Reverse Path Forwarding - Cisco Catalyst 3650 Configuration Manual

IP Multicast Optimization: Multicast Subsecond Convergence
Related Topics
Modifying the PIM Router Query Message Interval, on page 308
Modifying the PIM Router Query Message Interval Example, on page 311

Reverse Path Forwarding

Unicast Reverse Path Forwarding (RPF) helps to mitigate problems caused by the introduction of malformed
or forged IP source addresses into a network by discarding IP packets that lack a verifiable IP source address.
Malformed or forged source addresses can indicate denial-of-service (DoS) attacks based on source IP address
spoofing.
RPF uses access control lists (ACLs) in determining whether to drop or forward data packets that have
malformed or forged IP source addresses. An option in the ACL commands allows system administrators to
log information about dropped or forwarded packets. Logging information about forged packets can help in
uncovering information about possible network attacks.
Per-interface statistics can help system administrators quickly discover the interface serving as the entry point
for an attack on the network.
RPF Checks
PIM is designed to forward IP multicast traffic using the standard unicast routing table. PIM uses the unicast
routing table to decide if the source of the IP multicast packet has arrived on the optimal path from the source.
This process, the RPF check, is protocol-independent because it is based on the contents of the unicast routing
table and not on any particular routing protocol.
Related Topics
Modifying the Periodic RPF Check Interval, on page 306
Example Modifying the Periodic RPF Check Interval, on page 310
Triggered RPF Checks
Multicast subsecond convergence provides the ability to trigger a check of RPF changes for mroute states.
This check is triggered by unicast routing changes. By performing a triggered RPF check, users can set the
periodic RPF check to a relatively high value (for example, 10 seconds) and still fail over quickly.
The triggered RPF check enhancement reduces the time needed for service to be restored after disruption,
such as for single service events (for example, in a situation with one source and one receiver) or as the service
scales along any parameter (for example, many sources, many receivers, and many interfaces). This
enhancement decreases in time-to-converge PIM (mroute), IGMP, and MSDP (SA cache) states.
RPF Failover
In an unstable unicast routing environment that uses triggered RPF checks, the environment could be constantly
triggering RPF checks, which places a burden on the resources of the device. To avoid this problem, use the
ip multicast rpf backoff command to prevent a second triggered RPF check from occurring for the length
OL-29890-01
IP Multicast Routing Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3650 Switches)
Reverse Path Forwarding
305