Harrington: "Re: [nsp] ip verify unicast reverse-path"
• Next in thread: Danny Sutantyo: "RE: [nsp] ip verify unicast reverse-path"
• Reply: Danny Sutantyo: "RE: [nsp] ip verify unicast reverse-path"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

> >It has no adverse side effects, and it stops your customers from spoofing
> >foreign IP addresses without the need for you to maintain access lists.
>
> I've run into one side effect of not being able to ping through a
> loop on a
> circuit with the command enabled. Took the command off and was able to
> ping. That doesn't affect normal operations, but it can throw a
> NOC for a
> loop (no pun intended).

This only happens when your ping originates from the router. There is a new
option to allow pings originating from the router to work:

ip verify unicast reverse-path [allow-self-ping] [<list>]

or

ip verify unicast source reachable-via (rx|any) [allow-default]
[allow-self-ping] [<list>]

Barry

• Next message: 'Dmitri Kalintsev': "Re: pVLANs question (cross-customer connectivity problem)"
• Previous message: FreeLSD: "Re: Full BGP and memory"
• In reply to: Jeff Harrington: "Re: [nsp] ip verify unicast reverse-path"
• Next in thread: Danny Sutantyo: "RE: [nsp] ip verify unicast reverse-path"
• Reply: Danny Sutantyo: "RE: [nsp] ip verify unicast reverse-path"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:40 EDT