Cisco Cisco IOS Software Release 12.0(13)S7

© 2008 Cisco Systems, Inc. All rights reserved.

The Unicast Reverse Path Forwarding (Unicast RPF) in Strict Mode feature is a network security tool 
designed for use at the edge of a service-provider network to mitigate network attacks and provide 
protection from:

Data packets with malformed or forged IP source addresses received at the router (known as source 
address IP spoofing)

Data packets received from known IP addresses in multiple, shifting attacks

Starting in Cisco IOS Release 12.0(33)S, Unicast RPF is supported for IPv4 traffic filtering in strict 
mode, in addition to loose mode, on the Cisco 12000 series Internet router. Strict mode verifies that the 
source address of an IPv4 packet both exists in the routing table and is reachable by a path through the 
input interface before forwarding a packet. (Loose mode only verifies that the source IPv4 address exists 
in the routing table.)

Your Cisco IOS software release may not support all of the features documented in this module. To reach 
links to specific feature documentation in this module and to see a list of the releases in which each feature is 
supported, use the 

.

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS 
software image support. To access Cisco Feature Navigator, go to 

. An 

account on Cisco.com is not required.