1 ip urpf operating mechanism, 2 urpf configuration task sequence – PLANET XGS3-24040 User Manual

Chapter 21 Layer 3 Forward Configuration

21-17

21.4.1.1 IP URPF Operating Mechanism

At present the UPRF relies on the ACL function provided by the switch chips.

Firstly, globally enable the URPF function to monitor the changes in the router table: create a corresponding

URPF permit ACL rule for each router in the router table FIB. In URPF strict mode, the format of ACL rules is:

the source address segments of inbound packets + the ingress interface VID of inbound packets. The source

address segments of inbound packets are in correspondence with the destination address segments in the

FIB router table entries, while the ingress interface VID of inbound packets with the egress interface VID in the

FIB router table entries. In URPF loose mode, the format of ACL rules is the source address segments of

inbound packets, which are in correspondence with destination address segments in the FIB router table

entries.

After enabling URPF on the port: bind the port to RUPF rules, and create the default hardware for DENY ALL

rule distribution.

The above operations will guarantee that, when data reach the port, only those match the rules can pass

through it with all others dumped.

The present corresponding ACL rule privilege is low, not blocking all kinds of protocol packets; hence,

enabling this function will not affect the normal operation of routing protocols of the switch.

21.4.2 URPF Configuration Task Sequence

1.

Enable URPF

2.

Enable URPF on port

3.

Display and debug URPF relevant information

1. Globally enable URPF

Command

Explanation

Global mode

urpf enable

no urpf enable

Globally enable and disable URPF.

2. Enable URPF on port

Command

Explanation

Port mode

ip urpf enable {loose | strict}

{allow-default-route }

no ip urpf enable

Enable and disable URPF on port.