.. _clicmd_src_plugins_urpf: =============================================================== Urpf cli reference =============================================================== set urpf ------------------------------------------------------------------------- .. code-block:: console set urpf [ip4|ip6] [rx|tx] [off|strict|loose] [table ] This command configures uRPF on an interface. Two flavours are supported (the default is strict): - loose: accept ingress packet if there is a route to reach the source - strict: accept ingress packet if it arrived on an interface which the route to the source uses. i.e. an interface that the source is reachable via. Example of graph node before range checking is enabled: .. code-block:: console show vlib graph ip4-rx-urpf-strict Name Next Previous ip4-rx-urpf-strict ip4-drop [0] Example of how to enable unicast source checking on an interface: .. code-block:: console set urpf ip4 rx GigabitEthernet2/0/0 loose Example of graph node after range checking is enabled: .. code-block:: console show vlib graph ip4-rx-urpf-loose Name Next Previous ip4-rx-urpf-loose ip4-drop [0] ip4-input-no-checksum ip4-source-and-port-range- ip4-input Example of how to display the feature enabled on an interface: .. code-block:: console show ip interface features GigabitEthernet2/0/0 IP feature paths configured on GigabitEthernet2/0/0... ipv4 unicast: ip4-rx-urpf-loose ip4-lookup ipv4 multicast: ip4-lookup-multicast ipv4 multicast: interface-output ipv6 unicast: ip6-lookup ipv6 multicast: ip6-lookup ipv6 multicast: interface-output Example of how to disable unicast source checking on an interface: .. code-block:: console set urpf ip4 off GigabitEthernet2/0/0 Declaration: ``set_interface_ip_source_check_command`` `src/plugins/urpf/urpf.c line 315 `_ Implementation: ``urpf_cli_update`` set urpf-accept ------------------------------------------------------------------------- .. code-block:: console urpf-accept [table ] [add|del] Add an exemption for a prefix to pass the Unicast Reverse Path Forwarding (uRPF) loose check. This is for testing purposes only. If the ``table`` is not enter it is defaulted to 0. Default is to ``add``. VPP always performs a loose uRPF check for for-us traffic. Example of how to add a uRPF exception to a FIB table to pass the loose RPF tests: .. code-block:: console set urpf-accept table 7 10.0.0.0/8 add Declaration: ``urpf_accept_command`` `src/plugins/urpf/urpf.c line 393 `_ Implementation: ``urpf_cli_accept``