Reverse path forwarding, Chapter 22, Chapter – Brocade Multi-Service IronWare Switching Configuration Guide (Supporting R05.6.00) User Manual

Multi-Service IronWare Switching Configuration Guide

877

53-1003036-02

Chapter

22

Reverse Path Forwarding

Table 115

displays the individual Brocade devices and the Reverse Path Forwarding features they

support.

A number of common types of denial-of-service (DoS) attacks, including Smurf and Tribe Flood
Network (TFN), can take advantage of forged or rapidly changing source IP addresses to allow
attackers to thwart efforts to locate or filter the attacks. Reverse Path Forwarding (RPF) is designed
to prevent such a malicious user from spoofing a source IP address by checking that the source
address specified for a packet is received from a network to which the device has access. Packets
with invalid source addresses are not forwarded. Optionally, you can log packets that fail the RPF
test.

RPF is supported for IPv6 packets. Differences in RPF support in IPv4 and IPv6 are noted within
this chapter where necessary.

TABLE 115

Supported Brocade Reverse Path Forwarding features

Features
supported

Brocade
NetIron XMR

Brocade
MLX Series

Brocade
NetIron CES
2000 Series
BASE
package

Brocade
NetIron CES
2000 Series
ME_PREM
package

Brocade
NetIron CES
2000 Series
L3_PREM
package

Brocade
NetIron CER
2000 Series
Base
package

Brocade
NetIron CER
2000 Series
Advanced
Services
package

Reverse Path
Forwarding
(RPF)

Yes

Yes

Yes

Yes

Yes

Yes

Yes

RPF Support
for IP over
MPLS Routes

Yes

Yes

No

No

No

No

No

Suppressing
RPF for
Packets Using
inbound ACLs

Yes

Yes

No

No

No

No

No

Excluding
Packets that
Match the
Routers
Default Route

Yes

Yes

No

No

No

No

No