Configuring msdp peer connection control – H3C Technologies H3C S10500 Series Switches User Manual

213

An MSDP peer in an MSDP mesh group forwards SA messages from outside the mesh group that have

passed the RPF check to the other members in the mesh group. A mesh group member accepts SA

messages from inside the group without performing an RPF check, and does not forward the message
within the mesh group. This mechanism not only avoids SA flooding but also simplifies the RPF check

mechanism because you do not need to run BGP or MBGP between these MSDP peers.
By configuring the same mesh group name for multiple MSDP peers, you can create a mesh group that

contain these MSDP peers.
Follow these steps to create an MSDP mesh group:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enter public network MSDP view
or VPN instance MSDP view

msdp [ vpn-instance
vpn-instance-name ]

—

Create an MSDP mesh group and
assign an MSDP peer to that mesh

group

peer peer-address mesh-group
name

Required
An MSDP peer does not belong to
any mesh group by default

NOTE:
•

Before grouping multiple routers into an MSDP mesh group, make sure that these routers are
interconnected with one another.

•

If you configure more than one mesh group name on an MSDP peer, only the last configuration is
effective.

Configuring MSDP peer connection control

MSDP peers are interconnected over TCP (port number 639). You can flexibly control sessions between

MSDP peers by manually deactivating and reactivating the MSDP peering connections. When the

connection between two MSDP peers is deactivated, SA messages will no longer be delivered between

them, and the TCP connection is closed without any connection setup retry. The configuration information,

however, remain unchanged.
A TCP connection is required in the following situations:

•

When a new MSDP peer is created

•

When you reactivate a previously deactivated MSDP peer connection

•

When a previously failed MSDP peer attempts to resume operation

You can adjust the interval between MSDP peering connection retries.
To enhance MSDP security, you can configure an MD5 authentication key for the TCP connection to be
established with an MSDP peer. If the MD5 authentication fails, the TCP connection cannot be

established.
Follow these steps to configure MSDP peer connection control:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enter public network MSDP view or

VPN instance MSDP view

msdp [ vpn-instance

vpn-instance-name ]

—