Unicast Reverse Path Forwarding (uRPF)
Unicast Reverse Path Forwarding (uRPF) is a security feature that helps prevent IP address spoofing attacks.
When a router receives a packet, it will compare the destination IP address with the entries in its routing table in order to determine the exit interface. When uRPF is enabled, a router will also check to see if it has a matching entry in the routing table for the source IP address of the packet. If it doesn't match, then the packet will be discarded.
Remember, any packet that arrives at a router should come from a "known source", that is, from a source that is within the routing table. If it is not, then it is likely to have been spoofed.
uRPF has two modes: Strict and Loose
Strict mode means that that router will perform two checks for all incoming packets on a certain interface:
- Do I have a matching entry for the source in the routing table?
- Do I use the same interface to reach this source as where I received this packet on?
Loose mode means that the router will perform only a single check when it receives an IP packet on an interface:
- Do I have a matching entry for the source in the routing table?
Which mode to use depends upon the nature of the topology and the routing requirements.
Links:
https://networklessons.com/cisco/ccie-routing-switching/unicast-reverse-path-forwarding-urpf/
https://forum.networklessons.com/t/unicast-reverse-path-forwarding-urpf/1031/58?u=lagapides