Shulou(Shulou.com)06/01 Report--

Experimental requirements:

Add default routes to 1.R1 and R 3, and R 2 does not add static first. On R1, Fa0/0 and Lo0 interfaces are used as source ping R3 respectively; observe the phenomenon and think about the reason.

two。 Enable uRPF on R2

3. Use the Lo0 interface on R1 as the source ping R3 to test connectivity and analyze the difference with the phenomenon of 1. Think about how uRPF works.

4. Add a default route to R2, point to R1, test connectivity, and what to do if you want ping connectivity. Consider the relationship between uRPF and default routing.

5. Think about the strict mode and loose mode of uRPF.

Other:

1.CEF and uRPF

two。 How do I ping myself with uRPF enabled?

3. What can I do if I don't uRPF a certain write traffic?

#

Basic configuration:

Configuration of R1

R1 (config) # int f0bin0

R1 (config-if) # ip add 12.1.1.1 255.255.255.0

R1 (config-if) # no sh

R1 (config) # int lo 0

R1 (config-if) # ip add 1.1.1.1 255.255.255.0

Configuration of R2

R2 (config) # int f0and0

R2 (config-if) # ip add 12.1.1.2 255.255.255.0

R2 (config-if) # no sh

R2 (config) # int s1and0

R2 (config-if) # ip add 23.1.1.2 255.255.255.0

R2 (config-if) # no sh

Configuration of R3

R3 (config) # int s1ap0

R3 (config-if) # ip add 23.1.1.3 255.255.255.0

R3 (config-if) # no sh

Experiment 1:

R1 (config) # ip route 0.0.0.0 0.0.0.0 12.1.1.2 / / Ethernet port default route write next hop

R3 (config) # ip route 0.0.0.0 0.0.0.0 s1ax 0 / / Serial port doesn't matter

Experimental phenomena:

R1#ping 23.1.1.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 23.1.1.3, timeout is 2 seconds:

.!

Success rate is 80 percent (4amp 5), round-trip min/avg/max = 52-59-68 ms

R1#ping 23.1.1.3 so lo 0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 23.1.1.3, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

.

Success rate is 0 percent (0Unip 5)

PingR3 packet. If the source is 12.1.1.1, R2 can arrive; if the source is 1.1.1.1, R2 cannot reach it without an entry when returning the packet.

Experiment 2:

R2 (config) # ip cef / / must be enabled; default is enabled.

R2 (config) # int f0and0

R2 (config-if) # ip verify unicast source reachable-via any / / enable uRPF loose mode

At this time, the packet phenomenon of pingR3 is the same as above, but the packet going to R3 is discarded directly because R2 has no entry.

Strict uRPF: the entrance is required to be the same as the exit to the source.

Loose uRPF: do not require consistent interfaces, only require the router to have a route to the source

Experiment 4:

R2 (config) # int f0and0

R2 (config-if) # ip verify unicast source reachable-via any / / enable uRPF loose mode

R1#ping 23.1.1.3 so lo 0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 23.1.1.3, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

.

Success rate is 0 percent (0Unip 5)

R2 (config-if) # ip verify unicast source reachable-via any allow-default / / default does not pass the default route check

R1#ping 23.1.1.3 so lo 0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 23.1.1.3, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

.!

Success rate is 0 percent (0Unip 5)

Other:

R2 (config-if) # ip verify unicast source reachable-via any allow-default

R2#ping 12.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:

.

Success rate is 0 percent (0Unip 5)

R2 (config-if) # ip verify unicast source reachable-via any allow-default allow-self-ping

R2#ping 12.1.1.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.1.1.2, timeout is 2 seconds:

!

Success rate is 0 percent (0Unip 5)

/ / when uRPF is enabled, ping does not work by default, unless + allow-self-ping

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.