On Mon, May 23, 2016 at 06:02:10PM +0300, Tarko Tikan wrote: > hey, > > > interface BVI60004 > > ipv4 address 10.4.5.1 255.255.255.0 > > ipv4 verify unicast source reachable-via rx allow-self-ping > > Is this actual config or simplified? If simplified, is there > VRRP/HSRP involved? > > If there is, it can be explained by DHCP return packet hitting other > router (because it's sent to GIADDR but you only announce your > connected prefix). Other router then fails to send packet to > original router via connected interface because from other routers > POV it fails RPF (saddr: dhcp-server, daddr: giaddr).
Thanks - thats it ... hsrp + ipv4 verify bit me again ...
Its simplyfied - there is HSRP but the giaddr is the interfaces address
not the HSRP address - so it would get routed back to the original
partner - But indeed that might be the reason the OFFER gets dropped.
And yes - hitting the HSRP partner first so it'l be put on that
L3 domain as its connected and the partner will drop it - bah.
Now looking for a workaround - announcing the HSRP partners interface
addresses as /32 seems to be the only real solution.
Flo
--
Florian Lohoff f...@zz.de
UTF-8 Test: The 🐈 ran after a 🐁, but the 🐁 ran away
signature.asc
Description: Digital signature
_______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
