Configuring urpf – H3C Technologies H3C S7500E Series Switches User Manual

15-2

1) First, URPF checks the source address validity, and then:

z

Discards packets with broadcast source addresses.

z

Discards packets with all-zero source addresses but non-broadcast destination addresses. (A

packet with source address 0.0.0.0 and destination address 255.255.255.255 might be a DHCP

packet, and thus is not discarded.)

2) If the source address of an incoming packet is found in the FIB table:

URPF does a reverse route lookup for routes to the source address of the packet. If at least one

outgoing interface of such a route matches the receiving interface, the packet passes the check.

Otherwise, the packet is rejected.

3) If the source address is not found in the FIB table:

z

If a default route is configured, URPF lets the packet pass if the outgoing interface of the default

route is the receiving interface, and otherwise rejects it.

z

If a default route is not configured, the packet is discarded.

Configuring URPF

Follow these steps to configure URPF globally:

To do...

Use the command…

Remarks

Enter system view

system-view

––

Enable URPF check globally

ip urpf strict

Required

Disabled by default.

After you enable the URPF function on an S7500E series Ethernet switch, a half reduction of route

entries may occur. For relevant information, refer to

Table 15-1

.

Table 15-1 SRPUs/LPUs on which route entries half reduction may occur

SRPU model

LPU model

Route entries half reduction may

occur on

LSQ1SRP1CB, LSQ1MPUA,

LSQ1MPUB, LSQ1SRPA

SC LPU

LSQ1SRP2XB, LSQ1SRPB,

LSQ1CGP24TSC,

LSQ1SRPD,

LSQ1SRP12GB,

LSQ1CGV24PSC

z

SC LPU (with the last two letters

of the LPU model being SC,

such as LSQ1GP48SC)

z

SD LPU (with the last two letters

of the LPU model being SD,

such as LSQ1GP48SD)

z

EB LPU (with the last two letters

of the LPU model being EB,

such as LSQ1GP48EB)

SC LPU and

SRPU

SD LPU and EB

LPU (not working

in the route

extension mode)