rpf-check (Dynamic Profiles)
Syntax
rpf-check {
fail-filter filter-name;
mode loose;
}
Hierarchy Level
[edit dynamic-profiles profile-name interfaces interface-name unit logical-unit-number family family]
Description
Reduce forwarding of IP packets that might be spoofing
and address by checking whether traffic is arriving on an expected
path that the sender would use to reach the destination. You can include
this statement with the inet protocol family only. When
the traffic passes the check, it is forwarded to the destination address;
otherwise it is discarded. When you configure rpf-check alone, then unicast RPF is in strict mode, meaning that the check
passes only when the packet’s source address is in the FIB and
the interface matches the routes RPF.
Starting in Junos OS Release 19.1, the show interfaces
statistics logical-interface-name detail command displays unicast RPF statistics for dynamic logical interfaces
when either rpf-check or rpf-check mode loose is enabled on the interface. No additional statistics are displayed
when rpf-check fail-filter filter-name is configured on the interface. The clear interfaces statistics logical-interface-name command clears RPF statistics.
The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.6.