 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
For VPN interfaces that carry IP version 4 or version 6 (IPv4 or IPv6) traffic, you can reduce the impact of denial-of-service (DoS) attacks by configuring unicast reverse path forwarding (RPF). Unicast RPF helps determine the source of attacks and rejects packets from unexpected source addresses on interfaces where unicast RPF is enabled.
You can configure unicast RPF on a VPN interface by enabling unicast RPF on the interface and including the interface statement at the [edit routing-instances routing-instance-name] hierarchy level.
You cannot configure unicast RPF on the core-facing interfaces. You can only configure unicast RPF on the CE router-to-PE router interfaces on the PE router. However, for virtual-router routing instances, unicast RPF is supported on all interfaces you specify in the routing instance.
For information on how to configure unicast RPF on VPN interfaces, see the JUNOS Network Interfaces Configuration Guide.
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |