Enabling Ipv6 Urpf; Displaying And Maintaining Ipv6 Urpf; Ipv6 Urpf Configuration Example - HPE FlexNetwork 7500 Series Security Configuration Manual

Enabling IPv6 uRPF

IPv6 uRPF checks only incoming packets on interfaces. You can enable IPv6 uRPF globally. Global
IPv6 uRPF takes effect on all interfaces of the device.
Follow these guidelines when you enable IPv6 uRPF:
•
IPv6 uRPF does not check packets received on the SA interface modules if the source IPv6
addresses of the packets have a prefix length longer than 64.
•
IPv6 uRPF does not check tunneled packets. For more information about tunneling, see Layer
3—IP Services Configuration Guide.
•
In an MPLS network, an egress node cannot perform strict IPv6 uRPF check on packets from
the penultimate hop to which the egress assigns an implicit null label. For more information
about the implicit null label, see MPLS Configuration Guide.
•
Do not configure the allow-default-route keyword for loose IPv6 uRPF check. Otherwise, IPv6
uRPF might fail to work.
To enable IPv6 uRPF globally:
Step
1. Enter system view.
2. Enable IPv6 uRPF globally.

Displaying and maintaining IPv6 uRPF

Execute display commands in any view.
Task
(In standalone mode.) Display IPv6 uRPF
configuration.
(In IRF mode.) Display IPv6 uRPF
configuration.

IPv6 uRPF configuration example

Network requirements
As shown in
Configure strict IPv6 uRPF check on Switch A and allow using the default route for IPv6 uRPF check.
Figure 138 Network diagram
Switch A
Configuration procedure
1. Configure strict IPv6 uRPF check on Switch B.
<SwitchB> system-view
Command
system-view
ipv6 urpf { loose | strict }
[ allow-default-route ]
Figure 138, configure strict IPv6 uRPF check on Switch B.
Switch B
Command
display ipv6 urpf [ slot slot-number ]
display ipv6 urpf [ chassis chassis-number slot
slot-number ]
IP network
453
Remarks
N/A
By default, IPv6 uRPF is disabled.