Configuring a pim domain border, Configuring global c-bsr parameters – H3C Technologies H3C SecPath F1000-E User Manual
Page 117
21
The above-mentioned preventive measures can partially protect the security of BSRs in a network.
However, if a legal BSR is controlled by an attacker, the above-mentioned problem will still occur.
Follow these steps to configure a C-BSR:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter public network PIM view
pim
—
Configure an interface as a C-BSR
c-bsr interface-type
interface-number [ hash-length
[ priority ] ]
Required
No C-BSRs are configured by
default.
Configure a legal BSR address
range
bsr-policy acl-number
Optional
No restrictions on BSR address
range by default
NOTE:
•
Because a large amount of information needs to be exchanged between a BSR and the other
devices in the PIM-SM domain, a relatively large bandwidth should be provided between the
C-BSRs and the other devices in the PIM-SM domain.
•
For C-BSRs interconnected via a Generic Routing Encapsulation (GRE) tunnel, multicast static
routes need to be configured to ensure that the next hop to a C-BSR is a GRE interface. For more
information about multicast static routes, see
Multicast Routing and Forwarding Configuration in
the
IP Multicast Volume.
Configuring a PIM domain border
As the administrative core of a PIM-SM domain, the BSR sends the collected RP-Set information in the
form of bootstrap messages to all routers in the PIM-SM domain.
A PIM domain border is a bootstrap message boundary. Each BSR has its specific service scope. A
number of PIM domain border interfaces partition a network into different PIM-SM domains. Bootstrap
messages cannot cross a domain border in either direction
Perform the following configuration on routers that can become a PIM domain border.
Follow these steps to configure a PIM domain border:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter interface view
interface interface-type
interface-number
—
Configure a PIM domain border
pim bsr-boundary
Required
By default, no PIM domain border
is configured.
Configuring global C-BSR parameters
In each PIM-SM domain, a unique BSR is elected from C-BSRs. The C-RPs in the PIM-SM domain send
advertisement messages to the BSR. The BSR summarizes the advertisement messages to form an RP-set