[nsp] "ip verify unicast reverse-path" broken, or is it just me?

Vincent De Keyzer vincent at dekeyzer.net
Mon Dec 15 05:48:30 EST 2003 

Neither "sh ip int" nor "debug ip cef drops rpf" show anything... so it has
to be an IOS bug?

Can one of you guys succesfully reproduce my test?

Logs below

Vincent



carlos#sh run int s1/0:0
Building configuration...

Current configuration : 243 bytes
!
interface Serial1/0:0
 description #customer: ALFA00
 bandwidth 128
 ip address 217.x.y.25 255.255.255.252
 ip verify unicast reverse-path
 load-interval 30
 ntp broadcast
 no fair-queue
 traffic-shape rate 128000 128000 256000 1000
end

carlos#sh ip int s1/0:0
Serial1/0:0 is up, line protocol is up
  Internet address is 217.x.y.25/30
  Broadcast address is 255.255.255.255
  Address determined by setup command
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Multicast reserved groups joined: 224.0.0.5 224.0.0.6
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is enabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Feature Fast switching turbo vector
  IP multicast fast switching is disabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Probe proxy name replies are disabled
  Policy routing is disabled
  Network address translation is disabled
  WCCP Redirect outbound is disabled
  WCCP Redirect inbound is disabled
  WCCP Redirect exclude is disabled
  BGP Policy Mapping is disabled
  0 unicast RPF drops
  0 unicast RPF suppressed drops
carlos#sh deb
carlos#sh debugging
IP CEF:
  IP CEF drops for RPF debugging is on
carlos#sh log | i Dec 15
carlos#sh ip ro 123.123.123.123
% Network not in table
carlos#


> -----Original Message-----
> From: Gert Doering [mailto:gert at greenie.muc.de] 
> Sent: lundi 15 décembre 2003 11:16
> To: Vincent De Keyzer
> Cc: Mustafa at palnet.com; cisco-nsp at puck.nether.net
> Subject: Re: [nsp] "ip verify unicast reverse-path" broken, 
> or is it just me?
> 
> 
> Hi,
> 
> On Mon, Dec 15, 2003 at 10:39:00AM +0100, Vincent De Keyzer wrote:
> > Isn't the debug going to crash my router?
> 
> It shouldn't.  It will log CEF drops due to rpf - and if you 
> don't have any, it won't log anything...
> 
> > Maybe there is some other way to
> > check, with a show command for instance?
> 
> "show ip interface <xxx>"
> 
> gert
> -- 
> USENET is *not* the non-clickable part of WWW!
>                                                            
> //www.muc.de/~gert/
> Gert Doering - Munich, Germany                             
> gert at greenie.muc.de
> fax: +49-89-35655025                        
> gert at net.informatik.tu-muenchen.de
>

More information about the cisco-nsp mailing list