540
Configure strict uRPF check on a PE interface connected to a CE, and configure loose uRPF check on a
PE interface connected to another ISP.
For asymmetrical routing where the interface receiving upstream traffic is different from the interface
forwarding downstream traffic on a PE device, configure loose uRPF to avoid discarding valid packets.
If the two interfaces are the same (symmetrical routing), configure strict uRPF. An ISP usually adopts
symmetrical routing on a PE device.
Typically, you do not need to configure the allow-default-route keyword on a PE device, because it has
no default route pointing to a CE. If you enable uRPF on a CE that has a default route pointing to the PE,
select the allow-default-route keyword.
You can use an ACL to match specific packets, so they are forwarded even if they fail to pass uRPF check.
If a Layer-3 PE interface connects a large number of PCs, configure the link-check keyword on the
interface to enable link layer check. uRPF checks the validity of the source MAC address.
Examples
# Configure strict uRPF check on interface GigabitEthernet 2/1/2, which allows using the default route
and uses ACL 2999 to match packets.
<Sysname>system-view
[Sysname]interface gigabitethernet 2/1/2
[Sysname-GigabitEthernet2/1/2]ip urpf strict allow-default-route acl 2999
# Configure loose uRPF check on interface GigabitEthernet 2/1/1.
<Sysname>system-view
[Sysname]interface gigabitethernet 2/1/1
[Sysname-GigabitEthernet2/1/1]ip urpf loose
Related commands
display ip urpf
To Next Page
Loading...
Need help?
General
