Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Cisco - ip verify unicast reverse-path

  • From: trall
  • Date: Sat Feb 12 17:57:27 2000

This command has been mentioned numerous times during the DDoS discussion.
I, for one, don't have a good idea of how it works.  Perhaps someone can
enlighten us?

Cisco's web site certainly doesn't do much to help the situation.  I found
it mentioned in the guide (not the reference) for the Cat 6000

- no description of syntax, let alone what it does.

And then there is  It
says that the RPF check is based on CEF.  I'm not familiar with CEF and
want to clarify something about unicast RPF.  If the source address of a
packet arrived on an interface that would not be the preferred route for
that address but is one of the less-preferred routes would the packet get

If, as I hope, it would not, I don't understand the argument that it
doesn't work for multi-homed connections.  Such systems should be
advertising their routes over all connections - thus the routes should
appear on all paths outbound from the multi-homed systems (less any long
prefix filtering being done by the upstreams).

Another issue is why has Cisco made this such a stealth feature?  Is it
still buggy?  Are the side-effects of using it so negative that hardly
anyone can use it?  If any such speculation is true, the folks advocating
the use of this feature should also be pointing out the downside.

Tony Rall

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.