[nsp] RPF problem with ICMP unreachables
Hank Nussbacher
hank@att.net.il
Sun, 24 Nov 2002 15:55:46 +0200
I have a problem with a customer when running simple RPF checking ("ip
verify unicast reverse-path") to the customer. The problem is not on the
side of the my router running RPF checking but rather on his side - and we
have tried numerous different versions of IOS on his side. He announces a
/27 to me via BGP. Suppose we call it 10.117.80.224/27. A user on my side
now tries to ping 10.117.80.226/32. The IP is routed to his router but his
router has no route to this specific IP. What should happen is the
interface facing me should return the ICMP error message. But that doesn't
happen. His router returns the ICMP error message with the IP address of
the interface which has the *highest* IP address (which happens to start
with 212.x.x.x) on that router. My RPF check drops the packet (correctly).
How does one force a router to not use *highest* IP address to return ICMP
unreachables and instead use the interface from where the ICMP came?
-Hank