Networxpedia

!

# ip access-list 10 permit 10.11.11.0 0.0.0.255

!

#line vty 0 4

Ø  The Size of this queue on TCP/IP stack implementation is small and easily exhausted.

Ø  Unicast RPF provides a source validation step to packet handling; it does this by verifying the source information of a packet to inform contained within the cisco express forwarding (CEF) forwarding information base (FIB).

Ø  The CEF FIB is a table that contains packet-switching information that mirrors that of the routing table; this is used by the device to increase the speed of pkts being forwarding through the device.

Ø  CEF must be configured on the device before uRPF is configured.

Ø  Unicast RPF operates in one of two modes:

·         Strict (normal):  When in strict mode, Unicast verifies that the source address in the FIB and that source address was received on the best return route interface as determined by CEF.

-          Can also be troublesome if routing is multihomed.

-          This is because the best return path might not be the same as the receiving interface ; because of this, strict uRPF is limited to single-homed connection.

-          uRPF will also work in situations where there are multiple equal-metric best paths available.

·         Loose:  Loose mode verifies only that the source address exists within the FIB and not the interface.

-          Loose mode allows additional flexivility to implement uRPF in locations where multihoming is common .

Ø  Another important things to understand about uRPF is that it only works on incoming interface.

Ø  The ip cef {distributed} command enables the use of CEF

# ip cef { distributed }

Ø  The next part requires enabling uRPF on the incoming interface.

Ip verify unicast source reachable-via [rx | any ] {access-list}

Ø  Rx is used for Strict mode and any is used for loose mode.

Ø  An access-list can specified, its purpose is to determine whether the traffic will be dropped (default behavior-deny) or forwarded (permit).