Configuring a pim domain border, Configuring global c-bsr parameters – H3C Technologies H3C S12500 Series Switches User Manual

133

The preventive measures can partially protect the security of BSRs in a network. However, if an attacker

controls a legal BSR, the preceding problem will still occur.
Because a large amount of information needs to be exchanged between a BSR and the other devices in

the PIM-SM domain, a relatively large bandwidth should be provided between the C-BSRs and the other

devices in the PIM-SM domain.
For C-BSRs interconnected through a Generic Routing Encapsulation (GRE) tunnel, multicast static routes
need to be configured to make sure that the next hop to a C-BSR is a tunnel interface. For more

information about multicast static routes, see "Configuring multicast routing and forwarding."
To configure a C-BSR:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter public network PIM view

or VPN instance PIM view.

pim [ vpn-instance
vpn-instance-name ]

N/A

3.

Configure an interface as a
C-BSR.

c-bsr interface-type
interface-number [ hash-length

[ priority ] ]

No C-BSRs are configured by
default.

4.

Configure a legal BSR
address range.

bsr-policy acl-number

Optional.
No restrictions on BSR address

range by default.

Configuring a PIM domain border

As the administrative core of a PIM-SM domain, the BSR sends the collected RP-set information in the form

of bootstrap messages to all routers in the PIM-SM domain.
A PIM domain border is a bootstrap message boundary. Each BSR has its specific service scope. A

number of PIM domain border interfaces partition a network into different PIM-SM domains. Bootstrap
messages cannot cross a domain border in either direction
Perform the following configuration on routers that you want to configure as a PIM domain border.
To configure a PIM domain border:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type
interface-number

N/A

3.

Configure a PIM domain

border.

pim bsr-boundary

By default, no PIM domain border
is configured.

Configuring global C-BSR parameters

In each PIM-SM domain, a unique BSR is elected from C-BSRs. The C-RPs in the PIM-SM domain send

advertisement messages to the BSR. The BSR summarizes the advertisement messages to form an RP-set
and advertises it to all routers in the PIM-SM domain. All the routers use the same hash algorithm to get

the RP address that corresponds to specific multicast groups.
You can configure the hash mask length and C-BSR priority globally, in an admin-scoped zone, and in

the global-scoped zone.