Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

uRPF question

 

urpf lab

Hello
I setup the above lab to test uRPF on vlan SVIs using a WS-C3850-24P (IOS XE 03.03.02SE cat3k_caa-iosd-universalk9.SPA.150-1.EZ2.pkg) for switch1


I enabled the following debugs:
debug ip cef drops detail
debug ip cef drops rpf


And added the following to vlan 10 svi for rpf:
ip verify unicast source reachable-via rx
ip verify unicast notification threshold 0

TEST 1 The allow-default option isn't enabled for urpf on vlan 10. To check if urpf is working ok I pinged the vlan 10 svi from the switch1 cli:

switch1#ping 10.10.10.1

*Apr 16 08:11:10.641: CEF-Drop: Packet from 10.10.10.1 via Vlan10 -- via-rx
*Apr 16 08:11:10.642: CEF-Drop: packet from 10.10.10.1 via Vlan10: unicast rpf failed.

show ip interface vlan 10 and show ip traffic counters show increments for RPF


TEST2 Spoof a Source IP address in the same range as Lo20 on the laptop using nmap:

nmap -e eth4 -S 10.10.20.22 4.4.4.4


*Apr 16 08:15:11.249: CEF-Drop: Packet from 10.10.20.2 via Vlan10 -- via-rx
*Apr 16 08:15:11.249: CEF-Drop: Packet from 10.10.20.2 (Vl10) to 4.4.4.4, Input feature uRPF

show ip interface vlan 10 and show ip traffic counters show increments for RPF


TEST3 Spoof an arbitary source  IP address on the laptop using nmap:

nmap -e eth4 -S 10.10.60.1 4.4.4.4

No outputs from the debugs and show ip interface vlan 10 and show ip traffic counters do not show increments for RPF.
I disabled rpf on vlan 10 and created a logging acl on  switch1's interface to switch2 to check for this spoofed traffic and could see the acl hits ok. When I re-enable rpf on vlan 10 these acl hits stop.
I also enabled debug ip packet to see what was happening to the spoofed traffic but nothing appeared in the debug. The spoofed traffic is being dropped with rpf enabled but I am seeing nothing in the debugs, logs or counters.

Am I missing something? I repeated the above on a WS-C3750X-24P-E 12.2(58)SE2 with the same results.

Thanks
Andy

 

135
Views
0
Helpful
0
Replies
CreatePlease login to create content