close
keyboard_arrow_left
Table of Contents
- play_arrow Common Configuration for Layer 2 VPNs and VPLS
- play_arrow Overview
- play_arrow Layer 2 VPNs Configuration Overview
- play_arrow Configuring Layer 2 Interfaces
- play_arrow Configuring Path Selection for Layer 2 VPNs and VPLS
- play_arrow Creating Backup Connections with Redundant Pseudowires
- play_arrow Configuring Class of Service for Layer 2 VPNs
- play_arrow Monitoring Layer 2 VPNs
- Configuring BFD for Layer 2 VPN and VPLS
- BFD Support for VCCV for Layer 2 VPNs, Layer 2 Circuits, and VPLS
- Configuring BFD for VCCV for Layer 2 VPNs, Layer 2 Circuits, and VPLS
- Connectivity Fault Management Support for EVPN and Layer 2 VPN Overview
- Configure a MEP to Generate and Respond to CFM Protocol Messages
-
- play_arrow Configuring Group VPNs
- play_arrow Configuring Public Key Infrastructure
- play_arrow Configuring Digital Certificate Validation
- play_arrow Configuring a Device for Certificate Chains
- play_arrow Managing Certificate Revocation
-
- play_arrow Configuring Layer 2 Circuits
- play_arrow Overview
- play_arrow Layer 2 Circuits Configuration Overview
- play_arrow Configuring Class of Service with Layer 2 Circuits
- play_arrow Configuring Pseudowire Redundancy for Layer 2 Circuits
- play_arrow Configuring Load Balancing for Layer 2 Circuits
- play_arrow Configuring Protection Features for Layer 2 Circuits
- Egress Protection LSPs for Layer 2 Circuits
- Configuring Egress Protection Service Mirroring for BGP Signaled Layer 2 Services
- Example: Configuring an Egress Protection LSP for a Layer 2 Circuit
- Example: Configuring Layer 2 Circuit Protect Interfaces
- Example: Configuring Layer 2 Circuit Switching Protection
- play_arrow Monitoring Layer 2 Circuits with BFD
- play_arrow Troubleshooting Layer 2 Circuits
-
- play_arrow Configuring VPWS VPNs
- play_arrow Overview
- play_arrow Configuring VPWS VPNs
- Understanding FEC 129 BGP Autodiscovery for VPWS
- Example: Configuring FEC 129 BGP Autodiscovery for VPWS
- Example: Configuring MPLS Egress Protection Service Mirroring for BGP Signaled Layer 2 Services
- Understanding Multisegment Pseudowire for FEC 129
- Example: Configuring a Multisegment Pseudowire
- Configuring the FAT Flow Label for FEC 128 VPWS Pseudowires for Load-Balancing MPLS Traffic
- Configuring the FAT Flow Label for FEC 129 VPWS Pseudowires for Load-Balancing MPLS Traffic
-
- play_arrow Configuring VPLS
- play_arrow Overview
- play_arrow VPLS Configuration Overview
- play_arrow Configuring Signaling Protocols for VPLS
- VPLS Routing and Virtual Ports
- BGP Signaling for VPLS PE Routers Overview
- Control Word for BGP VPLS Overview
- Configuring a Control Word for BGP VPLS
- BGP Route Reflectors for VPLS
- Interoperability Between BGP Signaling and LDP Signaling in VPLS
- Configuring Interoperability Between BGP Signaling and LDP Signaling in VPLS
- Example: VPLS Configuration (BGP Signaling)
- Example: VPLS Configuration (BGP and LDP Interworking)
- play_arrow Assigning Routing Instances to VPLS
- Configuring VPLS Routing Instances
- Configuring a VPLS Routing Instance
- Support of Inner VLAN List and Inner VLAN Range for Qualified BUM Pruning on a Dual-Tagged Interface for a VPLS Routing Instance Overview
- Configuring Qualified BUM Pruning for a Dual-Tagged Interface with Inner VLAN list and InnerVLAN range for a VPLS Routing Instance
- Configuring a Layer 2 Control Protocol Routing Instance
- PE Router Mesh Groups for VPLS Routing Instances
- Configuring VPLS Fast Reroute Priority
- Specifying the VT Interfaces Used by VPLS Routing Instances
- Understanding PIM Snooping for VPLS
- Example: Configuring PIM Snooping for VPLS
- VPLS Label Blocks Operation
- Configuring the Label Block Size for VPLS
- Example: Building a VPLS From Router 1 to Router 3 to Validate Label Blocks
- play_arrow Associating Interfaces with VPLS
- play_arrow Configuring Pseudowires
- Configuring Static Pseudowires for VPLS
- VPLS Path Selection Process for PE Routers
- BGP and VPLS Path Selection for Multihomed PE Routers
- Dynamic Profiles for VPLS Pseudowires
- Use Cases for Dynamic Profiles for VPLS Pseudowires
- Example: Configuring VPLS Pseudowires with Dynamic Profiles—Basic Solutions
- Example: Configuring VPLS Pseudowires with Dynamic Profiles—Complex Solutions
- Configuring the FAT Flow Label for FEC 128 VPLS Pseudowires for Load-Balancing MPLS Traffic
- Configuring the FAT Flow Label for FEC 129 VPLS Pseudowires for Load-Balancing MPLS Traffic
- Example: Configuring H-VPLS BGP-Based and LDP-Based VPLS Interoperation
- Example: Configuring BGP-Based H-VPLS Using Different Mesh Groups for Each Spoke Router
- Example: Configuring LDP-Based H-VPLS Using a Single Mesh Group to Terminate the Layer 2 Circuits
- Example: Configuring H-VPLS With VLANs
- Example: Configuring H-VPLS Without VLANs
- Configure Hot-Standby Pseudowire Redundancy in H-VPLS
- Sample Scenario of H-VPLS on ACX Series Routers for IPTV Services
- play_arrow Configuring Multihoming
- VPLS Multihoming Overview
- Advantages of Using Autodiscovery for VPLS Multihoming
- Example: Configuring FEC 129 BGP Autodiscovery for VPWS
