[31479] in North American Network Operators' Group
Re: netscan.org update
daemon@ATHENA.MIT.EDU (Bradley Dunn)
Mon Sep 25 06:28:47 2000
Date: Mon, 25 Sep 2000 03:26:40 -0700
From: Bradley Dunn <bradley@dunn.org>
To: John Fraizer <nanog@EnterZone.Net>
Cc: rdobbins@netmore.net, nanog@merit.edu
Message-ID: <20000925032640.A12501@dunn.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.LNX.4.21.0009250329100.8234-100000@Overkill.EnterZone.Net>; from nanog@EnterZone.Net on Mon, Sep 25, 2000 at 03:31:53AM -0400
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, Sep 25, 2000 at 03:31:53AM -0400, John Fraizer wrote:
> In a BB situation and in some simple multihomed situations, it is possible
> for someone to have a route into your network via an interface that for
> administrative/technical reasons, you're not accepting routes to them via.
> In such instances, CEF will break an otherwise valid, though be it
> asymetric stream.
You are confusing CEF, a switching path, with 'ip verify unicast reverse-path',
an interface configuration command which requires CEF.
In any case, recent flavours of IOS support using an ACL to specify exceptions
to the reverse-path check.
Bradley
