Hi, everyone
When I run a simulation of uRPF loose mode on the GNS3, I found that the suppressed verification counter increased.
And from the document,
The Unicast RPF suppressed drop count tracks the number of packets that failed the Unicast RPF check but were forwarded because of the permit permission set up in the ACL.
However, I didn't configure any ACL in this simulation.
Why suppressed drop counter still increases?
Here are my lab configuration
R1:
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip verify unicast source reachable-via any
duplex auto
speed auto
end
interface FastEthernet0/1
ip address 10.1.1.1 255.255.255.0
ip verify unicast source reachable-via any
duplex auto
speed auto
end
Routing table on R1
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
172.16.0.0/24 is subnetted, 1 subnets
S 172.16.1.0 [1/0] via 10.1.1.3
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, FastEthernet0/1
C 192.168.1.0/24 is directly connected, FastEthernet0/0
Before I ping 192.168.1.1 with source 172.16.1.2
R1#show ip int f0/0 | in veri
IP verify source reachable-via ANY
0 verification drops
0 suppressed verification drops
After I ping 192.168.1.1 with source 172.16.1.2
R1#show ip int f0/0 | in veri
IP verify source reachable-via ANY
0 verification drops
5 suppressed verification drops
Thanks
James Tu
