Infrastructure Security - Troubleshooting Unicast Reverse Path Forwarding (uRPF)
3 important questions on Infrastructure Security - Troubleshooting Unicast Reverse Path Forwarding (uRPF)
What is Unicast Reverse Path Forwarding (uRPF)?
- A security feature that limits or eliminates spoofed ip packets on a network
- Examines source IP address of a packet for validity
- Cisco Express Forwarding (CEF) needed to work
What are the 3 different modes Unicast Revers Path Forwarding (uRPF) can operate in?
- Strict
Router checks if the source IP address of the packet is reached through the same interface it was received on and if it's not the default route. - Loose
Router checks if it has a valid route for the source IP address of the packet which is not a default route. - VRF
Same as loose mode. However, it only check interfaces which are in the same VRF as the ingress interface.
How is Unicast Reverse Path Forwarding (uRPF) configured?
ip verify unicast source reachable-via {rx | Any} [allow-default] [allow-self-ping] [list]
Where:
rx = strict mode
Any = loose mode
allow-default = use when return path is interfase that has default route
allow-self-ping = allows router to ping own interface
list = ACL for which traffic uRPF should be performed
The question on the page originate from the summary of the following study material:
- A unique study and practice tool
- Never study anything twice again
- Get the grades you hope for
- 100% sure, 100% understanding