H3C MSR Series Command Reference Manual page 1151

strict: Enables strict IPv6 uRPF check. To pass strict IPv6 uRPF check, the source address and
receiving interface of a packet must match the destination address and output interface of an IPv6
FIB entry.
allow-default-route: Allows using the default route for IPv6 uRPF check.
acl acl-number: Specifies an IPv6 ACL by its number.
•
For a basic IPv6 ACL, the value range is 2000 to 2999.
•
For an advanced IPv6 ACL, the value range is 3000 to 3999.
Usage guidelines
IPv6 uRPF can be deployed on a CE or on a PE connected to either a CE or another ISP.
Configure strict IPv6 uRPF check on a PE interface connected to a CE, and configure loose IPv6
uRPF check on a PE interface connected to another ISP.
For asymmetrical routing, configure loose IPv6 uRPF to avoid discarding valid packets. For
symmetrical routing, configure strict IPv6 uRPF. An ISP usually adopts symmetrical routing on a PE
device.
Typically, you do not need to configure the allow-default-route keyword on a PE device, because it
has no default route pointing to a CE. If you enable uRPF on a CE that has a default route pointing to
the PE, specify the allow-default-route keyword.
You can use an ACL to match specific packets, so they are forwarded even if they fail to pass IPv6
uRPF check.
Examples
# Configure strict IPv6 uRPF check on interface GigabitEthernet 1/0/2 and allow using the default
route and IPv6 ACL 2999 to match packets.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/2
[Sysname-GigabitEthernet1/0/2] ipv6 urpf strict allow-default-route acl 2999
# Configure loose IPv6 uRPF check on interface GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 urpf loose
Related commands
display ipv6 urpf
1128