HP VPN Firewall Appliances Network Management Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

671

672

673

674

675

676

677

678

679

680

654

A filtering rule for receiving or forwarding SA messages enables the router to filter the (S, G) forwarding

entries to be advertised when the router receives or forwards an SA message. This controls the

propagation of multicast source information at SA message reception or forwarding.

A TTL threshold for multicast data packet encapsulation in SA messages controls the multicast data

packet encapsulation in SA messages and limits the propagation range of SA messages:

• Before creating an SA message with an encapsulated multicast data packet, the router examines

the TTL value of the multicast data packet:

{ If the TTL value is less than the threshold, the router does not create an SA message.

{ If the TTL value is greater than or equal to the threshold, the router encapsulates the multicast

data in an SA message and sends the SA message.

• After receiving an SA message with an encapsulated multicast data packet, the router decreases the

TTL value of the multicast packet by 1 and then checks the TTL value:

{ If the TTL value is less than the threshold, the router does not forward the SA message to the

designated MSDP peer.

{ If the TTL value is greater than or equal to the threshold, the router re-encapsulates the multicast

data in an SA message and sends the SA message.

To configure a filtering rule for receiving or forwarding SA messages:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter public network MSDP

view.

msdp N/A

3. Configure an SA message

creation rule.

import-source [ acl acl-number ]

No restrictions on (S, G) entries by

default.

4. Configure a filtering rule for

receiving or forwarding SA

messages.

peer peer-address sa-policy

{ import | export } [ acl

acl-number ]

No filtering rule by default.

5. Configure the TTL threshold

for multicast data packet

encapsulation in SA

messages.

peer peer-address minimum-ttl

ttl-value

Optional.

0 by default.

Configuring the SA cache mechanism

To reduce the time spent in obtaining the multicast information, enable the SA cache mechanism to

cache (S, G) entries contained in SA messages locally on the router. However, caching (S, G) entries uses

memory space on the router.

When the SA cache mechanism is enabled and the router receives a new (*, G) join message, the router

searches its SA cache first.

• If the corresponding (S, G) entry does not exist in the cache, the router waits for the SA message that

its MSDP peer will send in the next cycle.

• If the corresponding (S, G) entry exists in the cache, the router joins the corresponding SPT rooted

at S.

To protect the router against DoS attacks, you can set a limit on the number of (S, G) entries that the router

can cache.