[c-nsp] reverse path filtering doesn't seem to work
Justin Shore
justin at justinshore.com
Fri Nov 20 14:06:54 EST 2009
Pete Templin wrote:
> I don't know how well it'll work on an unnumbered interface etc., but I
> always add the option 'allow-self-ping' to my commands, i.e. 'ip ve u s
> r r allow-s'. I suspect that's related to your troubles.
I'm using uRPF and IP Unnumbered on DS1s today and all seems to be well.
I can ping the directly-connected target of the static route from the
PE too:
interface Serial1/0/3:0
ip unnumbered Loopback197
ip verify unicast source reachable-via rx
no ip redirects
no ip unreachables
no ip proxy-arp
load-interval 30
snmp trap ip verify drop-rate
no cdp enable
service-policy input Armstrong-in
service-policy output Armstrong-out
Mike, can you make sure that IOS thinks uRPF is actually enabled?
sh ip int se0/0 | i uRPF
7206-1.bway#sh ip int se1/0/3:0 | i uRPF
Input features: Stateful Inspection, CCE Input Classification, uRPF,
QoS Marking, MCI Check
Are you seeing the drops in the sh ip int output or somewhere else?
Justin
More information about the cisco-nsp
mailing list