Welcome
Network Infrastructure
- CEF Table(FIB) and Routing Table
- Switched campus
  - Switch administration (MAC, MTU, Errdisable)
  - Layer 2 protocols (CDP, LLDP, UDLD)
  - VLAN technologies
  - EtherChannel
  - Spanning Tree Protocol
- Routing Concepts
  - Administrative distance
  - VRF-lite
  - Static routing
  - Policy Based Routing
  - Route filtering
  - Manual summarization
  - Redistribution
  - Routing protocol authentication
  - Bidirectional Forwarding Detection
- EIGRP
  - Concept
  - Legacy conf mode
  - Named conf mode
- OSPF
  - Concept
  - Version 2
  - Version 3
- BGP
  - Concept
  - Path selection
  - Configuration
- Multicast
  - Layer 2 multicast
  - Reverse path forwarding check
  - PIM
Transport Technologies and Solutions
- MPLS
  - MPLS Concept
  - MPLS Layer 3 VPN
- DMVPN Concept and conf
Infrastructure Security and Services
- Device Security
  - Control plane policing and protection
  - AAA
- Network Security
  - Switch security features
    - VACL, PACL
    - Storm control
    - DHCP Snooping, DHCP option 82
    - IP Source Guard
    - Dynamic ARP Inspection
    - Port Security
    - Private VLAN
  - Router security features
    - IPv4 Access Control Lists
    - IPv6 Traffic Filters
    - Unicast Reverse Path Forwarding
    - Unicast reverse path forwardin uRPF
  - IPv6 First Hop security features
  - IEEE 802.1X Port-Based Authentication
- System Management
  - Device management
    - Console and VTY
    - SSH, SCP
    - RESTCONF, NETCONF
  - SNMP
  - Logging
- Quality of Service
  - DiffServ
  - CoS and DSCP Mapping
  - Classification
  - Network Based Application Recognition (NBAR)
  - Policing, shaping
  - Congestion management and avoidance
- Network Services
  - First Hop Redundancy Protocols
    - HSRP
    - GLBP, VRRP
    - Redundancy using IPv6 RS/RA
  - Network Time Protocol
  - DHCP on Cisco IOS
    - Client, server, relay
    - Options
    - SLAAC/DHCPv6 interaction
    - Stateful, stateless DHCPv6
    - DHCPv6 Prefix Delegation
  - IPv4 Network Address Translation
    - Static NAT, PAT
    - Dynamic NAT, PAT
    - Policy-based NAT, PAT
    - VRF-aware NAT, PAT
    - DHCPv6 Prefix Delegation
- Network optimization
  - IP SLA
  - Tracking object
  - Flexible NetFlow
- Network operations
  - Traffic capture
    - SPAN
    - RSPAN
    - ERSPAN
    - Embedded Packet Capture
Cisco Firepower
- FTD Notes

Unicast reverse path forwarding

Published

April 26, 2023

#Unicast reverse path forwarding

Unicast Reverse Path Forwarding (URPF) is a mechanism for validating the source IP address of packets received on a router.

A router configured with URPF performs a reverse path lookup in the FIB table to validate the presence of the source IP address.

CEF (Cisco Express Forwarding) must be enabled on the IOS device for uRPF to work.
uRPF can operate in two modes: loose, strict.

Loose: The router verifies the source IP can be reached via the routing table using any interface (other than a default route).
Strict : The router verifies the source of the IP packet arrives on the same interface the router would use to reach that source address . Cause problem with asymmetric routing.

#Verification commands

interface GigabitEthernet0/0
ip verify unicast source reachable-via any ###Loose
ip verify unicast source reachable-via rx  ### Strict

sw1#show ip traffic | section Drop
  Drop:  2614 encapsulation failed, 0 unresolved, 0 no adjacency
         0 no route, 0 unicast RPF, 0 forced drop

R1#show ip traffic | sec Drop
  Drop:  0 encapsulation failed, 0 unresolved, 0 no adjacency
         0 no route, 0 unicast RPF, 0 forced drop
         
R1#show cef interface gi 0/0
GigabitEthernet0/0 is up (if_number 2)
  IP unicast RPF check is disabled

Source cisco.com
RFC 3704