beautypg.com

Configuring a multicast data filter, Configuring a hello message filter – H3C Technologies H3C SecPath F1000-E User Manual

Page 650

background image

625

Determine the maximum delay between hello message (interface level value).

Determine the assert timeout time (global value/interface value).

Determine the join/prune interval (global value/interface level value).

Determine the join/prune timeout (global value/interface value).

Determine the multicast source lifetime.

Determine the maximum size of join/prune messages.

Determine the maximum number of (S, G) entries in a join/prune message.

Configuring a multicast data filter

No matter in a PIM-DM domain or a PIM-SM domain, routers can check passing-by multicast data based

on the configured filtering rules and determine whether to continue forwarding the multicast data. In

other words, PIM routers can act as multicast data filters. These filters can help implement traffic control
on one hand, and control the information available to receivers downstream to enhance data security on

the other hand.
To configure a multicast data filter:

Step

Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter public network PIM view.

pim

N/A

3.

Configure a multicast group filter.

source-policy acl-number

No multicast data filter by default

NOTE:

Generally, a smaller distance from the filter to the multicast source results in a more remarkable filtering
effect.

This filter works not only on independent multicast data but also on multicast data encapsulated in
register messages.

Configuring a hello message filter

Along with the wide applications of PIM, the security requirement for the protocol is becoming

increasingly demanding. The establishment of correct PIM neighboring relationships is the prerequisite

for secure application of PIM. You can configure a legal source address range for hello messages on
interfaces of routers to ensure the correct PIM neighboring relationships, and thus to guard against PIM

message attacks.
To configure a hello message filter:

Step

Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter interface view.

interface interface-type
interface-number

N/A

3.

Configure a hello message filter.

pim neighbor-policy acl-number

No hello message filter by
default

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: