R2511-HP MSR Router Series Security Configuration Guide(V5)
459
Figure 145 shows how URPF works.
Figure 145 URPF work flow
1. URPF checks source address validity:
{ Discards packets with a source broadcast address.
{ Discards packets with an all-zero source address but a non-broadcast destination address. (A
packet with source address 0.0.0.0 and destination address 255.255.255.255 might be a
DHCP or BOOTP packet and cannot be discarded.)
{ Proceeds to step 2 for other packets.
2. URPF checks whether the source address matches a FIB entry:
{ If yes, proceeds to step 3.
{ If not, proceeds to step 5.
Check the received
packet
A broadcast
source address?
An all-zero
source address?
Does
the source
address match a
FIB entry?
A
broadcast destination
address?
A default route?
Is
the default route
allowed for URPF
check?
Does
the receiving
interface match the
output interface of
the matching FIB
entry?
Loose URPF?
Check passed
Discard
Does the
ACL permit the
packet?
Yes
Yes
Yes
Yes
No
No
Yes
No
No
Yes
Yes
Yes
No
No
No
Yes
No
No