Unicast Reverse Path Forwarding URPF Loose Mode


 

Unicast Reverse Path Forwarding Loose Mode

This shows the concept of Unicast RPF loose mode. We have an ISP (A) router that is connected to two different upstream ISPs (B and C) and the traffic flows in and out of ISP A may be asymmetric. Imagine packet going out of ISP (A) towards ISP (C) then to the internet then to ISP (B) and back to ISP (A) so when outbound traffic goes out one link and returns via a different link must be accounted for by the Unicast RPF deployment. In this case, we will use the loose-mode configuration of Unicast RPF

In our scenario the config will only need to be applied on R1

interface S0/1
description – link to ISP C
ip address 192.168.200.225 255.255.255.252
no ip redirects
no ip directed-broadcasts
no ip proxy-arp
ip verify unicast source reachable-via any

interface S0/0
description – link to ISP B
ip address 172.16.100.9 255.255.255.252
no ip redirects
no ip directed-broadcasts
no ip proxy-arp
ip verify unicast source reachable-via any

Basically this is a security feature, to prevent spoofed source IP address. It prevent a router from processing a packet comming from an unknown source/wrong interface

Loose Mode: says, that as long as we have a route to the source IP address, its okay to route/process this packet. It doesnt matter what interface the packet comes in on

Strict Mode: This mode will further enforce the uRPF check, so that the incomming interface of the packet, must be the correct one, as dictated by the routing table.

Enjoy !

Tom

Advertisements

About ccie4all
Hello, and welcome to the first post of my CCIE blog This blog has got one simple goal and that is to improve our skills in Cisco Networking field so we can become best engineers on a job market. Wordpress Blog https://ccie4all.wordpress.com/ information about the changes made to Gns3 BGP , MPLS and R&S CCIE labs. In order to access and download all provided materials and receive important updates from Gns3 BGP , MPLS and R&S CCIE labs under GNS3 tab in the main header please go ahead and subscribe to https://ccie4all.wordpress.com/ ! All other posts have not been affected and can be accessed at any given time. Enjoy ! Tom

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: