[nsp] ip verify unicast reverse-path confirmation?
Streiner, Justin
streiner at stargate.net
Thu Dec 4 13:59:55 EST 2003
On Thu, 4 Dec 2003, Nicolas Sayer wrote:
> hello all,
>
> off topic question about "ip verify unicast reverse-path", i had to
> take out of my WAN interface configuration because it was burning out
> the CPU (interupts). Does each packet (from one TCP flow for example)
> HAS to have it's source address checked against the routing table, thus
> sent to the CPU ? couldn't cef take care of stamping the source address
> as : ok
Did you have CEF enabled and specifically enabled on the interface? Also,
was the CPU OK before enabling unicast RPF, e.g. are you sure that just
enabling unicast RPF on the interface is what killed your CPU?
I've seen behavior like what you've described, but only on a router
running old 12.0T code (this was a few years ago) but I forgot to activate
CEF and configure the interface appropriately.
I run unicast RPF at several points on my network and it works fine. No
significant increase in CPU utilization.
jms
>
> fyi: i have a 6500 switch enhanced with an msfc1 for routing,
>
> cheers, Nick.
>
> On jeudi, nov 6, 2003, at 20:01 Europe/Paris, Bob Snyder wrote:
>
> > Is there any command to see the effects of the "ip verify unicast
> > reverse-path" command? Packet drop counters, etc?
> >
> > Bob
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list