URPF (Unicast reverse path forwarding)
enable the router to verify the reachablity of the source address in packets being forwarded.If the source address is not valid, the packet is discarded.use to help limit the malicious traffic on the enterprise network.URPF works on 1 of 3 mode - Strict, Loose and VRF mode.
Strict mode- same interface of in/out packets. (legitimate traffic may drop in asymmetric routing)
loose mode - check routing table for in packets. ACL may also be specified. Better for asymmetric routing.
Configuration
ip cef must turn on
under interface config mode
ip verify unicast reverse-path
http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html
Sunday, June 29, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment