Richard Burts Thu, 09/27/2007 - 02:46
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Akber


Reverse Path Forwarding is a concept that was developed as a way to detect and deny packets that appear to have forged source addresses. Hackers will frequently send packets in which they have put source addresses that are not really the correct source. Using RPF is a way to attempt to defend against these packets. The basic concept of RPF is that if you receive a packet and the interface on which you receive it is not the interface that you would use to get to the subnet of the source address then the packets is likely a forged address. For example on a router at the edge of your network which has an interface facing outward to the public network and an interface facing inward toward your private network and you receive a packet on the outward facing interface which has a source address claiming to be from your private network, then this packet is most likely forged and RPF would deny this packet.


A slightly different way of explaining it is that RPF looks at a packet that you receive, looks at the path that the packet used to get to us, and asks: if I go in the reverse direction (if I want to get to the source of this packet) is this the path that I would use to get there?


RPF usually makes more sense applied at the edges of your network (facing toward public networks, or facing toward access devices where user machines are connected) than it does applied in the interior of your network.


HTH


Rick

mirzaakberali Thu, 09/27/2007 - 21:36
User Badges:

Thanks Rick for the above inputs. It helped me in understanding the RPF fully.


Regards,

Akber.

Joseph W. Doherty Thu, 09/27/2007 - 04:12
User Badges:
  • Super Bronze, 10000 points or more

RPF also is used in multicast. Concept is similar to Rick's explanation for unicast RPF. With multicast, RPF ignores packets that don't come in on the interface that would be the expected interface leading back to the multicast source.


PS:

One issue to be aware of with RPF for unicast, it may drop "legal" traffic if the network has asymmetric routing.

Actions

This Discussion