No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

When the uRPF Function of the NE80E Is Tested, uRPF Is Found Disabled and Fails to Receive Spoofing Packets

Publication Date:  2012-07-27 Views:  30 Downloads:  0
Issue Description

1、Version and networking:

Use a single NE80E V300R003C01B205 to test the uRPF function. The networking is as follows:

PC1------------NE80E------------PC2

   4.4.4.2/24          4.4.4.1/24           3.3.3.1/24           3.3.3.2/24

The address of PC1 is set to 4.4.4.2, and its gateway address is set to 4.4.4.1. The address of PC2 is set to 3.3.3.2, and its gateway address is set to 3.3.3.1.

2、Test procedure:

Start the packet capture software on PC1. Access PC2. Capture a packet sent from PC1 to PC2. Change the source address from 4.4.4.2 to 2.2.2.2 in the packet. Then, send the new packet repeatedly to PC1. When uRPF fails to be enabled on the interface of the NE80E to PC1, theoretically, the packet capture tool on PC2 can capture the spoofing packets sent from PC1. When uRPF is enabled on the interface of the NE80E to PC1, theoretically, the packet capture tool on PC2 cannot capture the spoofing packets sent from PC1.

3、Test results:

When uRPF fails to be enabled on the interface of the NE80E to PC1, PC2 cannot receive the spoofing packets sent from PC1. Check the NE80E. The spoofing packets sent from PC1 are found having reached the NE80E. The NE80E, however, does not forward these packets.

Alarm Information
Null
Handling Process

Modify the test procedure: After the normal packets sent from PC1 to PC2 are captured, do not modify the packets, instead, modify the IP address between PC1 and NE80E to 2.2.2.1/24 and 3.3.3.1/24.

PC1------------NE80E------------PC2

2.2.2.2/24              2.2.2.1/24             3.3.3.1/24             3.3.3.2/24

PC1 sends the captured packets (source IP address 4.4.4.2) repeatedly. The expected test objective is achieved.
Root Cause
The NE80E probably drops the packets when it forwards them. Compared with normal packets, only the source IP addresses in the spoofing packets are changed. For the router, however, the parity bit should also be checked. The truth is that the parity bit of a spoofing packet does not match the source IP address. Therefore, the router has the spoofing packets as wrong packets and drops them.
Suggestions
Be familiar with the packet structure and forwarding process of the router. This helps daily maintenance and testing.

END