verify unicast reverse-path - не то. Unicast RPF checks to see if any packet received at a router interface arrives on the best return path (return route) to the source of the packet. Unicast RPF does this by doing a reverse lookup in the CEF table. If the packet was received from one of the best reverse path routes, the packet is forwarded as normal. If there is no reverse path route on the same interface from which the packet was received, it might mean that the source address was modified. If Unicast RPF does not find a reverse path for the packet, the packet is dropped. Другими словами - бери краски в руки :О) On Thursday 16 October 2003 13:05, Maxim Tuliuk wrote:
On Thu, Oct 16, 2003 at 12:50 +0300, Alexander Trotsai wrote:
AB>> a>Думаю что правильнее было бы не принимать траффик требующий AB>> a>обратного форварда изначально. AB>> a>On Thursday 16 October 2003 12:31, Alexander Trotsai wrote: AB>> AB>> если б я точно знал гед у меня routing loop волзникает AB>> пока не могу найти :(((
AB>А внедрение "ip verify unicast reverse-path" не спасет AB>(на той кошке куда оно возвращает) ?
не - это исключено а то получится как с ростелекомом :)
на него можно access-list поставить: deny - то что ты тестируешь pass - все остальное -- Maxim Tuliuk WWW: http://www.primats.org.ua/~mt/ ICQ: 21134222
The bike is absolute freedom of moving =================================================================== uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message
-- AO618-RIPE =================================================================== uanog mailing list. To Unsubscribe: send mail to majordomo@uanog.kiev.ua with "unsubscribe uanog" in the body of the message