2 ip route aggregation configuration task, 4 urpf, 1 introduction to urpf – PLANET XGS3-24040 User Manual
Page 186: Urpf
Chapter 21 Layer 3 Forward Configuration
21-16
21.3.2 IP Route Aggregation Configuration Task
IP route aggregation configuration task:
1. Set whether IP route aggregation algorithm with/without optimization should be used
1. Set whether IP route aggregation algorithm with/without optimization should be used
Command
Explanation
Global Mode
ip fib optimize
no ip fib optimize
Enables the switch to use optimized IP route
aggregation algorithm; the “no ip fib
optimize” disables the optimized IP route
aggregation algorithm.
21.4 URPF
21.4.1 Introduction to URPF
URPF (Unicast Reverse Path Forwarding) introduces the RPF technology applied in multicast to unicast, so
to protect the network from the attacks which is based on source address cheat.
When switch receives the packet, it will search the route in the route table using the source address as the
destination address which is acquired from the packet. If the found router exit interface does not match the
entrance interface acquired from this packet, the switch will consider this packet a fake packet and discard it.
In Source Address Spoofing attacks, attackers will construct a series of messages with fake source addresses.
For applications based on IP address verification, such attacks may allow unauthorized users to access the
system as some authorized ones, or even the administrator. Even if the response messages can’t reach the
attackers, they will also damage the targets.
Figure 1-4 URPF application situation
In the above figure, Router A sends requests to the server Router B by faking messages whose source
address are 2.2.2.1/8 .In response, Router B will send the messages to the real ”2.2.2.1/8”. Such illegal
messages attack both Router B and Router C. The application of URPF technology in the situation described
above can avoid the attacks based on the Source Address Spoofing.
Router A
Router B
Router C
1.1.1.8/8
2.2.2.1/8
Source IP:
2.2.2.1/8