Which mode of uRPF causes a router interface to accept a packet, if the network to which the packet’s source IP address belongs is found in the router’s FIB?
A. Strict mode
B. Loose mode
C. Auto mode
D. Desirable mode
Correct Answer: B
Explanation/Reference:
Unicast Reverse Path Forwarding (uRPF) has three modes of operation: strict mode , loose mode , and VRF mode . In strict mode, a router not only checks to make sure that the source IP address of an arriving packet is reachable, based on the router’s FIB, but the packet must also be arriving on the same interface that the router would use to send traffic back to that IP address. In loose mode, a router only verifies that the source IP address of the packet is reachable, based on the router’s FIB. VRF mode is similar to loose mode, in that the source IP addresses are checked against the FIB of a specific VRF. There is no auto or desirable uRPF mode.
A number of common types of DoS attacks take advantage of forged or rapidly changing source IP addresses, allowing attackers to thwart efforts by ISPs to locate or filter these attacks. Unicast RPF was originally created to help mitigate such attacks by providing an automated, scalable mechanism to implement the Internet Engineering Task Force (IETF) Best Common Practices 38/Request for Comments 2827 (BCP 38/RFC 2827) anti-spoofing filtering on the customer-to-ISP network edge. By taking advantage of the information stored in the Forwarding Information Base (FIB) that is created by the CEF switching process, Unicast RPF can determine whether IP packets are spoofed or malformed by matching the IP source address and ingress interface against the FIB entry that reaches ?back? to this source (a so-called ?reverse lookup?). Packets that are received from one of the best reverse path routes back out of the same interface are forwarded as normal. If there is no reverse path route on the same interface from which the packet was received, it might mean that the source address was modified, and the packet is dropped (by default).
.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_urpf/configuration/xe-3s/sec-data-urpf-xe-3s-book/sec-unicast-rpf-loose-mode.html?referring_site=RE&pos=1&page=http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/srpf_gsr.html#GUID-FFFA94D5-EEFB-4215-9EE1-DB37CD01C2CA
Explanation/Reference:
Unicast Reverse Path Forwarding (uRPF) has three modes of operation: strict mode , loose mode , and VRF mode . In strict mode, a router not only checks to make sure that the source IP address of an arriving packet is reachable, based on the router’s FIB, but the packet must also be arriving on the same interface that the router would use to send traffic back to that IP address. In loose mode, a router only verifies that the source IP address of the packet is reachable, based on the router’s FIB. VRF mode is similar to loose mode, in that the source IP addresses are checked against the FIB of a specific VRF. There is no auto or desirable uRPF mode.
A number of common types of DoS attacks take advantage of forged or rapidly changing source IP addresses, allowing attackers to thwart efforts by ISPs to locate or filter these attacks. Unicast RPF was originally created to help mitigate such attacks by providing an automated, scalable mechanism to implement the Internet Engineering Task Force (IETF) Best Common Practices 38/Request for Comments 2827 (BCP 38/RFC 2827) anti-spoofing filtering on the customer-to-ISP network edge. By taking advantage of the information stored in the Forwarding Information Base (FIB) that is created by the CEF switching process, Unicast RPF can determine whether IP packets are spoofed or malformed by matching the IP source address and ingress interface against the FIB entry that reaches ?back? to this source (a so-called ?reverse lookup?). Packets that are received from one of the best reverse path routes back out of the same interface are forwarded as normal. If there is no reverse path route on the same interface from which the packet was received, it might mean that the source address was modified, and the packet is dropped (by default).
.
http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_urpf/configuration/xe-3s/sec-data-urpf-xe-3s-book/sec-unicast-rpf-loose-mode.html?referring_site=RE&pos=1&page=http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/srpf_gsr.html#GUID-FFFA94D5-EEFB-4215-9EE1-DB37CD01C2CA
