On Wed, 14 Nov 2012, Pete Templin wrote:
On 11/14/12 3:45 AM, Gert Doering wrote:
ip verify unicast source reachable-via any allow-default
so what is a "suppressed verification drop"? And, much more important,
"will it still do that in hardware", or will loose-uRPF ("via any") punti
it into the software path for "some packets"?
Brian gave a decent response, but because I'm drinking my morning coffee I
feel the urge to add another reply for you (since it'll delay my departure
for work). A suppressed verification drop is a packet that would have
dropped with 'ip verify unicast source reachable-via [any|rx]', but didn't
drop because you added options (which can be allow-default, allow-self-ping,
and/or an ACL to punch some additional holes).
So that suggests that the suppressed drops were suppressed by
allow-default and that Gert doesn't have full routes on this device, which
is a given since it's a non-XL 3B.
----------------------------------------------------------------------
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
