From: istong@stong.org
Date: Sat Mar 26 2005 - 20:40:50 GMT-3
Hi Dillon,
Not sure if you receieved a response to your question yet.
The article refers to common cases where an edge router is
one with a single connection to the core. In that case you
have symetric routing. Certainly there are cases where edge
routers have multiple connections to the core in which case
you are more likely to have asymetric routing. And when it
comes to a core router asymetric routing is the standard.
Hence ip verify works well with symetric routing at the edge
(single connections) and not at the core or edge when you
have asymetric routing. You can use loose mode versus
strict mode to deal with those differences.
Thanks,
Ian
http://www.ccie4u.com
Rack Rentals starting at only $12
> Hi, Brian:
>
> I can not understand why the core router has asymmetric
> path and the edge router has symmetric path indicated in
> the link:
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fsecur_r/fothercr/srfrpf.htm
> Any advice?
>
> TIA
> dillon
>
>
> ----- Original Message -----
> From: "Brian McGahan" <bmcgahan@internetworkexpert.com>
> To: "mani poopal" <mani_ccie@yahoo.com>;
> <ccielab@groupstudy.com> Sent: Saturday, March 26, 2005
> 6:14 AM Subject: RE: IP VERIFY UNICAST REVERSE PATH
>
>
> > Mani,
> >
> > This feature does not work in the 12.2T trains. I have
> > verified this both with the CLI config and in the bug
> > toolkit:
> > CSCeg06652 Bug Details
> >
> > Headline uRPF does not work ACL log
> > Product all Model
> > Component fib Duplicate of CSCin39333
> > Severity 3 Severity help Status Duplicate Status
> > help First Found-in Version 12.2(15)T05 All affected
> > versions First Fixed-in Version Version help
> > Release Notes
> >
> > Symptoms: Cisco Express Forwarding (CEF) will drop all
> > packets including
> > permitted packets or denied packets.
> >
> > Conditions: This symptom is observed when Unicast
> > Reverse Path Forwarding
> > (URPF) is configured with an access control list (ACL)
> > that has a log option.
> >
> > Workaround: There is no workaround.
> >
> >
> > HTH,
> >
> > Brian McGahan, CCIE #8593
> > bmcgahan@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987 x 705
> > Outside US: 775-826-4344 x 705
> > 24/7 Support: http://forum.internetworkexpert.com
> > Live Chat: http://www.internetworkexpert.com/chat/
> >
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com] On Behalf Of
> > > mani poopal
> > > Sent: Friday, March 25, 2005 1:38 AM
> > > To: ccielab@groupstudy.com
> > > Subject: IP VERIFY UNICAST REVERSE PATH
> > >
> > > Guys,
> > >
> > > What is the main purpose of access-list at the end of
> > > the ip verify unicast reverese-path(To drop packets
> > without verifiable source address
> > > )command. If I want to log denied packets is oprtion
> > (1.) or option (2.)
> > > is right. This access-list only for reverse path
> > > command and not for access-group. So what is the
> > correct sequense of checking this access-
> > > list by the rpf router.
> > >
> > >
> > > (1.)
> > > int eth0/1/1
> > > ip address 192.168.200.1 255.255.255.0
> > > ip verify unicast reverse-path 197
> > > access-list 197 deny ip any any
> > >
> > > (2.)int eth0/1/1
> > > ip address 192.168.200.1 255.255.255.0
> > > ip verify unicast reverse-path 197
> > > access-list 197 permit ip any any
> > >
> > >
> > >
> > >
> > >
> > > B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
> > > (416)431 9929
> > > MANI_CCIE@YAHOO.COM
> > >
> > > ---------------------------------
> > > Do you Yahoo!?
> > > Yahoo! Small Business - Try our new resources site!
> > >
> > >
> >
> __________________________________________________________
> > > _____________ Subscription information may be found
> > > at: http://www.groupstudy.com/list/CCIELab.html
> >
> >
> __________________________________________________________
> > _____________ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> __________________________________________________________
> _____________ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
______________________________________________
Check Your Email From Any Where in the World!
Tell Your Friends about MyEmail.com!
______________________________________________
This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:52 GMT-3