Join Telegram Study Group ▷
CCIE lab is difficultly to pass, but we can practice much more times to prepare it. It will make more usefully to prepare the ccie lab exam.
(1) Overview of uRPF
The uRPF function is to give the router the ability to prevent IP spoofing or IP forgery. The IP forgery that uRPF considers means that an IP packet should not come in from an interface but come in from an interface. Then such a packet is considered to have IP spoofing properties. The default is to be Discarded.
(2) uRPF detection
When the router receives a packet from an interface that has uRPF enabled, it will detect the source IP address of the packet and compare it with the routing entry in the routing table. After the judgment, if the source IP address is exported, it is indeed This is the interface that opened the uRPF, and the packet is forwarded, otherwise it is discarded.
After uRPF is enabled, all packets entering from this interface must be detected and the speed will be slow. Therefore, you must enable CEF before you can enable uRPF. uRPF can only be turned on in the in direction. When checking, all the optimal paths to the source IP are considered feasible.
Under normal circumstances, if a packet cannot pass the uRPF check, the packet is discarded by default, but sometimes for some special reason, some packets that fail to pass the check can be passed. To do this, You can enable uRPF in addition to add ACL, which checks for failed packets, whether to discard or release, all by ACL, ACL allowed, release, ACL refuse, discard.
(3) Strict Mode strict mode
Router (config-if)# ip verify unicast source reachable-via rx
Router (config-if)# ip verify unicast reverse-path
Loose Mode Loose Mode
Router (config-if)# ip verify unicast source reachable-via any Enable the loose mode of uRPF on the interface.
(4) uRPF configuration
Router(config-if)#ip verify unicast reverse-path
Enable uRPF on the interface to detect all packets entering the interface by default.
Router(config)#access-list 100 permit ip host 3.3.3.3 any
Router(config-if)#ip verify unicast reverse-path 100
Today ,spoto ccie club take a brife of URPF knowledge, we hope that can help your ccie lab journey more easily. More about ccie lab dumps you can contact our ccie expert online.
