beautypg.com

Configuring a pim-sm domain border – H3C Technologies H3C S3600 Series Switches User Manual

Page 418

background image

4-13

the right of advertising RP information in the network. After being configured as a C-BSR, a router

automatically floods the network with bootstrap messages. As a bootstrap message has a TTL

value of 1, the whole network will not be affected as long as the neighbor router discards these

bootstrap messages. Therefore, with a legal BSR address range configured on all routers in the

entire network, all these routers will discard bootstrap messages from out of the legal address

range.

The above-mentioned preventive measures can partially protect the security of BSRs in a network.

However, if a legal BSR is controlled by an attacker, the above-mentioned problem will still occur.

Follow these steps to configure a C-BSR:

To do…

Use the command…

Remarks

Enter system view

system-view —

Enter PIM view

pim

Configure an interface as a
C-BSR

c-bsr interface-type
interface-number
hash-mask-len [ priority ]

Optional

No C-BSRs are configured by
default. The default priority is 0.

Configure a legal BSR address
range

bsr-policy acl-number

Optional

No restrictions on BSR address
range by default

Only one C-BSR is in effect on a Layer 3 switch at a time and the latest C-BSR configured on another

interface will overwrite the existing one.

Configuring a PIM-SM domain border

As the administrative core of a PIM-SM domain, the BSR sends the collected RP-Set information in the

form of bootstrap messages to all routers in the PIM-SM domain.

A PIM domain border is a bootstrap message boundary. Each BSR has its specific service scope. A

number of PIM domain border interfaces partition a network into different PIM-SM domains. Bootstrap

messages cannot cross a domain border in either direction.

Perform the following configuration on routers that can become a PIM-SM domain border.

Follow these steps to configure a PIM-SM domain border:

To do...

Use the command...

Remarks

Enter system view

system-view

Enter interface view

interface interface-type
interface-number

Configure a PIM-SM domain
border

pim bsr-boundary

Optional

By default, no PIM-SM domain
border is configured.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: