Unicast Reverse Path Forwarding (uRPF)

What is unicast reverse path forwarding:

1. Used to prevent malicious traffic on a network
2. This functionality works by verifying the source IP address in the packets that are being forwarded by the router
3. If the source IP address is not valid the packet is discarded.
4. IP CEF should be enabled to implement this feature.

This feature can be implemented in two modes:

Strict Mode: The router will look at the origination IP in its routing table and verify that this particular prefix is present in the routing table and also the return path for this IP address. If this is a match, the packet is forwarded

Loose Mode: The originating IP / prefix should be in the routing table but the return path or interface is not verified.

IOS implementation of this feature:

interface FastEthernet 1/1
ip verify unicast source reachable-via rx —> strict mode
ip verify unicast source reachable-via {rx | any} allow-default —> loose mode

Verification Command:

show cef interface FastEthernet 0/0