Unicast RPF Behavior with a Default Route
If you configure a default route that uses an interface configured with unicast RPF, unicast
RPF behaves as follows:
•
Loose mode—All packets are automatically accepted. For this reason, we recommend
that you not configure unicast RPF loose mode on interfaces that the default route
uses.
•
Strict mode—The packet is accepted when either of the following is true:
•
The source address of the packet matches any of the routes (either default or
learned) that can be originated from the interface. Note that routes can have multiple
destinations associated with them; therefore, if one of the destinations matches the
incoming interface of the packet, the packet is accepted.
•
The source address of the packet does not match any of the routes.
The packet is not accepted when either of the following is true:
•
The source address of the packet does not match a prefix in the routing table.
•
The interface does not expect to receive a packet with this source address prefix.
Unicast RPF Behavior Without a Default Route
If you do not configure a default route, or if the default route does not use an interface
configured with unicast RPF, unicast RPF behaves as described in “Configuring Unicast
RPF Strict Mode” on page 805 and “Configuring Unicast RPF Loose Mode” on page 806. To
summarize, unicast RPF without a default route behaves as follows:
•
Strict mode—The packet is not accepted when either of the following is true:
•
The packet has a source address that does not match a prefix in the routing table.
•
The interface does not expect to receive a packet with this source address prefix.
•
Loose mode—The packet is not accepted when the packet has a source address that
does not match a prefix in the routing table.
Configuring Unicast RPF on a VPN
You can configure unicast RPF on a VPN interface by enabling unicast RPF on the interface
and including the interface statement at the [editrouting-instances routing-instance-name]
hierarchy level.
You can configure unicast RPF only on the interfaces you specify in the routing instance.
This means the following:
•
For Layer 3 VPNs, unicast RPF is supported on the CE router interface.
•
Unicast RPF is not supported on core-facing interfaces.
807Copyright © 2017, Juniper Networks, Inc.
Chapter 25: Configuring Layer 2 and Layer 3 Services
To Next Page
Loading...
Need help?
General
