[x]

Overview > uRPF operation

 

 Next

uRPF operation

uRPF does not check multicast packets.

Figure 210 shows how uRPF works.

Figure 205: uRPF work flow

  1. uRPF checks address validity:

    • uRPF permits a packet with a multicast destination address.

    • For a packet with an all-zero source address, uRPF permits the packet if it has a broadcast destination address. (A packet with source address 0.0.0.0 and destination address 255.255.255.255 might be a DHCP or BOOTP packet and cannot be discarded.) uRPF proceeds to step 7 if the packet has a non-broadcast destination address.

    • uRPF proceeds to step 2 for other packets.

  2. uRPF checks whether the source address matches a unicast route:

    • If yes, uRPF proceeds to step 3.

    • If no, uRPF proceeds to step 7. A non-unicast source address matches a non-unicast route.

  3. uRPF checks whether the matching route is to the host itself:

    • If yes, the output interface of the matching route is an InLoop interface. uRPF checks whether the receiving interface of the packet is an InLoop interface. If yes, it does not check the packet. If no, it proceeds to step 7.

    • If no, uRPF proceeds to step 4.

  4. uRPF checks whether the matching route is a default route:

    • If yes, uRPF checks whether the allow-default-route keyword is configured to allow using the default route. If yes, it proceeds to step 5. If no, it proceeds to step 7.

    • If no, uRPF proceeds to step 5.

  5. uRPF checks whether the receiving interface matches the output interface of the matching FIB entry:

    • If yes, uRPF proceeds to step 6.

    • If no, uRPF checks whether the check mode is loose. If yes, it proceeds to step 7. If no, it proceeds to step 6.

  6. uRPF checks whether the link-check keyword is configured for link layer check:

    • If no, the packet passes the check.

    • If yes, uRPF uses the next-hop address of the FIB entry to look up the ARP table for a matching entry. Then it checks whether the MAC address of the matching ARP entry is identical with the source MAC address of the packet. If yes, the packet passes the check. If no, uRPF proceeds to step 7.

  7. uRPF checks whether the packet is permitted by the ACL:

    • If yes, the packet is forwarded (such a packet is displayed in the uRPF information as a "suppressed drop").

    • If no, the packet is discarded.

prev

 

up

 next

Features 

home

 Network application

© Copyright 2017 Hewlett Packard Enterprise Development LP