Manualshelf

Users Guide

ManualsBrandsDell ManualsAccess PlatformsEMC PowerSwitch N3100 Series
1851185218531854185518561857185818591860
Layer 3 Routing Commands 1854
Unicast Reverse Path Forwarding
Commands
Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series
Switches
Unicast Reverse Path Forwarding (uRPF) is a powerful security tool that helps
limit the problems that are caused by malformed or spoofed IP source
addresses by discarding IP packets that lack a verifiable IP source address. For
example, DoS attacks like Smurf and Tribe Flood Network (TFN) forge or
rapidly change source IP addresses to cause a flood of useless packets that
choke the network. Unicast RPF deflects such attacks by forwarding only
packets that have source addresses that are valid and consistent with the IP
routing table. This defensive action protects the network of the ISP, its
customer, and the rest of the Internet.
Dell EMC Networking supports two uRPF modes:
Strict Mode: The path to the source IP address must be through the same
interface as that on which the packet arrived.
Loose mode: The path to the source IP address can be through any
interface on the device. The packet need not need to arrive on the same
routing interface to which the source IP route lookup is resolved in order to
pass the uRPF check.
system urpf enable
Use the system urpf enable command to globally enable uRPF checking of
routes. Use the no form of the command to disable uRPF checking.
Syntax
system urpf enable
no system urpf enable
Default Configuration
By default uRPF checking is disabled.