beautypg.com

Enabling rpf on individual ports – Brocade Multi-Service IronWare Switching Configuration Guide (Supporting R05.6.00) User Manual

Page 911

background image

Multi-Service IronWare Switching Configuration Guide

881

53-1003036-02

RPF configuration

22

For IPv4 configurations, use the following command.

Brocade(config)# reverse-path-check

Syntax: reverse-path-check

Brocade(config)# ipv6 reverse-path-check

Enabling RPF on individual ports

After RPF has been configured globally for a device, it must be configured on every interface that
you want it to operate. The RPF feature can be configured on physical Ethernet interfaces. There
are two modes, “strict” and “loose,” that can be configured to enforce RPF on IP addresses for
packets arriving on a given interface:

In loose mode, RPF permits a packet as long as the source address matches a known route
entry in the routing table. It will drop a packet if it does not match a route entry. Note that if a
default route is present, loose mode will permit all traffic.

In strict mode, RPF requires that a packet matches a known route entry as described in loose
mode and also that it arrives at the interface as described in the router table’s next hop
information. It will drop a packet that does not match both of these criteria.

Configuring RPF on a port requires separate commands for IPv4 and IPv6. To configure RPF on a
port, use the IPv4 or IPv6 command, as shown in the following examples.

For IPv4 configurations, use the following commands.

Brocade(config)# interface ethernet 3/1

Brocade(config-if-e1000-3/1)# rpf-mode strict log

Syntax: [no] rpf-mode [ loose | strict ] [log]

For IPv6, use the following commands.

Brocade(config)# interface ethernet 3/1

Brocade(config-if-e1000-3/1)# rpf-mode-ipv6 strict log

Syntax: [no] rpf-mode-ipv6 [ loose | strict ] [log]

There are two modes in which you can enforce RPF on IP sources address for packets that arrive on
a configured interface:

The loose option configures RPF in the loose mode.

The strict option configures RPF in the strict mode.

The log option directs RPF to log packets that fail the RPF test. Enabling RPF logging may lead to
high CPU utilization on the interface module because packets that fail the RPF check test are
dropped in software. Only syslog entries are created by this option. No SNMP traps are issued by
this option.

The ACL or RPF logging mechanism on the interface modules log a maximum of 256 messages per
minute, and send these messages to the management module. A rate-limiting mechanism has
been added to rate-limit the number of messages from the interface module CPU to the
management module CPU to 5 messages per second. Because this delays the delivery of
messages to the management module, in the worst case scenario with all 256 packets arriving at
the same time on the interface module, the time values stamped by the management module on
the messages will vary by as much as 60 seconds.

See also other documents in the category Brocade Computer Accessories: