Setting the maximum number of (S, G) entries can prevent the Denial of Service (DoS) attack.
Users can disable the SA Cache of a switch. After the SA Cache of a switch is disabled, the
switch does not locally store the (S, G) information carried in SA messages. When a switch
wants to receive (S, G) data, it needs to waits for the SA message to be sent by its MSDP peer
in the next period. This delays receivers from obtaining multicast data.
Pre-configuration Tasks
Before configuring SA Cache, complete the following tasks:
l Configuring a unicast routing protocol to implement interconnection at the network layer
l Enabling IP multicast
l Configuring a PIM-SM domain to implement intra-domain multicast
l Configuring PIM-SM Inter-domain Multicast or Configuring an Anycast RP in a
PIM-SM Domain
Data Preparation
To configure SA Cache, you need the following data.
No. Data
1 Maximum number of (S, G) entries in the SA Cache
7.6.2 Configuring the Maximum Number of (S, G) Entries in the
Cache
Setting the maximum number of (S, G) entries in an SA cache can prevent DoS attacks.
Context
Do as follows on the switch on which the MSDP peer is configured:
NOTE
If the configuration is not done, default values are used.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
msdp [ vpn-instance vpn-instance-name ]
The MSDP view is displayed.
Step 3 Run:
peer peer-address sa-cache-maximum sa-limit
Quidway S7700 Smart Routing Switch
Configuration Guide - Multicast 7 MSDP Configuration
Issue 01 (2011-07-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
241
To Next Page
Loading...
