A:
URPF is short for unicast reverse path
forwarding, which functions to guard against network attacks such as spoofing on
the basis of source address. By reverse, it compares with the normal route
lookup. Generally, a router looks up the route according to destination address
gotten from packet it received; if the route is found, the router will forward
the packet, or discard it. If URPF is enable, MA5200G will check if the
interface that the source address corresponds in FIB matches the ingress, via
getting the source address of a packet and the ingress, with source address as
destination address; if not, the source address will be regarded as spoofing,
and the packet is discarded. By this way, URPF could avoid evil attacks by
changing the source address in network.
The command for MA5200G to enable URPF is as
follows (the functionality is defaulted to disable)
[MA5200G-Ethernet2/0/0]urpf
enable