- Example: Configuring BGP Autodiscovery for LDP VPLS
- Example: Configuring BGP Autodiscovery for LDP VPLS with User-Defined Mesh Groups
- VPLS Multihoming Reactions to Network Failures
- Configuring VPLS Multihoming
- Example: VPLS Multihoming, Improved Convergence Time
- Example: Configuring VPLS Multihoming (FEC 129)
- Next-Generation VPLS for Multicast with Multihoming Overview
- Example: Next-Generation VPLS for Multicast with Multihoming
- play_arrow Configuring Point-to-Multipoint LSPs
- play_arrow Configuring Inter-AS VPLS and IRB VPLS
- play_arrow Configuring Load Balancing and Performance
- Configuring VPLS Load Balancing
- Configuring VPLS Load Balancing Based on IP and MPLS Information
- Configuring VPLS Load Balancing on MX Series 5G Universal Routing Platforms
- Example: Configuring Loop Prevention in VPLS Network Due to MAC Moves
- Understanding MAC Pinning
- Configuring MAC Pinning on Access Interfaces for Bridge Domains
- Configuring MAC Pinning on Trunk Interfaces for Bridge Domains
- Configuring MAC Pinning on Access Interfaces for Bridge Domains in a Virtual Switch
- Configuring MAC Pinning on Trunk Interfaces for Bridge Domains in a Virtual Switch
- Configuring MAC Pinning for All Pseudowires of the VPLS Routing Instance (LDP and BGP)
- Configuring MAC Pinning on VPLS CE Interface
- Configuring MAC Pinning for All Pseudowires of the VPLS Site in a BGP-Based VPLS Routing Instance
- Configuring MAC Pinning on All Pseudowires of a Specific Neighbor of LDP-Based VPLS Routing Instance
- Configuring MAC Pinning on Access Interfaces for Logical Systems
- Configuring MAC Pinning on Trunk Interfaces for Logical Systems
- Configuring MAC Pinning on Access Interfaces in Virtual Switches for Logical Systems
- Configuring MAC Pinning on Trunk Interfaces in Virtual Switches for Logical Systems
- Configuring MAC Pinning for All Pseudowires of the VPLS Routing Instance (LDP and BGP) for Logical Systems
- Configuring MAC Pinning on VPLS CE Interface for Logical Systems
- Configuring MAC Pinning for All Pseudowires of the VPLS Site in a BGP-Based VPLS Routing Instance for Logical Systems
- Configuring MAC Pinning on All Pseudowires of a Specific Neighbor of LDP-Based VPLS Routing Instance for Logical Systems
- Example: Prevention of Loops in Bridge Domains by Enabling the MAC Pinnning Feature on Access Interfaces
- Example: Prevention of Loops in Bridge Domains by Enabling the MAC Pinnning Feature on Trunk Interfaces
- Configuring Improved VPLS MAC Address Learning on T4000 Routers with Type 5 FPCs
- Understanding Qualified MAC Learning
- Qualified Learning VPLS Routing Instance Behavior
- Configuring Qualified MAC Learning
- play_arrow Configuring Class of Service and Firewall Filters in VPLS
- play_arrow Monitoring and Tracing VPLS
-
- play_arrow Connecting Layer 2 VPNs and Circuits to Other VPNs
- play_arrow Connecting Layer 2 VPNs to Other VPNs
- play_arrow Connecting Layer 2 Circuits to Other VPNs
- Using the Layer 2 Interworking Interface to Interconnect a Layer 2 Circuit to a Layer 2 VPN
- Applications for Interconnecting a Layer 2 Circuit with a Layer 2 Circuit
- Example: Interconnecting a Layer 2 Circuit with a Layer 2 VPN
- Example: Interconnecting a Layer 2 Circuit with a Layer 2 Circuit
- Applications for Interconnecting a Layer 2 Circuit with a Layer 3 VPN
- Example: Interconnecting a Layer 2 Circuit with a Layer 3 VPN
-
- play_arrow Configuration Statements and Operational Commands
list Table of Contents
Enabling Unicast Reverse-Path Forwarding Check for VPNs
date_range
23-Nov-23
IP spoofing may occur during a denial-of-service (DoS) attack. IP spoofing allows an intruder to pass IP packets to a destination as genuine traffic, when in fact the packets are not actually meant for the destination. This type of spoofing is harmful because it consumes the destination’s resources.
Unicast reverse-path forwarding (RPF) check is a tool to reduce forwarding of IP packets that may be spoofing an address. A unicast RPF check performs a route table lookup on an IP packet’s source address, and checks the incoming interface. The router determines whether the packet is arriving from a path that the sender would use to reach the destination. If the packet is from a valid path, the router forwards the packet to the destination address. If it is not from a valid path, the router discards the packet. Unicast RPF is supported for the IPv4 and IPv6 protocol families, as well as for the virtual private network (VPN) address family. You can also enable unicast RPF within a VPN routing instance.
To enable unicast RPF check, include the unicast-reverse-path statement:
content_copy zoom_out_map
unicast-reverse-path (active-paths | feasible-paths);
For a list of hierarchy levels at which you can configure this statement, see the statement summary section for this statement.
To consider only active paths during the unicast RPF check,
include the active-paths option. To consider all feasible
paths during the unicast RPF check, include the feasible-paths option.
For more information about how to configure the unicast-reverse-path statement, see Example: Configuring
Unicast RPF (On a Router) and .
