Junos Enterprise Routing by Peter Southwick & Doug Marschke & Harry Reynolds

Author:Peter Southwick & Doug Marschke & Harry Reynolds [Peter Southwick]
Language: eng
Format: epub
Tags: COMPUTERS / Networking / Vendor Specific
ISBN: 9781449398750
Publisher: O'Reilly Media
Published: 2011-06-13T16:00:00+00:00

Loose

The incoming packet’s source address must be in the route table.

Strict mode provides a reliable, simple, fast, and cheap filter at the edge of any network. The configuration to enable strict mode is quite simple; just add the rpf-check command under the proper interface:

lab@PBR# show interfaces ge-0/0/0 vlan-tagging; unit 412 { description PBR-to-Wheat; vlan-id 412; family inet { rpf-check; address 172.16.1.2/24; } } unit 413 { description PBR-to-Water; vlan-id 413; family inet { rpf-check; address 64.8.12.6/27; } }

Verify that uRPF is enabled by looking for the uRPF flag in the interface:

[edit] lab@PBR# run show interfaces ge-0/0/0.413 | match uRPF Flags: uRPF

The packets that fail the RPF check are automatically counted on the interface:

[edit] lab@PBR# run show interfaces ge-0/0/0.413 extensive | match RPF Flags: uRPF RPF Failures: Packets: 8, Bytes: 672

Strict mode is the preferred solution when possible, but it does run into some problems under certain scenarios. In particular, it assumes symmetrical traffic flows. In the case of a BGP multihoming environment or redundant IGP paths, this may not always be the case.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.