From Infrastructure Router Security Technical Implementation Guide Cisco
Part of IPv6 Egress Outbound Spoofing Filter
Unicast Reverse Path Forwarding (uRPF) provides a mechanism for IP address spoof protection. When uRPF is enabled on an interface, the router examines all packets received as input on that interface to make sure that the source address and source interface appear in the routing table and match the interface on which the packet was received. If the packet was received from one of the best reverse path routes, the packet is forwarded as normal. If there is no reverse path route on the same interface from which the packet was received, it might mean that the source address was modified. If Unicast RPF does not find a reverse path for the packet, the packet is dropped.
IOS example interface FastEthernet 1/1 description downstream link to our network ipv6 address 2001:db8:60::f15:60c2 ipv6 verify unicast source reachable-via rx outbound-to-backbone ipv6 access-list outbound-to-backbone remark explicitly block all other packets deny ipv6 any any log
The network element must be configured to ensure that an ACL is configured to restrict the router from accepting any outbound IP packet that contains an external IP address in the source field.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer