From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Wed Dec 20 2006 - 18:37:30 ART
The first command is the old version of the second command. The two
modes of uRPF, strict and loose, can now be done using the second
command. With loose mode the "rx" option would be replaced with the
"any" option.
Below is a quick explanation of the two modes of uRPF:
In uRPF strict mode, the packet must be received on the
interface/interfaces that the router would route to reach the source IP
address of the packet. If the router has more than one entry
(interface) in its routing table to reach the source IP address'
network, the uRPF check will be successful if the packet is receive on
any of these interfaces.
In uRPF loose mode, the packet can be received on ANY interface as long
as there is at least one route in the routing table to reach the source
IP address of the packet. But if the route to the source is via the
Null0 interface or would use the default route, the packet will not pass
the RPF check. There is an allow-default option that can be applied to
the command in order to permit the uRPF check to use the default route.
Loose mode is useful for filtering traffic with bogon and martian
network sources on the edge of your network. Also it's the foundation
for remotely triggered black hole filtering.
HTH,
Brian Dennis, CCIE4 #2210 (R&S/ISP-Dial/Security/SP)
bdennis@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jim White
Sent: Wednesday, December 20, 2006 8:43 AM
To: ccielab@groupstudy.com
Subject: ip verify unicast reverse-path
Hi,
Can someone please differentiate between
ip verify unicast reverse-path
and
ip verify unicast source reachable-via rx
and in what circulstances each would be used.
Many Thanks,
Jim White
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:38 ART