From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Wed Dec 20 2006 - 19:29:45 ART
Both of the below commands refer to strict uRPF. The difference
is that the first command is the legacy command, and is deprecated by
the " ip verify unicast reachable-via" command. The "ip verify unicast
reachable-via rx" command means that the route to the source of the
packet must be out the interface that the packet came in (strict). The
"ip verify unicast reachable-via any" command means that the route to
the source must be in the routing table and not point to null0 (loose).
The latter allows you to deal with asynchronous routing scenarios and to
do advanced filtering such as remotely triggered black holes.
HTH,
Brian McGahan, CCIE #8593 (R&S/SP)
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Jian Gu
> Sent: Wednesday, December 20, 2006 3:04 PM
> To: Jim White
> Cc: ccielab@groupstudy.com
> Subject: Re: ip verify unicast reverse-path
>
> The former is called loose-mode, reverse-path check will pass as long
as
> the
> source address is in the routing table
> The latter one is called strict-mode, revese-path check will pass only
> when
> the source is in the routing table and must be reachable via interface
> specified.
>
> On 12/20/06, Jim White <jim.t.white@gmail.com> wrote:
> >
> > Hi,
> >
> > Can someone please differentiate between
> >
> > ip verify unicast reverse-path
> >
> > and
> >
> > ip verify unicast source reachable-via rx
> >
> > and in what circulstances each would be used.
> >
> > Many Thanks,
> >
> > Jim White
> >
> >
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:38 ART