09-27-2007 01:02 AM - edited 03-05-2019 06:43 PM
Hi,
Can any one please let me know what is Reverse path forwarding and what is the function of Upstream path and down stream path.
Thanks,
Akber Mirza.
09-27-2007 02:46 AM
Akber
Reverse Path Forwarding is a concept that was developed as a way to detect and deny packets that appear to have forged source addresses. Hackers will frequently send packets in which they have put source addresses that are not really the correct source. Using RPF is a way to attempt to defend against these packets. The basic concept of RPF is that if you receive a packet and the interface on which you receive it is not the interface that you would use to get to the subnet of the source address then the packets is likely a forged address. For example on a router at the edge of your network which has an interface facing outward to the public network and an interface facing inward toward your private network and you receive a packet on the outward facing interface which has a source address claiming to be from your private network, then this packet is most likely forged and RPF would deny this packet.
A slightly different way of explaining it is that RPF looks at a packet that you receive, looks at the path that the packet used to get to us, and asks: if I go in the reverse direction (if I want to get to the source of this packet) is this the path that I would use to get there?
RPF usually makes more sense applied at the edges of your network (facing toward public networks, or facing toward access devices where user machines are connected) than it does applied in the interior of your network.
HTH
Rick
09-27-2007 09:36 PM
Thanks Rick for the above inputs. It helped me in understanding the RPF fully.
Regards,
Akber.
09-27-2007 04:12 AM
RPF also is used in multicast. Concept is similar to Rick's explanation for unicast RPF. With multicast, RPF ignores packets that don't come in on the interface that would be the expected interface leading back to the multicast source.
PS:
One issue to be aware of with RPF for unicast, it may drop "legal" traffic if the network has asymmetric routing.
09-27-2007 06:05 AM
Hi,
The below URL should give you a good idea on RPF.
http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html
Also, for multiomed network, look at URPF with Loose Mode.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00803fa70b.html
I hope it helps.
Regards,
Arul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide