Reverse Path Forwarding or RPF is a method that serves at least two purposes in routers;

1. Verify loop-free forwarding of multicast packets

The RPF mechanism essentially says “only forward packets  that come in on the interface that is used to reach back to the source” – this guarantees a loop-free distribution path. The idea here is to consult the unicast routing table and perform a lookup by source – i.e. contrary to what routers normally do, lookups by destination. If the source (of the multicast packet) can be reached via the interface through which the packet came in on then proceed with forwarding, otherwise drop the packet. In multicast routing the forwarding of the packets is done based upon source address. The objective here is that the multicast traffic should always flow away from the source (root of the tree).  If the RPF mechanism is not in place the packets will be routed/looped back and forth until their TTL expire.

2. Protect against unicast traffic sourced from spoofed IP addresses.

RPF can also be used as a tool to protect against packets whose source IP cannot be verified. When the technique is used for such a (filtering) function it is commonly referred to as Unicast RPF (uRPF). The mechanism is usually implemented at network edge to mitigate the threat as early as possible. When packets enter a router’s interface, before they’re forwarded, the router makes sure that the source address is reachable and/or the source is reachable via the ingress interface. This security mechanism is capable of lowering the number of spoofed packets in the network. For more on this practice please see RFC 3704.