HP ProCurve 9304M Security Manual page 150

Security Guide for ProCurve 9300/9400 Series Routing Switches
Figure 9.1 Unicast RPF configuration
In this configuration, interface e 1/1 is specified as an external interface for unicast RPF. CAM entries are created
for that interface that deny incoming packets with source addresses from the 192.168.9.x network.
The HP device's loopback interface/network is also considered an internally learned route. In the example,
Incoming packets on interface e 1/1 that have a source address corresponding to the HP device's loopback
interface/network are dropped.
For interfaces that can receive packets from the internal network as well as from external sources, you identify the
interface as an external interface; this prevents the HP device from creating RPF CAM entries for routes learned
on the interface. For example, in the configuration in Figure 9.2, interface 2/1 can receive packets from the
Internet as well as from the internal network.
9 - 2
Internet
External Interface
e 1/1 10.10.2.1
e 3/1 192.168.3.1
Layer 2 Switch
Network 192.168.30.x
June 2005