Unicast Reverse Path Forwarding (uRPF)

Unicast Reverse Path Forwarding (uRPF) is a security feature that helps prevent IP address spoofing attacks.

When a router receives a packet, it will compare the destination IP address with the entries in its routing table in order to determine the exit interface. When uRPF is enabled, a router will also check to see if it has a matching entry in the routing table for the source IP address of the packet. If it doesn't match, then the packet will be discarded.

Remember, any packet that arrives at a router should come from a "known source", that is, from a source that is within the routing table. If it is not, then it is likely to have been spoofed.

uRPF has two modes: Strict and Loose

Strict mode means that that router will perform two checks for all incoming packets on a certain interface:

  • Do I have a matching entry for the source in the routing table?
  • Do I use the same interface to reach this source as where I received this packet on?

Loose mode means that the router will perform only a single check when it receives an IP packet on an interface:

  • Do I have a matching entry for the source in the routing table?

Which mode to use depends upon the nature of the topology and the routing requirements.

https://networklessons.com/cisco/ccie-enterprise-infrastructure/unicast-reverse-path-forwarding-urpf/

https://forum.networklessons.com/t/unicast-reverse-path-forwarding-urpf/1031/58?u=lagapides