HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

671

672

673

674

675

676

677

678

679

680

651

Configuring an MSDP mesh group

An AS can contain multiple MSDP peers. You can use the MSDP mesh group mechanism to avoid SA

message flooding among these MSDP peers and optimize the multicast traffic.

An MSDP peer in an MSDP mesh group forwards SA messages from outside the mesh group that passed

the RPF check to the other members in the mesh group. A mesh group member accepts SA messages from

inside the group without performing an RPF check, and does not forward the message within the mesh

group. This mechanism not only avoids SA flooding but also simplifies the RPF check mechanism because

you do not need to run BGP or MBGP between these MSDP peers.

By configuring the same mesh group name for multiple MSDP peers, you can create a mesh group that

contains these MSDP peers.

Before grouping multiple routers into an MSDP mesh group, make sure these routers are interconnected

with one another.

To create an MSDP mesh group:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter public network MSDP view.

msdp

N/A

3. Create an MSDP mesh group and

assign an MSDP peer to that mesh

group.

peer peer-address

mesh-group name

An MSDP peer does not belong to any mesh

group by default.

If you configure more than one mesh group

on an MSDP peer, only the last configuration

is effective.

Configuring MSDP peer connection control

MSDP peers are interconnected over TCP (port number 639). You can flexibly control sessions between

MSDP peers by manually deactivating and reactivating the MSDP peering connections. When the

connection between two MSDP peers is deactivated, SA messages will no longer be delivered between

them, and the TCP connection is closed without any connection setup retry. The configuration information,

however, remains unchanged.

A TCP connection is required in the following situations:

• When a new MSDP peer is created

• When a previously deactivated MSDP peer connection is reactivated

• When a previously failed MSDP peer attempts to resume operation

You can adjust the interval between MSDP peering connection retries.

To enhance MSDP security, configure a password for MD5 authentication used by both MSDP peers to

establish a TCP connection. If the MD5 authentication fails, the TCP connection cannot be established.

IMPORTANT:

The MSDP peers involved in MD5 authentication must be confi

ured with the same authentication method

and password. Otherwise, the authentication fails and the TCP connection cannot be established.