Disabling Unicast Rpf (Cli Procedure) - Juniper JUNOS OS 10.3 - SOFTWARE Manual

Related
Documentation

Disabling Unicast RPF (CLI Procedure)

Copyright © 2010, Juniper Networks, Inc.
interface, unicast RPF is still implicitly enabled globally on the switch. The
drawback to this approach is that the switch displays the flag that indicates
that unicast RPF is enabled only on interfaces on which unicast RPF is
explicitly enabled, so even though unicast RPF is enabled on all interfaces,
this status is not displayed.
Enabling unicast RPF explicitly on all interfaces makes it easier to know
whether unicast RPF is enabled on the switch because every interface
shows the correct status. (Only interfaces on which you explicitly enable
unicast RPF display the flag that indicates that unicast RPF is enabled.)
The drawback to this approach is that if you want to disable unicast RPF,
you must explicitly disable it on every interface. If unicast RPF is enabled
on any interface, it is implicitly enabled on all interfaces.
Example: Configuring Unicast RPF on an EX Series Switch on page 1134
Verifying Unicast RPF Status on page 1171
Disabling Unicast RPF (CLI Procedure) on page 1163
Troubleshooting Unicast RPF on page 1178
Understanding Unicast RPF for EX Series Switches on page 1105
Unicast reverse-path forwarding (RPF) can help protect your LAN from denial-of-service
(DoS) and distributed denial-of-service (DDoS) attacks on untrusted interfaces. Unicast
RPF filters traffic with source addresses that do not use the incoming interface as the
best return path back to the source. If the network configuration changes so that an
interface that has unicast RPF enabled becomes a trusted interface or becomes
asymmetrically routed (the interface that receives a packet is not the best return path
to the packet's source), disable unicast RPF.
To disable unicast RPF on an EX3200 or EX4200 switch, you must delete it from every
interface on which you explicitly configured it. If you do not disable unicast RPF on every
interface on which you explicitly enabled it, it remains implicitly enabled on all interfaces.
If you attempt to delete unicast RPF from an interface on which it was not explicitly
enabled, the message warning: statement not found
RPF on every interface on which you explicitly enabled it, unicast RPF remains implicitly
enabled on all interfaces of the EX3200 or EX4200 switch.
On EX8200 switches, the switch does not apply unicast RPF to an interface unless you
explicitly enable that interface for unicast RPF.
Chapter 52: Configuring Interfaces
displays. If you do not disable unicast
1163