Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
2
Helpful
1
Replies

Has anyone done uRPF testing before?

JWHolm81891
Level 1
Level 1

‎10-23-2024 07:26 AM

I've been asked to do uRPF testing on CGNAt and public SIAs and I'm trying to understand the procedure better. As I understand it, (in strict mode) I am deploying a uRPF configuration on the customer-facing interfaces and making sure they aren't already running a protocol. This testing will also restrict private addresses.


Once I've added the uRPF config on the interface, I then can run (install) a Spoof Manager GUI test on that IP (of the customer's interface). Does this sound about right?

Labels:
1 Reply 1

Torbjørn
VIP
VIP

‎10-23-2024 09:17 AM

uRPF verifies that the source of traffic is correct according to the routing table. Strict mode validates both that there is a valid route and that the traffic arrives on the correct interface based on the source ip of the traffic. Loose mode only validates that there is a matching prefix in the routing table.

The easiest way to verify the functionality of strict mode uRPF is with a ping from a neighboring device. Configure a loopback interface on the neighboring device with an IP address that doesn't match with the current routing table of the device with uRPF enabled. You can then ping to some address that is routed through the device with uRPF enabled and monitor for the traffic on the expected egress interface, or verify with a FIA trace.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
Customers Also Viewed These Support Documents