Wednesday, April 4, 2018

Unicast Reverse Path Forwarding (uRPF)

Reference:
RFC 5635

Article 1



Article 2



Article 3





R2#sho cef interface fastEthernet 0/0

FastEthernet0/0 is up (if_number 3)

  Corresponding hwidb fast_if_number 3

  Corresponding hwidb firstsw->if_number 3

  Internet address is 12.1.1.2/24

  ICMP redirects are always sent

  Per packet load-sharing is disabled

  IP unicast RPF check is enabled

  Input features: uRPF

  IP policy routing is disabled

  BGP based policy accounting on input is disabled

  BGP based policy accounting on output is disabled

  Hardware idb is FastEthernet0/0

  Fast switching type 1, interface type 18

  IP CEF switching enabled

  IP CEF switching turbo vector

  IP CEF turbo switching turbo vector

  IP prefix lookup IPv4 mtrie 8-8-8-8 optimized

  Input fast flags 0x4000, Output fast flags 0x0

  ifindex 3(3)

  Slot  Slot unit 0 VC -1

  IP MTU 1500













R2#show cef interface fastEthernet 1/0

FastEthernet1/0 is up (if_number 4)

  Corresponding hwidb fast_if_number 4

  Corresponding hwidb firstsw->if_number 4

  Internet address is 23.1.1.2/24

  ICMP redirects are always sent

  Per packet load-sharing is disabled

  IP unicast RPF check is disabled

  IP policy routing is disabled

  BGP based policy accounting on input is disabled

  BGP based policy accounting on output is disabled

  Hardware idb is FastEthernet1/0

  Fast switching type 1, interface type 18

  IP CEF switching enabled

  IP CEF switching turbo vector

  IP CEF turbo switching turbo vector

  IP prefix lookup IPv4 mtrie 8-8-8-8 optimized

  Input fast flags 0x0, Output fast flags 0x0

  ifindex 4(4)

  Slot  Slot unit 0 VC -1

  IP MTU 1500











R2#show ip traffic

IP statistics:

  Rcvd:  378 total, 363 local destination

         0 format errors, 0 checksum errors, 10 bad hop count

         0 unknown protocol, 0 not a gateway

         0 security failures, 0 bad options, 0 with options

  Opts:  0 end, 0 nop, 0 basic security, 0 loose source route

         0 timestamp, 0 extended security, 0 record route

         0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump

         0 other

  Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble

         0 fragmented, 0 fragments, 0 couldn't fragment

  Bcast: 0 received, 0 sent

  Mcast: 354 received, 363 sent

  Sent:  372 generated, 35 forwarded

  Drop:  1 encapsulation failed, 0 unresolved, 0 no adjacency

         0 no route, 10 unicast RPF, 0 forced drop

         0 options denied

  Drop:  0 packets with source IP address zero

  Drop:  0 packets with internal loop back IP address

         0 physical broadcast

  Reinj: 0 in input feature path, 0 in output feature path



ICMP statistics:

  Rcvd: 0 format errors, 0 checksum errors, 0 redirects, 0 unreachable

        0 echo, 0 echo reply, 0 mask requests, 0 mask replies, 0 quench

        0 parameter, 0 timestamp, 0 timestamp replies, 0 info request, 0 other

        0 irdp solicitations, 0 irdp advertisements

        0 time exceeded, 0 info replies

  Sent: 0 redirects, 0 unreachable, 0 echo, 0 echo reply

        0 mask requests, 0 mask replies, 0 quench, 0 timestamp, 0 timestamp replies

        0 info reply, 0 time exceeded, 0 parameter problem

        0 irdp solicitations, 0 irdp advertisements



UDP statistics:

  Rcvd: 0 total, 0 checksum errors, 0 no port 0 finput



!------------------------------ output ommitted ---------- 











 R2#show ip traffic | include RPF

         0 no route, 15 unicast RPF, 0 forced drop



R1#ping 3.3.3.3 source 111.111.111.111      .....





R2#show ip traffic | include RPF

         0 no route, 20 unicast RPF, 0 forced drop













R2#sho ip interface fastEthernet 0/0

FastEthernet0/0 is up, line protocol is up

  Internet address is 12.1.1.2/24

  Broadcast address is 255.255.255.255

  Address determined by setup command

  MTU is 1500 bytes

  Helper address is not set

  Directed broadcast forwarding is disabled

  Multicast reserved groups joined: 224.0.0.5 224.0.0.6

  Outgoing access list is not set

  Inbound  access list is not set

  Proxy ARP is enabled

  Local Proxy ARP is disabled

  Security level is default

  Split horizon is enabled

  ICMP redirects are always sent

  ICMP unreachables are always sent

  ICMP mask replies are never sent

  IP fast switching is enabled

  IP fast switching on the same interface is disabled

  IP Flow switching is disabled

  IP CEF switching is enabled

  IP CEF switching turbo vector

  IP CEF turbo switching turbo vector

  IP multicast fast switching is enabled

  IP multicast distributed fast switching is disabled

  IP route-cache flags are Fast, CEF

  Router Discovery is disabled

  IP output packet accounting is disabled

  IP access violation accounting is disabled

  TCP/IP header compression is disabled

  RTP/IP header compression is disabled

  Policy routing is disabled

  Network address translation is disabled

  BGP Policy Mapping is disabled

  Input features: uRPF, MCI Check

  IPv4 WCCP Redirect outbound is disabled

  IPv4 WCCP Redirect inbound is disabled

  IPv4 WCCP Redirect exclude is disabled

  IP verify source reachable-via RX, ACL 150
   20 verification drops
   5 suppressed verification drops
   0 verification drop-rate

R2#

R2#






















Posted by



at