Features

Default route—When a default route exists, all packets that fail to match a specific FIB entry match the default route during uRPF check and thus are permitted to pass. To avoid this situation, you can disable uRPF from using any default route to discard such packets. If you allow using the default route (set by using allow-default-route), uRPF permits packets that only match the default route. By default, uRPF discards packets that can only match a default route. Typically, you do not need to configure the allow-default-route keyword on a PE device because it has no default route pointing to the CE. If you enable uRPF on a CE that has a default route pointing to the PE, select the allow-default-route keyword.

Link layer check—Strict uRPF check can further perform link layer check on a packet. It uses the next hop address in the matching FIB entry to look up the ARP table for a matching entry. If the source MAC address of the packet matches the MAC address in the matching ARP entry, the packet passes strict uRPF check. Link layer check is applicable to ISP devices where a Layer 3 Ethernet interface connects a large number of PCs. Loose uRPF does not support link layer check.

ACL—To identify specific packets as valid packets, you can use an ACL to match these packets. Even if the packets do not pass uRPF check, they are still forwarded.