URPF work flow
URPF does not check multicast packets.
Figure 125: URPF work flow
URPF works in the following steps:
URPF checks source address validity:
Discards packets with a source broadcast address.
Discards packets with an all-zero source address but a non-broadcast destination address. (A packet with source address 0.0.0.0 and destination address 255.255.255.255 might be a DHCP or BOOTP packet and cannot be discarded.)
Proceeds to step 2 for other packets.
If yes, proceeds to step 3.
If no, proceeds to step 6.
If yes, proceeds to step 8.
If no, URPF checks whether the matching route is a direct route: if yes, proceeds to step 5. If no, proceeds to step 4.
If yes, proceeds to step 8.
If no, proceeds to step 9.
If yes, proceeds to step 8.
If no, proceeds to step 9.
If yes, proceeds to step 7.
If no, proceeds to step 9.
If yes, proceeds to step 8.
If no, URPF checks whether the output interface of the default route matches the receiving interface of the packet: if yes, proceeds to step 8. If no, proceeds to step 9.
URPF checks whether the source address matches a FIB entry:
If yes, proceeds to step 3.
If no, proceeds to step 6.
If yes, proceeds to step 8.
If no, URPF checks whether the matching route is a direct route: if yes, proceeds to step 5. If no, proceeds to step 4.
If yes, proceeds to step 8.
If no, proceeds to step 9.
If yes, proceeds to step 8.
If no, proceeds to step 9.
If yes, proceeds to step 7.
If no, proceeds to step 9.
If yes, proceeds to step 8.
If no, URPF checks whether the output interface of the default route matches the receiving interface of the packet: if yes, proceeds to step 8. If no, proceeds to step 9.
URPF checks whether the check mode is loose:
If yes, proceeds to step 8.
If no, URPF checks whether the matching route is a direct route: if yes, proceeds to step 5. If no, proceeds to step 4.
If yes, proceeds to step 8.
If no, proceeds to step 9.
If yes, proceeds to step 8.
If no, proceeds to step 9.
If yes, proceeds to step 7.
If no, proceeds to step 9.
If yes, proceeds to step 8.
If no, URPF checks whether the output interface of the default route matches the receiving interface of the packet: if yes, proceeds to step 8. If no, proceeds to step 9.
URPF checks whether the receiving interface matches the output interface of the matching FIB entry:
If yes, proceeds to step 8.
If no, proceeds to step 9.
If yes, proceeds to step 8.
If no, proceeds to step 9.
If yes, proceeds to step 7.
If no, proceeds to step 9.
If yes, proceeds to step 8.
If no, URPF checks whether the output interface of the default route matches the receiving interface of the packet: if yes, proceeds to step 8. If no, proceeds to step 9.
URPF checks whether the source IP address matches an ARP entry:
If yes, proceeds to step 8.
If no, proceeds to step 9.
If yes, proceeds to step 7.
If no, proceeds to step 9.
If yes, proceeds to step 8.
If no, URPF checks whether the output interface of the default route matches the receiving interface of the packet: if yes, proceeds to step 8. If no, proceeds to step 9.
URPF checks whether the FIB table has a default route:
If yes, proceeds to step 7.
If no, proceeds to step 9.
If yes, proceeds to step 8.
If no, URPF checks whether the output interface of the default route matches the receiving interface of the packet: if yes, proceeds to step 8. If no, proceeds to step 9.
URPF checks whether the check mode is loose:
If yes, proceeds to step 8.
If no, URPF checks whether the output interface of the default route matches the receiving interface of the packet: if yes, proceeds to step 8. If no, proceeds to step 9.
The packet passes the check and is forwarded.
The packet is discarded.