Users Guide
Unicast Reverse Path Forwarding 1401
38
Unicast Reverse Path Forwarding
Dell EMC Networking N3000-ON, N3100-ON Series Switches
The Unicast Reverse Path Forwarding (uRPF) feature verifies that an
incoming packet has a path that is consistent with the local routing table. It
does so by doing a reverse check — that is, the source IP address look up is
done in the routing table and the reachability of the path determines if the
packet is forwarded or dropped.
An interface may be configured for uRPF source path validation in one of two
modes: loose or strict.
• In loose mode, a packet is considered valid if there is a path to the source
IP address on any interface.
• Strict mode considers a packet valid only if the path to the source IP
address is the interface on which the packet was received.
If the path is valid, the packet is forwarded. If the path is invalid, the uRPF
counters are incremented and the packet is discarded.
Dell EMC uRPF also supports the allow-default option (refer to RFC 3704).
The allow-default option, when used with loose mode, considers the default
route in the routing table if the specified prefix is not found. A packet is
considered valid when the IP address is not found in the routing table, but a
default route is present. This option is generally used by the administrator on
upstream interfaces.
The allow-default option, when used with strict mode, considers a packet as
valid only if the packet arrives on the interface(s) where the default route is
learned.
uRPF validation is not performed for the following:
1
Packets where the destination IP address is not a unicast address. This
applies to both IPv4 and IPv6 addresses.
2
Packets where the source IP address is a link-local IPv6 address.
3
BOOTP/DHCP packets (SIP is 0.0.0.0 and DIP is FF.FF.FF.FF).