[31486] in North American Network Operators' Group
Re: netscan.org update
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Mon Sep 25 13:12:53 2000
Message-ID: <39CF85D1.3E4364C5@netmore.net>
Date: Mon, 25 Sep 2000 10:05:21 -0700
From: Roland Dobbins <rdobbins@netmore.net>
Reply-To: rdobbins@netmore.net
MIME-Version: 1.0
To: Bradley Dunn <bradley@dunn.org>
Cc: John Fraizer <nanog@EnterZone.Net>, nanog@merit.edu
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Errors-To: owner-nanog-outgoing@merit.edu
Now =this= I'm familiar with. ip verivy unicast reverse-path causes
massive problems when you're multihomed.
By 'recent', I assume you mean 12.x?
Bradley Dunn wrote:
>
> On Mon, Sep 25, 2000 at 03:31:53AM -0400, John Fraizer wrote:
> > In a BB situation and in some simple multihomed situations, it is possible
> > for someone to have a route into your network via an interface that for
> > administrative/technical reasons, you're not accepting routes to them via.
> > In such instances, CEF will break an otherwise valid, though be it
> > asymetric stream.
>
> You are confusing CEF, a switching path, with 'ip verify unicast reverse-path',
> an interface configuration command which requires CEF.
>
> In any case, recent flavours of IOS support using an ACL to specify exceptions
> to the reverse-path check.
>
> Bradley
--
------------------------------------------------------------
Roland Dobbins <rdobbins@netmore.net> // 818.535.5024 voice
