Supported Platforms
Configuring Unicast RPF and Fail Filters in Dynamic Profiles for Subscriber Interfaces
This topic provides a summary of unicast RPF configuration for subscriber interfaces in dynamic profiles on MX Series routers. Unicast RPF provides a way to reduce the effect of denial-of-service attacks on IPv4 and IPv6 interfaces by checking the source IP address against the routing table. Packets that do not match are silently discarded, unless an optional fail filter is configured. The fail filter performs an additional check and directs some action be taken on certain packets. Typical actions include logging the packets or passing them even though they failed the RPF check.
 | Note: Although the fail filter is technically optional, for dynamic profiles in a DHCP environment you must configure a filter to pass DHCP packets. By default, the RPF check prevents DHCP packets from being accepted on interfaces protected by the RPF check. The fail filter identifies the DHCP packets and passes them on. |
To configure unicast RPF in dynamic profiles:
- Enable unicast RPF on one or more interfaces in a dynamic
profile.
See Configuring Unicast RPF in Dynamic Profiles for Subscriber Interfaces.
- (Optional) Create a fail filter to evaluate failed packets
and perform further actions.
See Configuring a Fail Filter for Unicast RPF in Dynamic Profiles for Subscriber Interfaces.
