Unicast Reverse Path Forwarding (uRPF)

(Lazaros Agapides) #42

Hello sales2161

Hmm, that’s interesting, not sure why that is happening. As Rene states in his lesson, it is possible to have an access-list added that will specify exemptions to the uRPF rule. It is these exceptions that the suppressed verification drops should count. Cisco’s documentation states that as well. I’ll ask Rene to take a look and see if he has any more insight.



(Rene Molenaar) #43

Just to be sure, I just did this lab again.

The Cisco documentation states:

The Unicast RPF suppressed drop count tracks the number of packets that failed the Unicast RPF check but were forwarded because of the permit permission set up in the ACL. Using the drop count and suppressed drop count statistics, a network administrator can takes steps to isolate the attack at a specific interface.

Which leads to belief an ACL is required to see suppressed drops. However in loose mode, when there is no matching route, the packets are counted towards the suppressed drops. I can’t find anything in the documentation about this but that’s what happens :slight_smile: