[nsp] "ip verify unicast reverse-path" broken, or is it just me?

Mustafa N. Deeb mustafa at palnet.com
Mon Dec 15 05:20:12 EST 2003




are you sure CEF is working right?

What did debug ip cef drops rpf said on your access ?

CHeers

~~~~~~~~~~~~~~~~~~~~~~
Mustafa N. Deeb
Technical Director
Palnet Communications Ltd.
Tel: +970-2-2403434
Fax: +970-2-2403430
www.palsms.com
www.paltime.net
www.palnet.com



-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Vincent De
Keyzer
Sent: Monday, December 15, 2003 10:53 AM
To: cisco-nsp at puck.nether.net
Subject: [nsp] "ip verify unicast reverse-path" broken, or is it just
me?

Hello,
 
I have been testing "ip verify unicast reverse-path" on my routers
yesterday, and it seemingly did not work. Is it an IOS issue, or is it
me
who does not understand?
 
Test set-up:

*	an ISP network with managed CPEs
*	created interface "loopback123" on a CPE with IP
123.123.123.123/30
*	started pinging from the CPE a linux box at the other end of the
network (with source address 123.123.123.123)
*	started a tcpdump on the linux box, shows incoming icmp echo
request
packets with source address 123.123.123.123
*	check that there is no route for 123.123.123.123 on the access
router (default route of the access router is obviously not the CPE, in
case
that matters)
*	added "ip verify unicast reverse-path" on the customer interface
of
the access router: pings keep coming in on the the linux box! No good.

What did I do wrong?
 
Access router is a 2621 running "IOS (tm) C2600 Software (C2600-JS-M),
Version 12.2(5), RELEASE SOFTWARE (fc1)".
 
Vincent
 
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list