Note:
uRPF should not be configured if you have the asymmetric network.
To see how this feature works, I have one simple examples to illustrate this. I have R1 - R2 - R3 connected according to the figure below. They are in the same OSPF area. However, R2 has a static route going to 1.1.1.1 pointing to the 192.168.3.2 (R3 interface ) as opposed to going out via 192.168.1.0 network.
R2: ip route 1.1.1.1 255.255.255.255 192.168.3.2
// we force the traffic back to 1.1.1.1/32 by going through R3 instead of R1 ( static route higher AD than OSPF)
We will test the connectivity by PING from R1 to R2 using source IP address of 1.1.1.1. If we do not enable the uRPF check on the R2 interface, the PING is successful.
R1#ping 2.2.2.2 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/35/56 ms
R1#
When we enable the uRPF check on the interface R2, the PING will be failed because the traffic R2 going back to R1 will use another route (via R3) instead of going to R1 directly. This violates the RPF check rule.
R2(config-if)#ip verify unicast source reachable-via rx
the ping is failed.
R1#ping 2.2.2.2 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.....
Success rate is 0 percent (0/5)
R1#
No comments:
Post a Comment