37-4
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 37 Configuring Unicast Reverse Path Forwarding
About Unicast Reverse Path Forwarding
Figure 37-2 Unicast RPF Dropping Packets That Fail Verification
Implementing Unicast RPF
Unicast RPF has several key implementation principles:
• The packet must be received at an interface that has the best return path (route) to the packet source
(a process called symmetric routing). There must be a route in the FIB matching the route to the
receiving interface. Adding a route in the FIB is done with a static route, network statement, or
dynamic routing. (ACLs permit the use of Unicast RPF when packets will arrive by specific, less
optimal asymmetric input paths.)
• IP source addresses at the receiving interface must match the routing entry for the interface.
• Unicast RPF is an input function and is applied only on the input interface of a switch at the
upstream end of a connection.
Given these implementation principles, Unicast RPF becomes a tool that network administrators can use
not only for their customers but also for their downstream network or ISP, even if the downstream
network or ISP has other connections to the Internet.
Caution Using optional BGP attributes such as weight and local preference, you can modify the best path back
to the source address. Modification affects the operation of Unicast RPF.
Destination address x.x.x.x
Source address 209.165.200.225
Unicast
RPF
In
Drop
Out
Routing table:
192.168.0.0 via 172.19.66.7
172.19.0.0 is directly connected, FDDI 2/0/0
CEF table:
192.168.0.0 172.19.66.7 FDDI 2/0/0
172.19.0.0 attached FDDI 2/0/0
Adjacency table:
FDDI 2/0/0 172.19.66.7 50000603E...AAAA03000800
RPF checks to see if
the reverse path for
the source address
matches the input port
If not okay, RPF
drops the packet
33403
Data IP header
Data IP header
To Next Page
Loading...
Need help?
General
