.. _clicmd_src_plugins_urpf:

===============================================================
Urpf cli reference
===============================================================

set urpf
-------------------------------------------------------------------------

.. code-block:: console

    set urpf [ip4|ip6] [rx|tx] [off|strict|loose] <INTERFACE>



This command configures uRPF on an interface.
Two flavours are supported (the default is strict):

- loose: accept ingress packet if there is a route to reach the source
- strict: accept ingress packet if it arrived on an interface which
           the route to the source uses. i.e. an interface that the source
           is reachable via.


Example of graph node before range checking is enabled:


.. code-block:: console

    show vlib graph ip4-rx-urpf-strict
    
               Name                      Next                    Previous
    ip4-rx-urpf-strict         ip4-drop [0]
    



Example of how to enable unicast source checking on an interface:


.. code-block:: console

    set urpf ip4 rx GigabitEthernet2/0/0 loose



Example of graph node after range checking is enabled:


.. code-block:: console

    show vlib graph ip4-rx-urpf-loose
    
          Name                    Next                  Previous
    ip4-rx-urpf-loose          ip4-drop [0]        ip4-input-no-checksum
                       ip4-source-and-port-range-       ip4-input
    



Example of how to display the feature enabled on an interface:


.. code-block:: console

    show ip interface features GigabitEthernet2/0/0
    
    IP feature paths configured on GigabitEthernet2/0/0...
    
    ipv4 unicast:
      ip4-rx-urpf-loose
      ip4-lookup
    
    ipv4 multicast:
      ip4-lookup-multicast
    
    ipv4 multicast:
      interface-output
    
    ipv6 unicast:
      ip6-lookup
    
    ipv6 multicast:
      ip6-lookup
    
    ipv6 multicast:
      interface-output
    



Example of how to disable unicast source checking on an interface:


.. code-block:: console

    set urpf ip4 off GigabitEthernet2/0/0




Declaration: ``set_interface_ip_source_check_command`` `src/plugins/urpf/urpf.c line 233 <https://github.com/FDio/vpp/blob/master//src/plugins/urpf/urpf.c#L233>`_

Implementation: ``urpf_cli_update``


set urpf-accept
-------------------------------------------------------------------------

.. code-block:: console

    urpf-accept [table <table-id>] [add|del] <PREFIX>



Add an exemption for a prefix to pass the Unicast Reverse Path
Forwarding (uRPF) loose check. This is for testing purposes only.
If the ``table`` is not enter it is defaulted to 0. Default
is to ``add``. VPP always performs a loose uRPF check for
for-us traffic.

Example of how to add a uRPF exception to a FIB table to pass the
loose RPF tests:


.. code-block:: console

    set urpf-accept table 7 10.0.0.0/8 add



Declaration: ``urpf_accept_command`` `src/plugins/urpf/urpf.c line 310 <https://github.com/FDio/vpp/blob/master//src/plugins/urpf/urpf.c#L310>`_

Implementation: ``urpf_cli_accept``