10-19-2022 04:34 AM
What would happen if a router receives a packet with source IP different from the router's interface subnet.
does the router drop the packet or will forward according to the destination ip regardless of the source ip mismatch.
Solved! Go to Solution.
10-19-2022 05:34 AM
IP source and destiantion never change when packet forward from router to router, the mac address only change,
so sure it can happened receive packet with source IP different than subnet of interface, and router drop packet only if the destination is unreachable.
10-19-2022 06:07 AM
If you want the router to drop packets when they don't match the routing table, you can apply the
ip verify unicast reverse-path
to the interface. Use that with care if there are down stream links to other networks. If there are only hosts on the interface in question, I almost always apply that command.
10-19-2022 07:35 AM
Although @MHM Cisco World answers this, sometimes another explanation, put a bit differently, helps clarify the point.
"What would happen if a router receives a packet with source IP different from the router's interface subnet."
Generally, nothing, i.e. normally router doesn't care.
Possibly you're thinking about a gateway router, where there are multiple hosts on the same network as the router interface, sending to it. That's correct, but for routing, a router doesn't normally even concern itself with the packet's source IP.
For non-gateway routers, generally all the received packets have a source IP not on the same network as the interface that received it.
"does the router drop the packet or will forward according to the destination ip regardless of the source ip mismatch."
Again, as router doesn't generally care about source IP, it will do whatever it would do based on destination IP.
10-19-2022 07:44 AM - edited 10-19-2022 09:16 AM
". . . and router drop packet only if the destination is unreachable."
Although @MHM Cisco World is correct, a router will drop a packet when destination is unreachable, at least in the ICMP sense, there are six different destination unreachable message types. I'm not going to further try to explain them, but why/when they are triggered are bound to how a router processes a destination IP.
10-19-2022 07:50 AM - last edited on 10-19-2022 10:19 AM by Translator
Just to expand a bit on @Elliot Dierksen mention of the
ip verify unicast reverse-path
command, which does need to be used with care, basically it simply works by checking a received packet's source IP against the interface it was received on. If the router would send to the source IP using the same interface, all good. If not, packet dropped.
Generally in the case where the source IP matched the network of the receiving interface's that would be expected. When they don't match, is when you have a chance that this function will drop a packet.
10-19-2022 05:34 AM
IP source and destiantion never change when packet forward from router to router, the mac address only change,
so sure it can happened receive packet with source IP different than subnet of interface, and router drop packet only if the destination is unreachable.
10-19-2022 07:44 AM - edited 10-19-2022 09:16 AM
". . . and router drop packet only if the destination is unreachable."
Although @MHM Cisco World is correct, a router will drop a packet when destination is unreachable, at least in the ICMP sense, there are six different destination unreachable message types. I'm not going to further try to explain them, but why/when they are triggered are bound to how a router processes a destination IP.
10-19-2022 09:15 AM
Thanks alot, all clear now.
10-19-2022 06:07 AM
If you want the router to drop packets when they don't match the routing table, you can apply the
ip verify unicast reverse-path
to the interface. Use that with care if there are down stream links to other networks. If there are only hosts on the interface in question, I almost always apply that command.
10-19-2022 07:50 AM - last edited on 10-19-2022 10:19 AM by Translator
Just to expand a bit on @Elliot Dierksen mention of the
ip verify unicast reverse-path
command, which does need to be used with care, basically it simply works by checking a received packet's source IP against the interface it was received on. If the router would send to the source IP using the same interface, all good. If not, packet dropped.
Generally in the case where the source IP matched the network of the receiving interface's that would be expected. When they don't match, is when you have a chance that this function will drop a packet.
10-19-2022 09:17 AM
Thanks alot Joseph. all clear
10-19-2022 09:16 AM
Thanks alot Elliot.
10-19-2022 07:35 AM
Although @MHM Cisco World answers this, sometimes another explanation, put a bit differently, helps clarify the point.
"What would happen if a router receives a packet with source IP different from the router's interface subnet."
Generally, nothing, i.e. normally router doesn't care.
Possibly you're thinking about a gateway router, where there are multiple hosts on the same network as the router interface, sending to it. That's correct, but for routing, a router doesn't normally even concern itself with the packet's source IP.
For non-gateway routers, generally all the received packets have a source IP not on the same network as the interface that received it.
"does the router drop the packet or will forward according to the destination ip regardless of the source ip mismatch."
Again, as router doesn't generally care about source IP, it will do whatever it would do based on destination IP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide