< Home

Understanding URPF

Working Mode

In a complicated networking environment, asymmetric routes may exist. That is, the routes recorded on the local end and remote end are different. A URPF-enabled device on this network may discard the packets transmitted along the correct path, but forward the packets transmitted along incorrect paths. The device provides the following two URPF modes to solve this problem:

  • Strict mode

    In strict mode, a packet passes the check only when the device has a route to the source IP address of the packet in the routing table, and the inbound interface of the packet should be the same as the outbound interface of the route.

    If route symmetry is ensured, you are advised to use the URPF strict mode. For example, if there is only one path between two network edge devices, URPF strict mode can be used to ensure network security.

  • Loose mode

    In loose mode, a packet passes the check as long as the device has a route to the source IP address of the packet in the routing table, and the inbound interface of the packet is not required to be the same as the outbound interface of the route.

    If route symmetry is not ensured, you are advised to use the URPF loose mode. For example, if there are multiple paths between two network edge devices, URPF loose mode can be used to ensure network security and prevent the packets transmitted along the correct path from being discarded.

Implementation

Figure 1 shows the URPF working mechanism.

Figure 1 URPF Working mechanism
Parent Topic: URPF Configuration
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >