Unicast Rpf Implementation; Unicast Rpf Packet Filtering; Bootstrap Protocol (Bootp) And Dhcp Requests; Default Route Handling - Juniper EX2200 Hardware Manual
Junos osfor exseries ethernetswitches
Hide thumbs
Also See for EX2200:
- Hardware manual (288 pages) ,
- User manual (238 pages) ,
- Complete hardware manual (176 pages)
Table of Contents
Advertisement
Network Interfaces for EX4300 Switches
Unicast RPF Implementation
When to Enable Unicast RPF
20
For more information about strict unicast RPF, see RFC 3704, Ingress Filtering for
Multihomed Networks at http://www.ietf.org/rfc/rfc3704.txt.
This section includes:
Unicast RPF Packet Filtering on page 20
Bootstrap Protocol (BOOTP) and DHCP Requests on page 20
Default Route Handling on page 20
Unicast RPF Packet Filtering
When you enable unicast RPF on the switch, the switch handles traffic in the following
manner:
If the switch receives a packet on the interface that is the best return path to the unicast
source address of that packet, the switch forwards the packet.
If the best return path from the switch to the packet's unicast source address is not
the receiving interface, the switch discards the packet.
If the switch receives a packet that has a source IP address that does not have a routing
entry in the forwarding table, the switch discards the packet.
Bootstrap Protocol (BOOTP) and DHCP Requests
Bootstrap protocol (BOOTP) and DHCP request packets are sent with a broadcast MAC
address and therefore the switch does not perform unicast RPF checks on them. The
switch forwards all BOOTP packets and DHCP request packets without performing
unicast RPF checks.
Default Route Handling
If the best return path to the source is the default route (
points to
, the switch discards the packets. If the default route points to a valid
reject
network interface, the switch performs a normal unicast RPF check on the packets.
Enable unicast RPF when you want to ensure that traffic arriving on a network interface
comes from a source that resides on a network that that interface can reach. You can
enable unicast RPF on untrusted interfaces to filter spoofed packets. For example, a
common application for unicast RPF is to help defend an enterprise network from
DoS/DDoS attacks coming from the Internet.
Enable unicast RPF only on symmetrically routed interfaces. A symmetrically routed
interface uses the same route in both directions between the source and the destination,
as shown in
Figure 3 on page
a packet, the switch uses the same interface to send a reply to the packet source (the
receiving interface matches the forwarding-table entry for the best return path to the
source).
21. Symmetrical routing means that if an interface receives
Copyright © 2015, Juniper Networks, Inc.
0.0.0.0
) and the default route
- Quick Links:
- Network Interfaces
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
