Urpf cli reference

set urpf

set urpf [ip4|ip6] [rx|tx] [off|strict|loose] <INTERFACE> [table <table>]

This command configures uRPF on an interface. Two flavours are supported (the default is strict):

  • loose: accept ingress packet if there is a route to reach the source

  • strict: accept ingress packet if it arrived on an interface which

    the route to the source uses. i.e. an interface that the source is reachable via.

Example of graph node before range checking is enabled:

show vlib graph ip4-rx-urpf-strict

           Name                      Next                    Previous
ip4-rx-urpf-strict         ip4-drop [0]

Example of how to enable unicast source checking on an interface:

set urpf ip4 rx GigabitEthernet2/0/0 loose

Example of graph node after range checking is enabled:

show vlib graph ip4-rx-urpf-loose

      Name                    Next                  Previous
ip4-rx-urpf-loose          ip4-drop [0]        ip4-input-no-checksum
                   ip4-source-and-port-range-       ip4-input

Example of how to display the feature enabled on an interface:

show ip interface features GigabitEthernet2/0/0

IP feature paths configured on GigabitEthernet2/0/0...

ipv4 unicast:
  ip4-rx-urpf-loose
  ip4-lookup

ipv4 multicast:
  ip4-lookup-multicast

ipv4 multicast:
  interface-output

ipv6 unicast:
  ip6-lookup

ipv6 multicast:
  ip6-lookup

ipv6 multicast:
  interface-output

Example of how to disable unicast source checking on an interface:

set urpf ip4 off GigabitEthernet2/0/0

Declaration: set_interface_ip_source_check_command src/plugins/urpf/urpf.c line 315

Implementation: urpf_cli_update

set urpf-accept

urpf-accept [table <table-id>] [add|del] <PREFIX>

Add an exemption for a prefix to pass the Unicast Reverse Path Forwarding (uRPF) loose check. This is for testing purposes only. If the table is not enter it is defaulted to 0. Default is to add. VPP always performs a loose uRPF check for for-us traffic.

Example of how to add a uRPF exception to a FIB table to pass the loose RPF tests:

set urpf-accept table 7 10.0.0.0/8 add

Declaration: urpf_accept_command src/plugins/urpf/urpf.c line 393

Implementation: urpf_cli_accept