uRPF operation

Figure 145 shows how uRPF works.

1. uRPF checks address validity:

   • uRPF permits a packet with a multicast destination address.

   • For a packet with an all-zero source address, uRPF permits the packet if it has a broadcast destination address. (A packet with source address 0.0.0.0 and destination address 255.255.255.255 might be a DHCP or BOOTP packet and cannot be discarded.) The packet is discarded if it has a non-broadcast destination address.

   • uRPF proceeds to step 2 for other packets.

2. uRPF checks whether the source address matches a unicast route:

   • If yes, uRPF proceeds to step 3.

   • If no, uRPF discards the packet. A non-unicast source address matches a non-unicast route.

3. uRPF checks whether the matching route is to the host itself:

   • If yes, the output interface of the matching route is an InLoop interface. uRPF checks whether the receiving interface of the packet is an InLoop interface. If yes, it does not check the packet. If no, uRPF discards the packet.

   • If no, uRPF proceeds to step 4.

4. uRPF checks whether the matching route is a default route:

   • If yes, uRPF checks whether the allow-default-route keyword is configured to allow using the default route. If yes, uRPF proceeds to step 5. If no, uRPF discards the packet.

   • If no, uRPF proceeds to step 5.

5. uRPF checks whether the receiving interface matches the output interface of the matching FIB entry:

   • If yes, uRPF forwards the packet.

   • If no, uRPF checks whether the check mode is loose. If yes, the packet is forwarded. If no, the packet is discarded.