652
C
44: URPF C
HAPTER
Configuring URPF
ONFIGURATION
In loose approach, URPF does a reverse lookup for the outgoing interfaces of
■
the packet. As long as an outgoing interface exists (no matter whether the
outgoing interface is consistent with the incoming interface), the packet passes
the check. Otherwise, the packet is dropped.
2 If the source address is not found in the FIB table, URPF makes a decision based on
the configuration of default route (the one configured on the router that received
the packet) and the allow-default-route keyword.
If a default route is available but the allow-default-route keyword is not
■
configured, the packet is rejected no matter which check approach is taken.
If both a default route and the allow-default-route argument are configured,
■
URPF's decision depends on check approach. In strict approach, URPF lets the
packet pass and be forwarded normally if the outgoing interface of the default
route is the interface where the packet is received, and otherwise rejects it. In
loose approach, URPF lets the packet pass and be forwarded directly.
3 The packet will come to ACL check if and only if it is rejected. If the packet passes
ACL check, it is forwarded as normal; otherwise, it is discarded.
Follow these steps to configure URPF:
To do...
Enter system view
Enter interface view
Enable URPF check
Use the command...
system-view
interface interface-type
interface-number
ip urpf { loose | strict }
[ allow-default-route ] [ acl
acl-number ]
Remarks
--
--
Required
Disabled by default.