R3303-HP HSR6800 Routers Security Configuration Guide
56
NOTE:
URPF does not check multicast packets.
1. URPF checks source address validity:
{ Discards packets with the limited broadcast address (255.255. 255. 255) as the destination
address.
{ Discards packets with an all-zero source address but a destination address other than the
limited broadcast address. (A packet with source address 0.0.0.0 and destination address
255.255.255.255 might be a DHCP or BOOTP packet and cannot be discarded.)
{ Proceeds to step 2 for other packets.
2. URPF checks whether the source address matches a FIB entry:
{ If yes, proceeds to step 3.
{ If not, proceeds to step 5.
3. URPF checks whether the matching route is a default route:
{ If yes, URPF checks whether the allow-default-route keyword is configured to allow the default
route: if yes, proceeds to step 4. If not, proceeds to step 5.
{ If not, proceeds to step 4.
4. URPF checks whether the receiving interface matches the output interface of the matching FIB entry:
{ If yes, the packet passes the check and is forwarded.
{ If not, URPF checks whether the check mode is loose: if yes, the packet passes the check and is
forwarded. If not, proceeds to step 5.
5. URPF checks whether the packet is permitted by the ACL:
{ If yes, the packet is forwarded (such a packet is displayed in the URPF information as a
"suppressed drop").
{ If not, the packet is discarded.