Disabling Unicast RPF (CLI Procedure)
Unicast reverse-path forwarding (RPF) can help protect your LAN from denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks on untrusted interfaces. Unicast RPF filters traffic with source addresses that do not use the incoming interface as the best return path back to the source. If the network configuration changes so that an interface that has unicast RPF enabled becomes a trusted interface or becomes asymmetrically routed (the interface that receives a packet is not the best return path to the packet’s source), you should disable unicast RPF.
To disable unicast RPF on an EX Series switch, you must delete it from every interface on which you explicitly configured it. If you attempt to delete unicast RPF from an interface on which it was not explicitly enabled, the message warning: statement not found displays. If you do not disable unicast RPF on every interface on which you explicitly enabled it, unicast RPF remains implicitly enabled on all switch interfaces.
To disable unicast RPF on all switch interfaces, explicitly disable unicast RPF on every interface on which it was explicitly enabled:
[edit interfaces]
user@switch# delete
ge-1/0/10 unit 0 family inet rpf-check
