[c-nsp] loose uRPF on Sup720/3B
Pete Templin
petelists at templin.org
Wed Nov 14 10:59:04 EST 2012
On 11/14/12 3:45 AM, Gert Doering wrote:
> ip verify unicast source reachable-via any allow-default
> so what is a "suppressed verification drop"? And, much more important,
> "will it still do that in hardware", or will loose-uRPF ("via any") punti
> it into the software path for "some packets"?
Brian gave a decent response, but because I'm drinking my morning coffee
I feel the urge to add another reply for you (since it'll delay my
departure for work). A suppressed verification drop is a packet that
would have dropped with 'ip verify unicast source reachable-via
[any|rx]', but didn't drop because you added options (which can be
allow-default, allow-self-ping, and/or an ACL to punch some additional
holes).
pt
More information about the cisco-nsp
mailing list