An engineer configured Reverse Path Forwarding on an interface and noticed that the routes are dropped when a route lookup fails on that interface for a prefix that is available in the routing table.
Which interface configuration resolves the issue?
Click on the arrows to vote for the correct answer
A. B. C. D.C.
Reverse Path Forwarding (RPF) is a technique used to help prevent IP address spoofing by verifying that incoming packets have a legitimate source IP address that can be reached via a known and valid route.
When RPF is enabled on an interface, the router checks the source IP address of incoming packets and performs a lookup in its routing table to ensure that the incoming packets are arriving on the expected interface. If the source IP address is not reachable via the expected interface, the packet is dropped.
In this case, the engineer has configured RPF on an interface and noticed that routes are being dropped when a route lookup fails for a prefix that is available in the routing table. This means that the router is dropping valid traffic because it is unable to verify the source IP address of the incoming packets.
To resolve this issue, the router needs to be configured to allow the source IP address of the incoming packets to be verified via a different interface or method. The four options provided in the question are all variations of the "ip verify unicast source reachable-via" command, which is used to configure RPF.
Option A, "ip verify unicast source reachable-via l2-src", allows the source IP address to be verified via the Layer 2 source address of the incoming packet. This option is useful in scenarios where the Layer 2 topology is stable and predictable.
Option B, "ip verify unicast source reachable-via allow-default", allows the source IP address to be verified via any interface, including the default route. This option is useful in scenarios where there are multiple paths to the source IP address and the router needs to be able to verify the source address regardless of which path the traffic takes.
Option C, "ip verify unicast source reachable-via any", allows the source IP address to be verified via any interface, but does not include the default route. This option is similar to option B, but excludes the default route as a possible path for RPF verification.
Option D, "ip verify unicast source reachable-via rx", allows the source IP address to be verified via the interface on which the packet was received. This option is useful in scenarios where the router has a direct connection to the source IP address and wants to verify the source address via that interface.
In summary, to resolve the issue of dropped routes when RPF lookup fails on an interface, the engineer can use any of the four options provided, depending on the specific requirements of the network.