Configuring unicast rpf – Cisco 10000 User Manual

13-13

Cisco 10000 Series Router Software Configuration Guide

OL-2226-23

Chapter 13 Unicast Reverse Path Forwarding

Configuring Unicast RPF

•

By default, without uRPF provision urpf drops can be seen in pxf when:

–

the interface is not up

–

there is no ip address on the interface

Configuring Unicast RPF

To use Unicast RPF, you must configure the router for CEF switching or CEF distributed switching.
There is no need to configure the input interface for CEF switching because Unicast RPF has been
implemented as a search through the FIB using the source IP address. As long as CEF is running on the
router, individual interfaces can be configured with other switching modes. Unicast RPF is an input-side
function that is enabled on an interface or subinterface that supports any type of encapsulation and
operates on IP packets received by the router. It is very important that CEF be turned on globally in the
router—Unicast RPF will not work without CEF.

To configure Unicast RPF, use the following commands beginning in global configuration mode:

Command

Purpose

Step 1

Router

(config)#

ip cef

Enables CEF on the router.

You might want to disable CEF on a particular interface if that
interface is configured with a feature that CEF does not support.
You can enable CEF globally, but disable CEF on a specific
interface by using the no ip route-cache cef interface command
that enables all but that specific interface to use express
forwarding. If you have disabled CEF operation on an interface
and want to reenable it, you can use the ip route-cache cef
command in interface configuration mode.

Step 2

Router

(config-if)#

interface

type Selects the input interface on which you want to apply Unicast

RPF. This is the receiving interface, which allows Unicast RPF to
verify the best return path before forwarding the packet on to the
next destination.

The interface type is specific to your router and the types of
interface cards installed on the router. To display a list of
available interface types, enter the interface ? command.

Step 3

Router

(config-if)#

ip verify

unicast source reachable-via

any

or

Router

(config-if)#

ip verify

unicast source reachable-via

rx

Enables Unicast RPF on the interface.

The any option enables a Loose Mode uRPF on the router. This
mode allows the router to reach the source address via any
interface.

The rx option enables a Strict Mode uRPF on the router. This
mode ensures that the router reaches the source address only via
the interface on which the packet was received.

You can also use the allow-default option, so that the default
route can match when checking source address. The
allow-self-ping option allows the router to ping itself.

Step 4

Router

(config-if)#

exit

Exits interface configuration mode. Repeat Steps 2 and 3 for each
interface on which you want to apply Unicast RPF.