Chapter21
IPv6URPFConguration
TableofContents
URPFOverview.......................................................................................................21-1
ConguringIPv6URPF............................................................................................21-2
IPv6URPFCongurationInstances.........................................................................21-3
21.1URPFOverview
URPFIntroduction
UnicastReversePathForwarding(URPF)canpreventthenetworkattackbehaviorthatis
basedonsourceaddressspoong.
BycheckingthesourceIPaddressescontainedinpackets,URPFdecideswhethertrafc
isvalidandwhethertoforwardordropthepacketsaccordingtotheinterfaceonwhich
packetsarereceivedandwhethertheroutesofthesourceaddressesexistintherouting
table.
URPFisdividedintothreekinds.
lsRPF:strictURPF
llRPF:looseURPF
llnRPF:URPFignoringdefaultroute
StrictRPF
StrictRPFisaneasiermethodtoltersourceaddress.Itperformsroutinglookupbysource
addressandestimateswhethertheegressinterfaceofreturnpathisconsistentwiththe
ingressinterfaceofthepacketsarriving.Iftheyareconsistent,theforwardingcontinues.
Iftheyareinconsistent,URPFACLmatchingisconsidered.IfURPFACLmatchingisnot
performed,thenthepacketsarediscardeddirectly.Conversely,ifURPFACLmatchingis
performedandtheresultismatched,theforwardingcontinues.Iftheresultisnotmatched,
thepacketsarediscarded.
StrictRPFisonlyapplicabletoroutesymmetry.Thatis,whenthepacketsenterfrom
adirection,itsentrancepathisthesamewithitsreturnpath.However,theroutepaths
normallyareasymmetricbetweenISPs.Atthesametime,ifsomeBGPvalidnetwork
segmentaddressesarenotadvertisedoracceptedbyISPpolicy,sRPFjustlikeanACL
withincompleteconguration.Somevaliddataowwillbediscardedbecauseoflackof
informationintheforwardingtableofthelterrouter.
21-1
SJ-20140504150128-018|2014-05-10(R1.0)ZTEProprietaryandCondential
To Next Page
Loading...
