Supported Platforms
Related Documentation
- ACX, J, M, MX, PTX, SRX, T Series
- Example: Configuring Unicast Reverse-Path-Forwarding Check
Understanding Unicast Reverse Path Forwarding
IP spoofing can occur during a denial-of-service (DoS) attack. IP spoofing allows an intruder to pass IP packets to a destination as genuine traffic, when in fact the packets are not actually meant for the destination. This type of spoofing is harmful because it consumes the destination’s resources.
A unicast reverse-path-forwarding (RPF) check is a tool to reduce forwarding of IP packets that might be spoofing an address. A unicast RPF check performs a route table lookup on an IP packet’s source address, and checks the incoming interface. The router determines whether the packet is arriving from a path that the sender would use to reach the destination. If the packet is from a valid path, the router forwards the packet to the destination address. If it is not from a valid path, the router discards the packet. Unicast RPF is supported for the IPv4 and IPv6 protocol families, as well as for the virtual private network (VPN) address family.
 | Note: Reverse path forwarding is not supported on the interfaces you configure as tunnel sources. This affects only the transit packets exiting the tunnel. |
Related Documentation
- ACX, J, M, MX, PTX, SRX, T Series
- Example: Configuring Unicast Reverse-Path-Forwarding Check
Published: 2012-12-08
Supported Platforms
Related Documentation
- ACX, J, M, MX, PTX, SRX, T Series
- Example: Configuring Unicast Reverse-Path-Forwarding Check
