Related Documentation
- EX, M, MX, PTX, T Series
- Example: Configuring Ingress PE Redundancy
- J, M, MX, SRX, T Series
- Understanding Multicast Reverse Path Forwarding
Example: Configuring RPF Policies
A multicast RPF policy disables RPF checks for a particular multicast (S,G) pair. You usually disable RPF checks on egress routing devices of a point-to-multipoint label-switched path (LSP), because the interface receiving the multicast traffic on a point-to-multipoint LSP egress router might not always be the RPF interface.
This example shows how to configure an RPF check policy named disable-RPF-on-PE. The disable-RPF-on-PE policy disables RPF checks on packets arriving for group 228.0.0.0/8 or from source address 196.168.25.6.
Requirements
Before you begin:
- Configure the router interfaces. See the Junos® OS Network Interfaces.
- Configure an interior gateway protocol or static routing. See the Junos OS Routing Protocols Configuration Guide.
Overview
An RPF policy behaves like an import policy. If no policy term matches the input packet, the default action is to accept (that is, to perform the RPF check). The route-filter statement filters group addresses, and the source-address-filter statement filters source addresses.
This example shows how to configure each condition as a separate policy and references both policies in the rpf-check-policy statement. This allows you to associate groups in one policy and sources in the other.
 | Note: Be careful when disabling RPF checks on multicast traffic. If you disable RPF checks in some configurations, multicast loops can result. |
Changes to an RPF check policy take effect immediately:
- If no policy was previously configured, the policy takes effect immediately.
- If the policy name is changed, the new policy takes effect immediately and any packets no longer filtered are subjected to the RPF check.
- If the policy is deleted, all packets formerly filtered are subjected to the RPF check.
- If the underlying policy is changed, but retains the same name, the new conditions take effect immediately and any packets no longer filtered are subjected to the RPF check.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
To configure an RPF policy:
Configure a policy for group addresses.
[edit policy-options]user@host# set policy-statement disable-RPF-for-group term first from route-filter 228.0.0.0/8 orlongeruser@host# set policy-statement disable-RPF-for-group term first then rejectConfigure a policy for a source address.
[edit policy-options]user@host# set policy-statement disable-RPF-for-source term first from source-address-filter 192.168.25.6/32 exactuser@host# set policy-statement disable-RPF-for-source term first then rejectApply the policies.
[edit routing-options]user@host# set multicast rpf-check-policy [ disable-RPF-for-group disable-RPF-for-source ]If you are done configuring the device, commit the configuration.
user@host# commit
Results
Confirm your configuration by entering the show policy-options and show routing-options commands.
Verification
To verify the configuration, run the show multicast rpf command.
Related Documentation
- EX, M, MX, PTX, T Series
- Example: Configuring Ingress PE Redundancy
- J, M, MX, SRX, T Series
- Understanding Multicast Reverse Path Forwarding
Published: 2012-11-16
Related Documentation
- EX, M, MX, PTX, T Series
- Example: Configuring Ingress PE Redundancy
- J, M, MX, SRX, T Series
- Understanding Multicast Reverse Path Forwarding
