uRPF modes:
Strict - if packet enters through an interface then it should exit thought the same interface.
except when there are equal paths.
Loose - allow traffic enter and exit on different interfaces as in a asymmetric routing (undesirable)
As long as a valid destination route in routing table it is allowed
uRPF options:
Allow self ping
Allow default route
ACL to allow failed checks.
(ip deny any any log to use to test if uRPF check is working)
Example of uRPF
A loopback with internal IP address on an edge R1 router is pinged from an external provider router.
uRPF will fail the ping due to unavailable return path in the route table.
Show IP Interface command shows the packet drop count.
No comments:
Post a Comment