Configuring a multicast data filter, Configuring a hello message filter – H3C Technologies H3C S10500 Series Switches User Manual
Page 186
171
•
Determine the maximum number of (S, G) entries in a join/prune message.
Configuring a multicast data filter
In either a PIM-DM domain or a PIM-SM domain, routers can check passing-by multicast data based on
the configured filtering rules and determine whether to continue forwarding the multicast data. In other
words, PIM routers can act as multicast data filters. These filters can help implement traffic control on one
hand, and control the information available to receivers downstream to enhance data security on the
other hand.
Follow these steps to configure a multicast data filter:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Enter public network PIM view or
VPN instance PIM view
pim [ vpn-instance
vpn-instance-name ]
—
Configure a multicast group filter
source-policy acl-number
Required
No multicast data filter by default.
NOTE:
•
Generally, a smaller distance from the filter to the multicast source results in a more remarkable filtering
effect.
•
This filter works not only on independent multicast data but also on multicast data encapsulated in
register messages.
Configuring a hello message filter
Along with the wide applications of PIM, the security requirement for the protocol is becoming
increasingly demanding. The establishment of correct PIM neighboring relationships is the prerequisite
for secure application of PIM. You can configure a legal source address range for hello messages on
interfaces of routers to ensure the correct PIM neighboring relationships, guarding against PIM message
attacks.
Follow these steps to configure a hello message filter:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter interface view
interface interface-type
interface-number
—
Configure a hello message filter
pim neighbor-policy acl-number
Required
No hello message filter by default.
NOTE:
With the hello message filter configured, if hello messages of an existing PIM neighbor fail to pass the
filter, the PIM neighbor will be removed automatically when it times out.