Unicast Reverse Path Forwarding (uRPF) is a powerful security tool that helps limit the problems that are caused by malformed or spoofed IP source addresses by discarding IP packets that lack a verifiable IP source address. For example, DoS attacks like Smurf and Tribe Flood Network (TFN) forge or rapidly change source IP addresses to cause a flood of useless packets that choke the network. Unicast RPF deflects such attacks by forwarding only packets that have source addresses that are valid and consistent with the IP routing table. This defensive action protects the network of the ISP, its customer, and the rest of the Internet.
LCOS SX supports two uRPF modes:
- Strict Mode: The path to the source IP address must be through the same interface as that on which the packet arrived
- Loose mode: The path to the source IP address can be through any interface on the device. The packet need not need to arrive on the same routing interface to which the source IP route lookup is resolved in order to pass the uRPF check
