для Cisco Cisco IOS Software Release 12.0(13)S7
Unicast Reverse Path Forwarding for IPv6 on the Cisco 12000 Series Internet Router
Configuring Unicast RPF for IPv6 in Strict Checking Mode
6
Cisco IOS Release 12.0(31)S
For example:
•
In an ISP environment, a router that is a leased-line aggregation router for customers needs only the
information based on the static routes redistributed into the IGP or IBGP (depending on which
technique is used in the network). Unicast RPF for IPv6 is configured on the customer
interfaces—hence the requirement for minimal routing information.
information based on the static routes redistributed into the IGP or IBGP (depending on which
technique is used in the network). Unicast RPF for IPv6 is configured on the customer
interfaces—hence the requirement for minimal routing information.
•
A single-homed ISP could place Unicast RPF for IPv6 on the gateway link to the Internet. The full
Internet routing table is required. Requiring the full routing table helps protect the ISP from external
DoS attacks that use addresses that are not in the Internet routing table.
Internet routing table is required. Requiring the full routing table helps protect the ISP from external
DoS attacks that use addresses that are not in the Internet routing table.
Restrictions on Using Unicast RPF
Do not use Unicast RPF for IPv6 on core-facing interfaces that are internal to the network. Core-facing
interfaces are likely to have multiple routes to the source of a packet. For the best return path (route) to
the packet source, only applyUnicast RPF for IPv6 to the interface on which IPv6 packets are received.
If administrators carefully plan for the interfaces on which they enable Unicast RPF for IPv6, then
routing asymmetry is not a serious problem.
interfaces are likely to have multiple routes to the source of a packet. For the best return path (route) to
the packet source, only applyUnicast RPF for IPv6 to the interface on which IPv6 packets are received.
If administrators carefully plan for the interfaces on which they enable Unicast RPF for IPv6, then
routing asymmetry is not a serious problem.
For example, routers:
•
At the edge of the network of an ISP are more likely to have symmetrical reverse paths than routers
that are in the core of the ISP network.
that are in the core of the ISP network.
•
In the core of the ISP network have no guarantee that the best forwarding path out of the router will
be the path selected for packets returning to the router.
be the path selected for packets returning to the router.
Hence, we do not recommend that you apply Unicast RPF for IPv6 in cases in which a chance of
asymmetric routing exists. Only deploy Unicast RPF for IPv6 on a Cisco 12000 series Internet router at
the edge of a network, or for an ISP at the customer edge of the network.
asymmetric routing exists. Only deploy Unicast RPF for IPv6 on a Cisco 12000 series Internet router at
the edge of a network, or for an ISP at the customer edge of the network.
Configuring Unicast RPF for IPv6 in Strict Checking Mode
This section describes the procedures for configuring the Unicast RPF for IPv6 feature in strict checking
mode to filter IPv6 packets on the Cisco 12000 series Internet router.
mode to filter IPv6 packets on the Cisco 12000 series Internet router.
Strict checking mode verifies that the source IPv6 address of an IPv6 packet exists in the routing table
and that the source IPv6 address is reachable by a path through the input interface. To configure strict
checking mode for IPv6, use one of the following commands:
and that the source IPv6 address is reachable by a path through the input interface. To configure strict
checking mode for IPv6, use one of the following commands:
•
ipv6 verify unicast source reachable-via rx
•
ipv6 verify unicast reverse-path
Starting in Cisco IOS Release 12.0(31)S, the Cisco 12000 series Internet router supports both commands
to enable Unicast RPF to be compatible with the Cisco IOS Release 12.3T and 12.2S software trains.
to enable Unicast RPF to be compatible with the Cisco IOS Release 12.3T and 12.2S software trains.
Note
On the Cisco 12000 series Internet router, it is not necessary to enable Cisco Express Forwarding for
IPv6 (CEFv6) using the ipv6 cef command because CEF is enabled by default in distributed mode on
Cisco 12000 series line cards. The line cards can perform the express forwarding by themselves,
relieving the main route processor (GRP or PRP) of involvement in the switching operation.
IPv6 (CEFv6) using the ipv6 cef command because CEF is enabled by default in distributed mode on
Cisco 12000 series line cards. The line cards can perform the express forwarding by themselves,
relieving the main route processor (GRP or PRP) of involvement in the switching operation.