Matthew Crocker wrote:
Maybe the new slogan needs to be "Save the Internet! Train the chimps!"
Shouldnt 'ip verify unicast source reachable-by rx' be a default
setting on all interfaces? Only to be removed by trained chimps?
Only if you wish to break existing configurations during IOS upgrades. I could
see ip verify unicast source reachable-by any (less breakage), but rx will kill
all types of good asymmetric routing. The largest breakage I have seen caused by
rx is the link IP breakage caused by the router responding out multiple
interfaces. It's also a problem when customers are straddling the fence,
purposefully using asymmetric routing.
It would be nicer to have router support where a packet is acceptable if it's
network is acceptable in the BGP (or IGP) policy/filter (ie, network may not be
there, but it is allowed) as well as the link addresses associated with the BGP
(or IGP) peer.
-Jack
