I have read the posts in this forum, however, still not clear to me-here's my question:
My understanding of uRPF is that it protects against spoofed/forged IP addresses. When a router receives an inbound spoofed packed it looks up CEF/FIB table and does a reverse map to see if the source IP would use the same interface that the packet arrived on. What I am not clear on is this: does this only apply to incoming spoofed IPs made to look like the internal LAN addresses ?
Let's say the internal LAN is 109.1.x.x and a spoofed address of 209.x.x.x arrives on the external interface and you have a default route to the internet. Doesn't the default route now validates this spoofed address, meaning that the best way to reach this IP is through the outside interface-eventhough it is a forged IP?
Could someone please clarify the functionality of uRPF in the above scenario because I have a hard time understanding which spoofed IP addresses uRPF applies to- the internal LAN IP or unknown IPs coming from the Internet.
thanks in advance.
In newer code (12.3T and later) you actually have specific parameters to deal with this problem.
On your command line, there's an option to "use-default" or if you leave that off, the behavior is to NOT use a default route.
Still when we think about what RPF checks do, that MAY not be a problem for you. If you have a link to the Internet, and someone spoofs an address over the internet, you honestly don't have a clue about that anyway. All you would know is whether they were trying to spoof something you knew internally or from a more specific route (which the route lookup would tell you anyway)!