Selamat,
Using uRPF you drop packets with unverifiable source address (e.g. spoofed)
based upon your routing table. In Loose mode as long as the router knows the
source it's OK they can come through no matter through which interface it's
reachable.
But as you mentioned it's always nice to know what packets are dropped. You
can attach a deny any ACL with log option to your uRPF settings to see the
packets that end up with being dropped. If you have any difficulty in
understanding the uRPF ACL feel free to ask.
For more information (beyond CCIE) you might wish to read through RFC-3704
and RFC-2827. They're both very cool.
HTH
Kambiz Agahian
CCIE Instructor/Consultant
M.Eng Telecom, CCIE# 25341, CCSI# 33326, MCSE, MCSA
On Fri, Aug 13, 2010 at 12:13 AM, selamat pagi <ketimun_at_gmail.com> wrote:
> According to the docu 4 types of addresses are blocked:
>
> http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ft_urpf.html
>
> Loose mode allows Unicast RPF to automatically detect and drop packets such
> as the following:
>
> IETF RFC 1918 source addresses
>
> Other Documenting Special Use Addresses (DUSA) that should not appear in
> the source
>
> Unallocated addresses that have not been allocated by the Regional
> Internet
> Registries (RIRs)
>
> Source addresses that are routed to a null interface on the router
>
> 1) RFC1918 and 4) null route are easy to understand.
>
> But what other address-ranges are blocked ?
>
> Is there a command to show this on the router ?
>
> Many thanks,
> keti
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Fri Aug 13 2010 - 01:00:52 ART
This archive was generated by hypermail 2.2.0 : Wed Sep 01 2010 - 11:20:52 ART