Reverse Path Forwarding; Rpf Checks; Triggered Rpf Checks; Rpf Failover - Cisco Catalyst 3850 series Configuration Manual
Ip multicast routing configuration guide
Hide thumbs
Also See for Catalyst 3850 series:
- Configuration manual (58 pages) ,
- Hardware installation manual (146 pages)
Table of Contents
Advertisement
IP Multicast Optimization: Multicast Subsecond Convergence
Related Topics
Modifying the PIM Router Query Message Interval, on page 344
Modifying the PIM Router Query Message Interval Example, on page 347
Reverse Path Forwarding
Unicast Reverse Path Forwarding (RPF) helps to mitigate problems caused by the introduction of malformed
or forged IP source addresses into a network by discarding IP packets that lack a verifiable IP source address.
Malformed or forged source addresses can indicate denial-of-service (DoS) attacks based on source IP address
spoofing.
RPF uses access control lists (ACLs) in determining whether to drop or forward data packets that have
malformed or forged IP source addresses. An option in the ACL commands allows system administrators to
log information about dropped or forwarded packets. Logging information about forged packets can help in
uncovering information about possible network attacks.
Per-interface statistics can help system administrators quickly discover the interface serving as the entry point
for an attack on the network.
RPF Checks
PIM is designed to forward IP multicast traffic using the standard unicast routing table. PIM uses the unicast
routing table to decide if the source of the IP multicast packet has arrived on the optimal path from the source.
This process, the RPF check, is protocol-independent because it is based on the contents of the unicast routing
table and not on any particular routing protocol.
Related Topics
Modifying the Periodic RPF Check Interval, on page 342
Example Modifying the Periodic RPF Check Interval, on page 346
Triggered RPF Checks
Multicast subsecond convergence provides the ability to trigger a check of RPF changes for mroute states.
This check is triggered by unicast routing changes. By performing a triggered RPF check, users can set the
periodic RPF check to a relatively high value (for example, 10 seconds) and still fail over quickly.
The triggered RPF check enhancement reduces the time needed for service to be restored after disruption,
such as for single service events (for example, in a situation with one source and one receiver) or as the service
scales along any parameter (for example, many sources, many receivers, and many interfaces). This
enhancement decreases in time-to-converge PIM (mroute), IGMP, and MSDP (SA cache) states.
RPF Failover
In an unstable unicast routing environment that uses triggered RPF checks, the environment could be constantly
triggering RPF checks, which places a burden on the resources of the device. To avoid this problem, use the
ip multicast rpf backoff command to prevent a second triggered RPF check from occurring for the length
OL-32598-01
IP Multicast Routing Configuration Guide, Cisco IOS XE Release 3.6E (Catalyst 3850 Switches)
Reverse Path Forwarding
341
- Quick Links:
- Prerequisites for Using the Web Gui
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
