Command Reference Guide
3Com Router 3000 Ethernet Family
Command Reference Guide Chapter 3 PIM Configuration Commands
3Com Corporation
3-1
Chapter 3 PIM Configuration Commands
3.1 PIM Configuration Commands
3.1.1 bsr-policy
Syntax
bsr-policy acl-number
undo bsr-policy
View
PIM view
Parameter
acl-number: ACL number used by BSR filter policy , ranging from 2000 to 2999.
Description
Use the bsr-policy command to restrict the range for valid BSR, preventing BSR
spoofing.
Use the undo bsr-policy command to restore the normal state without any range
restriction and regard all the messages received are valid.
In PIM SM network which uses BSR mechanism, any router can set itself as C-BSR
and will take charge of the authority of advertising BP information in the network if it
succeeds in competition. To prevent the valid BSR in the network from being
maliciously replaced, the following two measures should be taken:
z Change RP mapping relationship to prevent the host from spoofing the router by
counterfeiting valid BSR packet. BSR packet is multicast packet with TTL of 1, so
this kind of attack usually takes place on the edge router. BSR is in the internal
network and the host is in the external network, therefore, performing neighbor
check and RPF check to BSR packet can prevent this kind of attack.
z If a router in the network is controlled by an attacker or an illegal router accesses
the network, the attacker can set the router to C-BSR and make it succeed in
competition and control the authority of advertising RP information in the network.
The router, after being configured as C-BSR, will automatically advertise BSR
information to the whole network. BSR packet is the multicast packet which is
forwarded hop by hop with TTL of 1. The whole network will not be affected if the
neighbor router does not receive the BSR information. The solution is to configure
bsr-policy on each router in the whole network to restrict the range for legal BSR.
For example, if only 1.1.1.1/32 and 1.1.1.2/32 are permitted as BSR, the router will