F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

661

662

663

664

665

666

667

668

669

670

647

{ If the TTL value is greater than or equal to the threshold, the router encapsulates the multicast

data in an SA message and sends the SA message.

• After receiving an SA message with an encapsulated multicast data packet, the router decreases the

TTL value of the multicast packet by 1 and then checks the TTL value:

{ If the TTL value is less than the threshold, the router does not forward the SA message to the

designated MSDP peer.

{ If the TTL value is greater than or equal to the threshold, the router re-encapsulates the multicast

data in an SA message and sends the SA message.

To configure a filtering rule for receiving or forwarding SA messages:

Ste

Command

Remarks

903. Enter system view.

system-view

N/A

904. Enter public network MSDP

view.

msdp N/A

905. Configure an SA message

creation rule.

import-source [ acl acl-number ]

No restrictions on (S, G) entries by

default.

906. Configure a filtering rule for

receiving or forwarding SA

messages.

peer peer-address sa-policy

{ import | export } [ acl

acl-number ]

No filtering rule by default.

907. Configure the TTL threshold

for multicast data packet

encapsulation in SA

messages.

peer peer-address minimum-ttl

ttl-value

Optional.

0 by default.

811BConfiguring the SA cache mechanism

To reduce the time spent in obtaining the multicast information, enable the SA cache mechanism to

cache (S, G) entries contained in SA messages locally on the router. However, caching (S, G) entries uses

memory space on the router.

When the SA cache mechanism is enabled and the router receives a new (*, G) join message, the router

searches its SA cache first.

• If the corresponding (S, G) entry does not exist in the cache, the router waits for the SA message that

its MSDP peer will send in the next cycle.

• If the corresponding (S, G) entry exists in the cache, the router joins the corresponding SPT rooted

at S.

To protect the router against DoS attacks, you can set a limit on the number of (S, G) entries that the router

can cache.

To configure the SA message cache:

Ste

Command

Remarks

908. Enter system view.

system-view N/A

909. Enter public network MSDP view.

msdp N/A

910. Enable the SA cache mechanism.

cache-sa-enable

Optional.

Enabled by default.