Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Reverse path Forwarding

Hi,

Can any one please let me know what is Reverse path forwarding and what is the function of Upstream path and down stream path.

Thanks,

Akber Mirza.

4 REPLIES
Hall of Fame Super Silver

Re: Reverse path Forwarding

Akber

Reverse Path Forwarding is a concept that was developed as a way to detect and deny packets that appear to have forged source addresses. Hackers will frequently send packets in which they have put source addresses that are not really the correct source. Using RPF is a way to attempt to defend against these packets. The basic concept of RPF is that if you receive a packet and the interface on which you receive it is not the interface that you would use to get to the subnet of the source address then the packets is likely a forged address. For example on a router at the edge of your network which has an interface facing outward to the public network and an interface facing inward toward your private network and you receive a packet on the outward facing interface which has a source address claiming to be from your private network, then this packet is most likely forged and RPF would deny this packet.

A slightly different way of explaining it is that RPF looks at a packet that you receive, looks at the path that the packet used to get to us, and asks: if I go in the reverse direction (if I want to get to the source of this packet) is this the path that I would use to get there?

RPF usually makes more sense applied at the edges of your network (facing toward public networks, or facing toward access devices where user machines are connected) than it does applied in the interior of your network.

HTH

Rick

New Member

Re: Reverse path Forwarding

Thanks Rick for the above inputs. It helped me in understanding the RPF fully.

Regards,

Akber.

Super Bronze

Re: Reverse path Forwarding

RPF also is used in multicast. Concept is similar to Rick's explanation for unicast RPF. With multicast, RPF ignores packets that don't come in on the interface that would be the expected interface leading back to the multicast source.

PS:

One issue to be aware of with RPF for unicast, it may drop "legal" traffic if the network has asymmetric routing.

Cisco Employee

Re: Reverse path Forwarding

Hi,

The below URL should give you a good idea on RPF.

http://www.cisco.com/web/about/security/intelligence/unicast-rpf.html

Also, for multiomed network, look at URPF with Loose Mode.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a00803fa70b.html

I hope it helps.

Regards,

Arul

428
Views
10
Helpful
4
Replies