3 ip forwarding, 1 introduction to ip forwarding, 2 ip route aggregation configuration task – PLANET XGS3-24042 User Manual
Page 206: 4 urpf, 1 introduction to urpf, Orwarding, 1 introduction to ip forwarding -43, 2 ip route aggregation configuration task -43, Urpf -43, 1 introduction to urpf -43
22-43
22.3 IP Forwarding
22.3.1 Introduction to IP Forwarding
Gateway devices can forward IP packets from one subnet to another; such forwarding uses routes to find a
path. IP forwarding of switch is done with the participation of hardware, and can achieve wire speed
forwarding. In addition, flexible management is provided to adjust and monitor forwarding. Switch supports
aggregation algorithm enabling/disabling optimization to adjust generation of network route entry in the switch
chip and view statistics for IP forwarding and hardware forwarding chip status.
22.3.2 IP Route Aggregation Configuration Task
IP route aggregation configuration task:
1. Set whether IP route aggregation algorithm with/without optimization should be used
1. Set whether IP route aggregation algorithm with/without optimization should be used
Command
Explanation
Global Mode
ip fib optimize
no ip fib optimize
Enables the switch to use optimized IP
route aggregation algorithm; the “no ip fib
optimize” disables the optimized IP route
aggregation algorithm.
22.4 URPF
22.4.1 Introduction to URPF
URPF (Unicast Reverse Path Forwarding) introduces the RPF technology applied in multicast to unicast, so
to protect the network from the attacks which is based on source address cheat.
When switch receives the packet, it will search the route in the route table using the source address as the
destination address which is acquired from the packet. If the found router exit interface does not match the
entrance interface acquired from this packet, the switch will consider this packet a fake packet and discard it.
In Source Address Spoofing attacks, attackers will construct a series of messages with fake source addresses.
For applications based on IP address verification, such attacks may allow unauthorized users to access the
system as some authorized ones, or even the administrator. Even if the response messages can’t reach the
attackers, they will also damage the targets.
Router A
Router B
Router C
1.1.1.8/8
2.2.2.1/8
Source IP:
2.2.2.1/8