HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

671

672

673

674

675

676

677

678

679

680

652

To configure MSDP peer connection control:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter public network MSDP

view.

msdp N/A

3. Deactivate an MSDP peer.

shutdown peer-address

Optional.

Active by default.

4. Configure the interval

between MSDP peer

connection retries.

timer retry interval

Optional.

30 seconds by default.

5. Configure a password for

MD5 authentication used by

both MSDP peers to establish

a TCP connection.

peer peer-address password

{ cipher cipher-password | simple

simple-password }

Optional.

By default, MD5 authentication is

not performed before a TCP

connection is established.

Configuring SA message related parameters

This section describes how to configure SA message related parameters.

Configuration prerequisites

Before you configure SA message delivery, complete the following tasks:

• Configure any unicast routing protocol so that all devices in the domain are interoperable at the

network layer.

• Configure basic MSDP functions.

• Determine the ACL rules for filtering SA request messages.

• Determine the ACL rules as SA message creation rules.

• Determine the ACL rules for filtering SA messages to be received and forwarded.

• Determine the time to live (TTL) threshold for multicast packet encapsulation in SA messages.

• Determine the maximum number of (S, G) entries learned from the specified MSDP peer that the

router can cache.

Configuring SA message content

Some multicast sources send multicast data at an interval longer than the aging time of (S, G) entries. In

this case, the source-side DR must encapsulate multicast data packet-by-packet in register messages and

send them to the source-side RP. The source-side RP transmits the (S, G) information to the remote RP

through SA messages. Then, the remote RP joins the source-side DR and builds an SPT. Because the (S,

G) entries have timed out, remote receivers can never receive the multicast data from the multicast source.

After the source-side RP is enabled to encapsulate multicast data in SA messages, if the RP wants to sends

a multicast packet, it encapsulates the multicast packet in an SA message and sends it. After the remote

RP receives the SA message, it de-encapsulates the SA message. Then, it delivers the multicast packet to

the receivers in the local domain along the RPT.