Implementing Unicast Rpf - Cisco Catalyst 4500 Series Software Configuration Manual

About Unicast Reverse Path Forwarding
Figure 37-2
Destination address x.x.x.x
Source address 209.165.200.225

Implementing Unicast RPF

Unicast RPF has several key implementation principles:
•
•
•
Given these implementation principles, Unicast RPF becomes a tool that network administrators can use
not only for their customers but also for their downstream network or ISP, even if the downstream
network or ISP has other connections to the Internet.
Using optional BGP attributes such as weight and local preference, you can modify the best path back
Caution
to the source address. Modification affects the operation of Unicast RPF.
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
37-4
Unicast RPF Dropping Packets That Fail Verification
Routing table:
192.168.0.0 via
172.19.0.0
CEF table:
192.168.0.0 172.19.66.7
172.19.0.0
Adjacency table:
FDDI 2/0/0
Data IP header
RPF checks to see if
the reverse path for
the source address
matches the input port
The packet must be received at an interface that has the best return path (route) to the packet source
(a process called symmetric routing). There must be a route in the FIB matching the route to the
receiving interface. Adding a route in the FIB is done with a static route, network statement, or
dynamic routing. (ACLs permit the use of Unicast RPF when packets will arrive by specific, less
optimal asymmetric input paths.)
IP source addresses at the receiving interface must match the routing entry for the interface.
Unicast RPF is an input function and is applied only on the input interface of a switch at the
upstream end of a connection.
Chapter 37
172.19.66.7
is directly connected, FDDI 2/0/0
FDDI 2/0/0
attached FDDI 2/0/0
172.19.66.7 50000603E...AAAA03000800
Unicast
RPF
In Out
Drop
Data IP header
Configuring Unicast Reverse Path Forwarding
If not okay, RPF
drops the packet