FAQ-What does urpf command function as under the port of MA5200G

Publication Date:  2012-07-27 Views:  107 Downloads:  0
Issue Description
Q: What does urpf command function as under the port of MA5200G?

Alarm Information
No

Handling Process
 A:
URPF is short for unicast reverse path forwarding, which functions to guard against network attacks such as spoofing on the basis of source address. By reverse, it compares with the normal route lookup. Generally, a router looks up the route according to destination address gotten from packet it received; if the route is found, the router will forward the packet, or discard it. If URPF is enable, MA5200G will check if the interface that the source address corresponds in FIB matches the ingress, via getting the source address of a packet and the ingress, with source address as destination address; if not, the source address will be regarded as spoofing, and the packet is discarded. By this way, URPF could avoid evil attacks by changing the source address in network.


The command for MA5200G to enable URPF is as follows (the functionality is defaulted to disable)
[MA5200G-Ethernet2/0/0]urpf enable

 

Root Cause
No

END