If yes, proceeds to step 5.
If not, proceeds to step 4.
URPF checks whether the receiving interface matches the output interface of the matching FIB entry.
4.
If yes, proceeds to step 8.
If not, proceeds to step 9.
URPF checks whether the source IP address matches an ARP entry.
5.
If yes, proceeds to step 8.
If not, proceeds to step 9.
URPF checks whether the FIB table has a default route.
6.
If yes, proceeds to step 7.
If not, proceeds to step 9.
URPF checks whether the output interface of the default route matches the receiving interface of the
7.
packet.
If yes, proceeds to step 8.
If not, proceeds to step 9.
The packet passes the check and is forwarded.
8.
The packet is discarded.
9.
Configuring URPF
To configure URPF globally:
Step
1.
Enter system view.
2.
Enable URPF check globally.
NOTE:
The routing table size decreases by half when URPF is enabled on the HP 6125 Blade switches.
•
•
To prevent loss of routes and packets, URPF cannot be enabled if the number of route entries the switch
maintains exceeds half the routing table size.
URPF configuration example
Network requirements
As shown in
check on Switch A and Switch B to prevent source address spoofing attacks.
Figure 82 Network diagram
Command
system-view
ip urpf strict }
Figure
82, a client (Switch A) directly connects to the ISP switch (Switch B). Enable URPF
257
Remarks
N/A
Disabled by default