Building network automation solutions

9 module online course

Start now!

uRPF violation logging not working on 12.4T

One of the scenarios I’m discussing in the DMVPN webinar is redundant DMVPN network with two ISPs. It’s not a particularly complex setup ... unless the ISPs decide to deploy anti-spoofing filters (more precisely: unicast RPF checks) in which case it becomes crucially important which outbound interface you use for your DMVPN tunnel.

Anyhow, I was trying to make the whole thing work in a lab and it was repeatedly failing, so I decided to log uRPF violations. According to the documentation, it’s a piece of cake:

  • Define an ACL that denies and logs packets
  • Use the ACL in ip verify unicast source interface configuration command.

Sounds simple. I’ve used these configuration commands ...

interface Serial2/3
description Link to R2
ip address 10.0.8.13 255.255.255.252
ip verify unicast source reachable-via rx 199
encapsulation ppp
no peer neighbor-route
!
access-list 199 deny ip any any log

... and it worked like a charm in 15.0(1)M, my Internet router generated lots of syslog messages similar to these:

%SEC-6-IPACCESSLOGP: list 199 denied udp 10.0.8.10(0) -> 10.0.8.2(0)
%SEC-6-IPACCESSLOGP: list 199 denied udp 10.0.8.10(0) -> 10.0.7.17(0)

12.4T? Accepts the ACL parameter and remains mum. Great inter-release consistency ;)

Add comment
Sidebar