[nsp] "ip verify unicast reverse-path" broken, or is it just me?
Mustafa N. Deeb
mustafa at palnet.com
Mon Dec 15 05:20:12 EST 2003
are you sure CEF is working right?
What did debug ip cef drops rpf said on your access ?
CHeers
~~~~~~~~~~~~~~~~~~~~~~
Mustafa N. Deeb
Technical Director
Palnet Communications Ltd.
Tel: +970-2-2403434
Fax: +970-2-2403430
www.palsms.com
www.paltime.net
www.palnet.com
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Vincent De
Keyzer
Sent: Monday, December 15, 2003 10:53 AM
To: cisco-nsp at puck.nether.net
Subject: [nsp] "ip verify unicast reverse-path" broken, or is it just
me?
Hello,
I have been testing "ip verify unicast reverse-path" on my routers
yesterday, and it seemingly did not work. Is it an IOS issue, or is it
me
who does not understand?
Test set-up:
* an ISP network with managed CPEs
* created interface "loopback123" on a CPE with IP
123.123.123.123/30
* started pinging from the CPE a linux box at the other end of the
network (with source address 123.123.123.123)
* started a tcpdump on the linux box, shows incoming icmp echo
request
packets with source address 123.123.123.123
* check that there is no route for 123.123.123.123 on the access
router (default route of the access router is obviously not the CPE, in
case
that matters)
* added "ip verify unicast reverse-path" on the customer interface
of
the access router: pings keep coming in on the the linux box! No good.
What did I do wrong?
Access router is a 2621 running "IOS (tm) C2600 Software (C2600-JS-M),
Version 12.2(5), RELEASE SOFTWARE (fc1)".
Vincent
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list