beautypg.com

4 urpf, 1 urpf introduction, 2 urpf operation mechanism – Accton Technology ES4626 User Manual

Page 312: 3 urpf configuration task sequence, Urpf

background image

312

load is transferred to switches of the next hop.

Example:

Disabling optimized IP route aggregation algorithm.

Switch(Config)# no ip fib optimize

9.4 URPF

9.4.1 URPF Introduction

URPF (Unicast Reverse Path Forwarding) introduces the RPF technology applied in

multicast to unicast, so to protect the network from the attacks which is based on source

address cheat.

When switch receives the packet, it will search the route in the route table using the

source address as the destination address which is acquired from the packet. If the found

router exit interface does not match the entrance interface acquired from this packet, the

switch will consider this packet a fake packet and discard it.

9.4.2 URPF Operation Mechanism

At present the URPF operation mechanism is dependent on the ACL function

provided by the switch chip when enabling URPF on layer 3 interface.

First apply deny-all rule on all layer 2 ports under the layer 3 interface. All data

packet will be denied at the switch by default.

And then apply a rule to all the port under this layer 3 interface permitting the IP

address configured to the layer 3 interface which forms a direct route, so to ensure the

data packet sourced within the segment can enter the switch.

As for the route learnt by the switch which goes out through this layer 3 interface, if

there is any route in the hardware forwarding table in the switch which goes out from a

port under this layer 3 interface, then apply ACL rule on this port in which permitting

address of the packets is the destination address of this route.

With above operation, we can ensure that before the data reaches the port, only

those complying with above rules can enter the port and others will be dropped.

At present the URPF is applied with strict route check mechanism. Only the data

complying with rules can enter the switch through the port or be forwarded by the switch

As the priority of the ACL rules corresponding with URPF is low which will not block

various protocol data packet, so enabling this function will not affect the regular operation

of the switch routing protocols.

9.4.3 URPF Configuration Task Sequence

This manual is related to the following products:
See also other documents in the category Accton Technology Computer Accessories: