Arron Scott wrote:
I have recently had the opportunity to try the "ip verify unicast reverse-path" command in a lab environment, it works with CEF on Cisco IOS 12.0. It seems relatively effective with about a 30% increase in distributed CPU utilisation (ie. 10% becomes 13%, not 40%). We had every packet flooding an interface with bogus source addresses, it happily discarded them all. And yes, it even forwarded the packets with valid source addresses ;-)
And we were running with it on earlier versions of 12 and it broke after a week.... and it was the breaking after a week that was the problem.... YMMV. Cheers -- Sid --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog