Understanding Unicast Rpf; Unicast Rpf For Switches Overview - Juniper EX2200 Hardware Manual
Junos osfor exseries ethernetswitches
Hide thumbs
Also See for EX2200:
- Hardware manual (288 pages) ,
- User manual (238 pages) ,
- Complete hardware manual (176 pages)
Table of Contents
Advertisement
Understanding Unicast RPF
Unicast RPF for Switches Overview
Copyright © 2015, Juniper Networks, Inc.
Unicast reverse-path forwarding (RPF) helps protect the switch against denial-of-service
(DoS) and distributed denial-of-service (DDoS) attacks by verifying the unicast source
address of each packet that arrives on an ingress interface where unicast RPF is enabled.
It also helps ensure that traffic arriving on ingress interfaces comes from a network source
that the receiving interface can reach.
When you enable unicast RPF, the switch forwards a packet only if the receiving interface
is the best return path to the packet's unicast source address. This is known as strict
mode unicast RPF.
NOTE:
On Juniper Networks EX3200, EX4200, and EX4300 Ethernet
Switches, the switch applies unicast RPF globally to all interfaces when
unicast RPF is configured on any interface. For additional information, see
"Limitations of the Unicast RPF Implementation on EX3200, EX4200, and
EX4300 Switches" on page
This topic covers:
Unicast RPF for Switches Overview on page 19
Unicast RPF Implementation on page 20
When to Enable Unicast RPF on page 20
When Not to Enable Unicast RPF on page 21
Limitations of the Unicast RPF Implementation on EX3200, EX4200, and EX4300
Switches on page 22
Unicast RPF functions as an ingress filter that reduces the forwarding of IP packets that
might be spoofing an address. By default, unicast RPF is disabled on the switch interfaces.
The type of unicast RPF provided on the switches—that is, strict mode unicast RPF is
especially useful on untrusted interfaces. An untrusted interface is an interface where
untrusted users or processes can place packets on the network segment.
The switch supports only the active paths method of determining the best return path
back to a unicast source address. The active paths method looks up the best reverse
path entry in the forwarding table. It does not consider alternate routes specified using
routing-protocol-specific methods when determining the best return path.
If the forwarding table lists the receiving interface as the interface to use to forward the
packet back to its unicast source, it is the best return path interface.
Use strict mode unicast RPF only on symmetrically routed interfaces. (For information
about symmetrically routed interfaces, see
Chapter 1: Interfaces Overview
22.
"When to Enable Unicast RPF" on page
20.)
19
- Quick Links:
- Network Interfaces
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
