Unicast RPF has several key implementation principles:
The packet must be received at an interface that has the best return path (route) to the packet source (a process called symmetric routing). There must be a route in the FIB that matches the route to the receiving interface. Static routes, network statements,
and dynamic routing add routes to the FIB.
IP source addresses at the receiving interface must match the routing entry for the interface.
Unicast RPF is an input function and is applied only on the input interface of a device at the upstream end of a connection.
You can use Unicast RPF for downstream networks, even if the downstream network has other connections to the Internet.
Be careful when using optional BGP attributes, such as weight and local preference, because an attacker can modify the best
path back to the source address. Modification would affect the operation of Unicast RPF.
When a packet is received at the interface where you have configured Unicast RPF and ACLs, the Cisco NX-OS software performs
the following actions: