[c-nsp] bgp weird issue

Mateusz Błaszczyk blahu77 at gmail.com
Thu Dec 4 03:28:29 EST 2008

> I've finally solved out the mystery with that /29 subnet being blocked
> after the iBGP relationship came up.
> It was because of the "ip verify unicast reverse-path" option enabled on
> Router1 on the interfaces connecting the router to the ISPA.
> I had this option enabled to prevent ip spoofing, but it seems that it
> affects in a negative way iBGP, BGP being a unicast protocol.

you can still use it with the new command "ip verify unicast source
reachable-via _any_"
which will allow rpf traffic as long as the router has the route to
the destination via ANY interfaces.
I.e. you have to make sure that the other router is aware of the /29
in question.

Best Regards,

pgp-key 0x1C655CAB

More information about the cisco-nsp mailing list