ZXR10 ZSR V2 Configuration Guide (IPv6)
Loose RPF
In loose RPF mode, the router only checks whether the source IP address of the packet
exists in the routing table (normal source address route or default route). It does not check
whether the ingress for receiving packets matches with the content of the routing table. In
this way, URPF can effectively prevent network from attacks, and it can also prevent the
interception of legal user packets.
Loose RPF Ignoring Default Route
If a default route is configured on the device, when URPF checks source addresses
according to the routing table, the next-hop information of all the source addresses can be
queried. In this case, you can configure whether to allow URPF to introduce default route
(if URPF ignoring the default route is configured, URPF does not check the default route).
ACL Application in URPF
By means of ACL, URPF provides a more flexible customization solution. When the
network administrator trusts that the packets with some features are legal packets, he can
configure ACL rules to forward these packets properly that are not discarded even if the
packets lack a source route (or, the source route is default route, but the default route is
disabled in URPF). That is, when URPF check fails, the packets are permitted or denied
according to the ACL rules.
21.2 Configuring IPv6 URPF
This procedure describes how to configure the IPv6
function.
Steps
1.
Configure the IPv6 URPF function on the interface.
Step
Command
Function
1
ZXR10(config)#
ipv6 verify unicast
source reachable-via
{
rx interface
<
interface-name
>[
acl-name
<
acl-name
>]|
any interface
<
interface-name
>[
acl-name
<
acl-name
>][
ignore-default-route
]}
Enables IPv6 URPF function on an
interface.
2
ZXR10(config)#
interface
<
interface-name
>
Enters interface configuration mode.
3
ZXR10(config-if-interface-name)#
ipv6
verify unicast source reachable-via
{
rx
[
acl-name
<
acl-name
>]|
any
[
acl-name
<
acl-name
>][
ignore-default-route
]}
Enables interface IPv6 URPF
function on an interface configuration
mode.
rx
: strict mode.
any
: loose mode.
21-2
SJ-20140504150128-018|2014-05-10 (R1.0)
ZTE Proprietary and Confidential
Содержание ZXR10 ZSR
Страница 12: ...This page intentionally left blank IV SJ 20140504150128 018 2014 05 10 R1 0 ZTE Proprietary and Confidential ...
Страница 306: ...Figures This page intentionally left blank IV SJ 20140504150128 018 2014 05 10 R1 0 ZTE Proprietary and Confidential ...
Страница 308: ...This page intentionally left blank VI SJ 20140504150128 018 2014 05 10 R1 0 ZTE Proprietary and Confidential ...