Monitoring and maintaining urpf – Cisco 10000 User Manual
Page 316
13-14
Cisco 10000 Series Router Software Configuration Guide
OL-2226-23
Chapter 13 Unicast Reverse Path Forwarding
Monitoring and Maintaining uRPF
Note
You can use default route to configure a default path for all addresses that are not in the regular routing
table. When configuring uRPF, you can use the allow-default option to allow ip packets with the source
address resolved to a valid default path, depending on the uRPF modes. In strict mode uRPF, the packets
are allowed from the same interface that has been pointed by the default route. In loose mode uRPF,
packets with the source address resolved to the default route are allowed. However, if there is no default
route provisioned in the router, the allow-default option on or off would not make any difference
regardless of the uRPF mode as there is no valid default path.
Monitoring and Maintaining uRPF
Unicast RPF counts the number of packets dropped or suppressed because of malformed or forged source
addresses. Unicast RPF counts dropped or forwarded packets that include the following global and
per-interface information:
•
Global Unicast RPF drops
•
Per-interface Unicast RPF drops
After you enable uRPF on a router, you can monitor the number of packets getting dropped by the router
using the following commands.
Caution
Because debugging output is assigned high priority in the CPU process, it can render the system
unusable. For this reason, use debug commands only to troubleshoot specific problems or during
troubleshooting sessions with Cisco Systems technical support personnel. Moreover, it is best to use
debug commands during periods of lower network traffic and fewer users. Debugging during these
periods decreases the likelihood that increased debug command processing overhead will affect system
use.
shows the total number (global count) of dropped packets for all interfaces on the router
using the show ip traffic command. The Unicast RPF drop count is included in the IP statistics section.
Example 13-1 show ip traffic Command
Router# show ip traffic
IP statistics:
Rcvd: 1753234 total, 1163482 local destination
0 format errors, 0 checksum errors, 0 bad hop count
1162010 unknown protocol, 523362 not a gateway
Command
Description
Router# show ip traffic
Displays global router statistics about Unicast RPF drops and
suppressed drops.
Router# show ip interface type
Displays per-interface statistics about Unicast RPF drops and
suppressed drops.
Router# show pxf cpu statistics
drop interface
Displays drop counters by pxf for a given interface, even without
uRPF provision and if the interface is not up or does not have an
IP address.