Exam JN0-104 topic 1 question 11 discussion

B: The packet it forwarded - https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/topic-map/interfaces-configuring-unicast-rpf.html

B. Packet is forwarded not discarded.

Packet is Discarded. FIB Source address is 10.10.10.10 on ge0/0/1.0 Next hop cannot be to the interface it is receiving the source IP on - 10.10.10.10 should have the next hop of a different outgoing interface Therefor, FIB entry does not mach incoming interface and packet is dropped

B is the correct answer.

B: The packet it forwarded - https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/topic-map/interfaces-configuring-unicast-rpf.html

B is the correct answer If a device running Junos OS receives a packet with a source address of 10.10.10.10 on interface ge-0/0/1.0 and the you configured the device to perform the unicast RPF check on that interface, it examines its routing table for the best route to 10.10.10.10. If the route lookup returns a route for 10.10.10.0/24 with a next hop of interface ge-0/0/1.0, the packet passes the unicast RPF check and is accepted.

the provided answer is Correct uRPF checks the source address, and interface

B: The packet it forwarded - https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/topic-map/interfaces-configuring-unicast-rpf.html

Key phrase to take note off : A ROUTE LOOKUP determines that THE NEXT HOP for the 10.10.10.10 address "IS" the ge-0/0/1.0 interface. So the packet in question, which was received on the ge-0/0/1.0 interface had a "fake" source IP address, meaning it's likely a spoofing attack. Hence the packet is not only rejected but discarded (silently dropped, with no ICMP sent back)

interface is same for lookup as where the packet is received.

Packet is Forwarded

return traffic would go through the same interface and that is allowed for rpf. So this packet is forwarded.

D is your answer. This is because Unicast Reverse Path Forwarding (RPF) is used to prevent the spread of network misconfigurations and malicious traffic, such as spoofed IP addresses. When RPF is enabled on an interface, it checks the source address of incoming packets against the routing table to verify if the incoming interface is the expected path for that source address. If the incoming interface is not the expected path, the packet is discarded. In this scenario, the route lookup determines that the next hop for the source address 10.10.10.10 is the same interface the packet was received on, which is the ge-0/0/1.0 interface. This means the source address is not reachable through another interface, therefore the packet is considered to be a spoofed packet and is discarded

Ref: Understanding How Unicast Reverse Path Forwarding Prevents Spoofed IP Packet Forwarding - TechLibrary - Juniper Networks "Understanding How Unicast Reverse Path Forwarding Prevents Spoofed IP Packet Forwarding ... A unicast reverse-path-forwarding (RPF) check is a tool to reduce forwarding of IP packets that might be spoofing an address. A unicast RPF check performs a forwarding table lookup on an IP packet’s source address, and checks the incoming interface. The router or switch determines whether the packet is arriving from a path that the sender would use to reach the destination. If the packet is from a valid path, the router or switch forwards the packet to the destination address. If it is not from a valid path, the router or switch discards the packet. ..."

b is the correct answer

Answer B

It’s B