Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Example: Configuring RPF Policies
A multicast RPF policy disables RPF checks for a particular multicast (S,G) pair. You usually disable RPF checks on egress routing devices of a point-to-multipoint LSP, because the interface receiving the multicast traffic on a point-to-multipoint LSP egress router might not always be the RPF interface.
This example configures an RPF check policy named disable-RPF-on-PE. The disable-RPF-on-PE policy disables RPF checks on packets arriving for group 228.0.0.0/8 or from source address 196.168.25.6.
Requirements
Before you begin:
- Configure the router interfaces. See the Network Interfaces Configuration Guide.
- Configure an interior gateway protocol or static routing. See the Routing Protocols Configuration Guide.
Overview
An RPF policy behaves like an import policy. If no policy term matches the input packet, the default action is to accept (that is, to perform the RPF check). The route-filter statement filters group addresses, and the source-address-filter statement filters source addresses.
This example configures each condition as a separate policy and reference both policies in the rpf-check-policy statement. This allows you to associate groups in one policy and sources in the other.
 | Note: Be careful when disabling RPF checks on multicast traffic. If you disable RPF checks in some configurations, multicast loops can result. |
Changes to an RPF check policy take effect immediately:
- If no policy was previously configured, the policy takes effect immediately.
- If the policy name is changed, the new policy takes effect immediately and any packets no longer filtered are subjected to the RPF check.
- If the policy is deleted, all packets formerly filtered are subjected to the RPF check.
- If the underlying policy is changed, but retains the same name, the new conditions take effect immediately and any packets no longer filtered are subjected to the RPF check.
Configuration
CLI Quick Configuration
To quickly configure an RPF policy, copy the following commands into a text file, remove any line breaks, and then paste the commands into the CLI.
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Modification of the Junos OS Configuration in Junos OS CLI, Release 10.3.
To configure an RPF policy:
Configure a policy for group addresses.
[edit]user@host# edit policy-options[edit policy-options]user@host# set policy-statement disable-RPF-for-group term first from route-filter 228.0.0.0/8 orlonger[edit policy-options]user@host# set policy-statement disable-RPF-for-group term first then rejectConfigure a policy for a source address.
[edit policy-options]user@host# set policy-statement disable-RPF-for-source term first from source-address-filter 192.168.25.6/32 exact[edit policy-options]user@host# set policy-statement disable-RPF-for-source term first then reject[edit policy-options]user@host# exitApply the policies.
[edit]user@host# edit routing-options[edit routing-options]user@host# set multicast rpf-check-policy [ disable-RPF-for-group disable-RPF-for-source ]If you are done configuring the device, commit the configuration.
[edit routing-instances]user@host# commit
Results
Confirm your configuration by entering the show policy-options and show routing-options commands.
Verification
To verify the configuration, run the show multicast rpf command.
