No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 13

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
URPF Overview

URPF Overview

This section describes the Unicast Reverse Path Forwarding (URPF).

A Denial of Service (DoS) attack disables users from connecting to the server. DoS attacks aim to occupy excess resources by sending a large number of connection requests. As a result, authorized users cannot receive responses from the server.

Unicast Reverse Path Forwarding (URPF) check enables the device to check the source Internet Protocol (IP) address in theForwarding Information Base (FIB) table against the inbound interface of the packet. If the source IP address does not match the inbound interface of the packet, the packet is discarded. This prevents IP spoofing attacks, especially DoS attacks with bogus source IP address.

Figure 12-54 URPF networking

As shown in Figure 12-54, a bogus packet with source IP address is sent from Switch ModuleA to Switch ModuleB. After receiving the bogus packet, Switch ModuleB sends a response packet to the actual destination device Switch ModuleC at Switch ModuleB and Switch ModuleC are attacked by the bogus packets.

If URPF strict check is enabled on Switch ModuleB, when Switch ModuleB receives the bogus packet with source IP address, URPF discards the packet because the inbound interface of the source IP address is not the interface that receives the packet.

Updated: 2019-12-13

Document ID: EDOC1000041694

Views: 61075

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next