Monitoring And Maintaining Urpf - Cisco 10000-2P2-2DC Software Configuration Manual

Monitoring and Maintaining uRPF

You can use default route to configure a default path for all addresses that are not in the regular routing
Note
table. When configuring uRPF, you can use the allow-default option to allow ip packets with the source
address resolved to a valid default path, depending on the uRPF modes. In strict mode uRPF, the packets
are allowed from the same interface that has been pointed by the default route. In loose mode uRPF,
packets with the source address resolved to the default route are allowed. However, if there is no default
route provisioned in the router, the allow-default option on or off would not make any difference
regardless of the uRPF mode as there is no valid default path.
Monitoring and Maintaining uRPF
Unicast RPF counts the number of packets dropped or suppressed because of malformed or forged source
addresses. Unicast RPF counts dropped or forwarded packets that include the following global and
per-interface information:
•
•
After you enable uRPF on a router, you can monitor the number of packets getting dropped by the router
using the following commands.
Command
Router# show ip traffic
Router# show ip interface type
Router# show pxf cpu statistics
drop interface
Caution Because debugging output is assigned high priority in the CPU process, it can render the system
unusable. For this reason, use debug commands only to troubleshoot specific problems or during
troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use
debug commands during periods of lower network traffic and fewer users. Debugging during these
periods decreases the likelihood that increased debug command processing overhead will affect system
use.
Example 13-1
using the show ip traffic command. The Unicast RPF drop count is included in the IP statistics section.
Example 13-1 show ip traffic Command
Router# show ip traffic
IP statistics:
Rcvd:
Cisco 10000 Series Router Software Configuration Guide
13-14
Global Unicast RPF drops
Per-interface Unicast RPF drops
shows the total number (global count) of dropped packets for all interfaces on the router
1753234 total, 1163482 local destination
0 format errors, 0 checksum errors, 0 bad hop count
1162010 unknown protocol, 523362 not a gateway
Chapter 13
Description
Displays global router statistics about Unicast RPF drops and
suppressed drops.
Displays per-interface statistics about Unicast RPF drops and
suppressed drops.
Displays drop counters by pxf for a given interface, even without
uRPF provision and if the interface is not up or does not have an
IP address.
Unicast Reverse Path Forwarding
OL-2226-23