cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1678
Views
0
Helpful
9
Replies

What is the difference between Unicast RPF and Reverse Path Forwarding?

thsecmaniac
Level 1
Level 1

I am confuses the function between Unicast RPF and Reverse Path Forwarding.

What is the difference between Unicast RPF and Reverse Path Forwarding?

Because they both verify the source address of each packet before forwarding it to the destination too?

 

Is Reverse Path Forwarding used only when the network want to build a shared tree of multicast communication and then we need to use Unicast RPF after the shared tree is created?

1 Accepted Solution

Accepted Solutions

The mechanism of RPF is mainly used to ensure loop-free routing of traffic.

As you probably already read, it does so by ensuring that its route to the source address of a received packet is reached through the same interface that the packet came in on. Think of the "root port" concept in STP; all root ports look to the root, like sunflowers follow the sun. Therefore this is innately a loop prevention mechanism.

With multicast traffic it is quite likely to create routing loops due to its "multi-destination" nature of traffic flow. Because of this, employing a mechanism such as RPF allows you to ensure that you are on the "root route" (so-to-speak) back to the source from which the multicast traffic originated. Otherwise if you're not then you are either receiving this traffic off a looped route, or a suboptimal path.

uRPF essentially works in the same manner, except it does so for unicast traffic instead. Now with unicast traffic your flow is coming from one source and heading to one destination. Given that, as well as the fact that you are using a dynamic routing algorithm (which selects the path to a destination), you cannot have routing loops in your network for unicast traffic flows; of course there can be exceptions with route redistribution configuration pitfalls.

However RPF when applied to unicast traffic can add another advantage, and that is source IP verification. Therefore we can use it as a security mechanism to ensure that the data is originating from where it is supposed to originate from.

On the L2 boundary, you then have mechanisms such as IP source guard to ensure that the exact host isn't spoofing their IP address.

Analogously RPF can be used for source verification for multicast traffic, and it is intrinsically doing that however, the more important role is for it to be used to ensure loop-free routing of multicast traffic.

I hope I've helped clear things up and not confused you any more with all of this.

View solution in original post

9 Replies 9

Muthurajeshwaran Natesan
Cisco Employee
Cisco Employee

Please refer the below link. let me know if you need more info.

 

http://en.wikipedia.org/wiki/Reverse_path_forwarding

 

thanks,

Muthu.

I read that wiki already but I still don't get it.

Hard to answer without context. But here is my guess. Unicast RPF is anti-spoofing mechanism and RPF is method used to forward multicast packets.

but both of them check the source address.

 

You mean Unicast RPF just filter only but RPF doesn't only check but also forward a packet to the destination?

AFAIK both will forward the packet and anti-spoofing mechanism is supported. Only terminology we used for unicast packets is URPF and for Multicast we use RPF.

 

Thanks,

Muthu.

 

but for anti-spoofing mechanism, why is uRPF only refered while RPF is not ?

The mechanism of RPF is mainly used to ensure loop-free routing of traffic.

As you probably already read, it does so by ensuring that its route to the source address of a received packet is reached through the same interface that the packet came in on. Think of the "root port" concept in STP; all root ports look to the root, like sunflowers follow the sun. Therefore this is innately a loop prevention mechanism.

With multicast traffic it is quite likely to create routing loops due to its "multi-destination" nature of traffic flow. Because of this, employing a mechanism such as RPF allows you to ensure that you are on the "root route" (so-to-speak) back to the source from which the multicast traffic originated. Otherwise if you're not then you are either receiving this traffic off a looped route, or a suboptimal path.

uRPF essentially works in the same manner, except it does so for unicast traffic instead. Now with unicast traffic your flow is coming from one source and heading to one destination. Given that, as well as the fact that you are using a dynamic routing algorithm (which selects the path to a destination), you cannot have routing loops in your network for unicast traffic flows; of course there can be exceptions with route redistribution configuration pitfalls.

However RPF when applied to unicast traffic can add another advantage, and that is source IP verification. Therefore we can use it as a security mechanism to ensure that the data is originating from where it is supposed to originate from.

On the L2 boundary, you then have mechanisms such as IP source guard to ensure that the exact host isn't spoofing their IP address.

Analogously RPF can be used for source verification for multicast traffic, and it is intrinsically doing that however, the more important role is for it to be used to ensure loop-free routing of multicast traffic.

I hope I've helped clear things up and not confused you any more with all of this.

Thanks  John. I more understand the difference of them after I read your explanation although there are about 15-20% of your explanation that don't answer a whole of my question

Glad I could be of help thsecmaniac. :-)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: