Manualshelf

HP VPN Firewall Appliances Attack Protection Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
121122123124125126127128129130
119
{ Discards packets with an all-zero source address but a non-broadcast destination address. (A
packet with source address 0.0.0.0 and destination address 255.255.255.255 might be a
DHCP or BOOTP packet and cannot be discarded.)
{ Proceeds to step 2 for other packets.
2. URPF checks whether the source address matches a FIB entry:
{ If yes, proceeds to step 3.
{ If not, proceeds to step 5.
3. URPF checks whether the matching route is a default route:
{ If yes, URPF checks whether the allow-default-route keyword is configuredIf yes, proceeds to
step 4. If not, proceeds to step 5.
{ If not, proceeds to step 4.
4. URPF checks whether the receiving interface matches the output interface of the matching FIB entry:
{ If yes, the packet passes URPF check and is forwarded.
{ If not, URPF checks whether the check mode is loose—If yes, the packet passes URPF check and
is forwarded. If not, proceeds to step 5.
5. URPF checks whether the packet is permitted by the ACL:
{ If yes, the packet is forwarded (such a packet is displayed in the URPF information as a
"suppressed drop").
{ If not, the packet is discarded.
Network application
Figure 99 Network diagram
Configure strict URPF check between an ISP network and a customer network, and loose URPF
check between ISPs.