37-2
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 37 Configuring Unicast Reverse Path Forwarding
About Unicast Reverse Path Forwarding
This section covers the following information:
•
How Unicast RPF Works, page 37-2
•
Implementing Unicast RPF, page 37-4
•
•
Related Features and Technologies, page 37-8
•
Prerequisites to Configuring Unicast RPF, page 37-9
How Unicast RPF Works
When Unicast RPF is enabled on an interface, the switch examines all packets received as input on that
interface to make sure that the source address and source interface appear in the routing table and match
the interface on which the packet was received. This ability to look backwards is available only when
Cisco Express Forwarding (CEF) is enabled on the switch, because the lookup relies on the presence of
the Forwarding Information Base (FIB). CEF generates the FIB as part of its operation.
Note
Unicast RPF is an input function and is applied only on the input interface of a switch at the upstream
end of a connection.
Unicast RPF checks to see if any packet received at a switch interface arrives on the best return path
(return route) to the source of the packet. Unicast RPF does this by doing a reverse lookup in the CEF
table. If the packet was received from one of the best reverse path routes, the packet is forwarded as
normal. If there is no reverse path route on the same interface from which the packet was received, it
might mean that the source address was modified. If Unicast RPF does not find a reverse path for the
packet, the packet is dropped.
Note
With Unicast RPF, all equal-cost “best” return paths are considered valid. This means that Unicast RPF
works in cases where multiple return paths exist, provided that each path is equal to the others in terms
of the routing cost (number of hops, weights, and so on) and as long as the route is in the FIB. Unicast
RPF also functions where EIGRP variants are being used and unequal candidate paths back to the source
IP address exist.
When a packet is received at the interface where Unicast RPF and ACLs have been configured, the
following actions occur:
Step 1
Input ACLs configured on the inbound interface are checked.
Step 2
Unicast RPF checks to see if the packet has arrived on the best return path to the source, which it does
by doing a reverse lookup in the FIB table.
Step 3
CEF table (FIB) lookup is carried out for packet forwarding.
Step 4
Output ACLs are checked on the outbound interface.
Step 5
The packet is forwarded.
This section provides information about Unicast RPF enhancements:
•
Access control lists and logging
Summary of Contents for Catalyst 4500 Series
Page 2: ......
Page 4: ......
Page 2086: ...Index IN 46 Software Configuration Guide Release IOS XE 3 9 0E and IOS 15 2 5 E ...