178
words, PIM routers can act as multicast data filters. These filters can help implement traffic control on one
hand, and control the information available to receivers downstream to enhance data security on the
other hand.
Generally, a smaller distance from the filter to the multicast source results in a more remarkable filtering
effect.
This filter works not only on independent multicast data but also on multicast data encapsulated in
register messages.
To configure a multicast data filter:
Ste
Command Remarks
1. Enter system view.
system-view N/A
2. Enter public network PIM view
or VPN instance PIM view.
pim [ vpn-instance
vpn-instance-name ]
N/A
3. Configure a multicast group
filter.
source-policy acl-number No multicast data filter by default
Configuring a hello message filter
Along with the wide applications of PIM, the security requirement for the protocol is becoming
increasingly demanding. The establishment of correct PIM neighboring relationships is the prerequisite
for secure application of PIM. You can configure a legal source address range for hello messages on
interfaces of routers to ensure the correct PIM neighboring relationships, guarding against PIM message
attacks.
To configure a hello message filter:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Configure a hello message
filter.
pim neighbor-policy acl-number
No hello message filter is
configured by default.
NOTE:
ith the hello messa
e filter confi
ured, if hello messa
es of an existing PIM neighbor fail to pass the
filter, the PIM neighbor will be removed automatically when it times out.
Configuring PIM hello options
In either a PIM-DM domain or a PIM-SM domain, the hello messages sent among routers contain the
following configurable options:
To Next Page
Loading...
