ipv6 urpf

Function

The ipv6 urpf command enables IPv6 URPF check in the interface view.

The undo ipv6 urpf command disables IPv6 URPF check in the interface view.

By default, IPv6 URPF check is disabled.

Format

ipv6 urpf strict

ipv6 urpf strict allow-default

ipv6 urpf loose

ipv6 urpf loose allow-default

ipv6 urpf { loose | strict } [ allow-default ] statistics enable

undo ipv6 urpf

Parameters

Parameter Description Value
strict

Indicates URPF strict check. After receiving a packet, a router searches for the interface board slot ID, interface number, and VLAN ID (only for VLAN packets) information corresponding to the source IPv6 address of the packet in the FIB table, and matches the obtained interface board slot ID, interface number, and VLAN ID information against the information of the packet. If they match, the router forwards the packet; if they do not match, the router discards the packet.

-
allow-default

Indicates that URPF is implemented for packets matching the default route.

-
loose

Indicates URPF loose check. After receiving a packet, a router uses the source IPv6 address in the packet as the destination address, and searches the FIB table for an outbound interface mapped to the destination IPv6 address. If the outbound interface is found, the router forwards the packet; if the outbound interface is not found, the router discards the packet.

-
statistics

Indicates the URPF statistics function.

-
enable

Enables the URPF statistics function.

-

Views

100GE interface view, 10G LAN interface view, 10G WAN interface view, 40GE interface view, Eth-Trunk interface view, GE optical interface view, GE electrical interface view, VLANIF interface view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
device-mgr write

Usage Guidelines

Usage Scenario

Generally, when receiving a packet, a router obtains the destination address of the packet and searches the forwarding table for a route to the destination address. If a route to the destination address is found, the packet is forwarded; otherwise, the packet is discarded. When a packet is received on a URPF-enabled interface, the interface obtains the source address and inbound interface of the packet, takes the source address as the destination address to search for the corresponding inbound interface, and then compares the found interface with the inbound interface. If the two interfaces do not match, the interface considers the source address as a spoofing one and discards the packet. In this manner, URPF can effectively protect against malicious attacks by blocking packets with bogus source addresses.

If all packets on an interface need to be checked by URPF, URPF is enabled on the interface.

Example

# Enable IPv6 URPF loose check on GE 0/1/8 and enable the interface statistics function. 
<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 0/1/8
[*HUAWEI-GigabitEthernet0/1/8] ipv6 urpf loose allow-default statistics enable
# Enable IPv6 URPF strict check on GE 0/1/0 and enable the packets matching the default route to be forwarded. 
<HUAWEI> system-view
[~HUAWEI] interface GigabitEthernet 0/1/0
[*HUAWEI-GigabitEthernet0/1/0] ipv6 urpf strict allow-default
Parent Topic: URPF Configuration Commands
Copyright ? Huawei Technologies Co., Ltd.
Copyright ? Huawei Technologies Co., Ltd.
< Previous topic Next topic >