The BSR boundary is configured.
BSR messages cannot pass the BSR boundary.
----End
13.5.5 (Optional) Configuring the Range of Legal BSR addresses
ACL6-based policies can be set on all devices to filter C-BSR addresses. The devices then receive
only the Bootstrap messages with the source addresses being in the valid C-BSR address range.
Thus, BSR spoofing is avoided.
Context
Do as follows on all switchs in the PIM-SM domain:
NOTE
This configuration is optional. By default, source addresses of the received BSR packets are not checked,
and all received BSR packets are received.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
pim-ipv6
The PIM-IPv6 view is displayed.
Step 3 Run:
bsr-policy { basic-acl6-number | acl6-name acl6-name }
The range of legal BSR addresses is limited.
After receiving an IP packet carrying a Bootstrap message, a switch checks the source address
of the IP packet. If the source address is not in the range of legal BSR addresses, the packet is
discarded. The BSR spoofing is thus avoided.
basic-acl6-number specifies the number of the basic ACL. The ACL defines the filtering policy
for the source addresses of BSR messages.
----End
13.5.6 (Optional) Configuring the Range of Legal C-RP Addresses
ACL6-based policies can be set on all C-BSRs to filter C-RP addresses and addresses of the
groups that the C-RPs serve. The BSR adds C-RP information to the RP-set only when the
addresses are in the set legal address range. Thus, C-RP spoofing is avoided.
Context
Do as follows on all C-BSRs in the PIM-SM domain:
Quidway S7700 Smart Routing Switch
Configuration Guide - Multicast 13 PIM-SM (IPv6) Configuration
Issue 01 (2011-07-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
468
To Next Page
Loading...
