R21xx-HP FlexFabric 11900 IP Multicast Configuration Guide
Table Of Contents
- Title Page
- Contents
- Multicast overview
- Configuring IGMP snooping
- Overview
- IGMP snooping configuration task list
- Configuring basic IGMP snooping functions
- Configuring IGMP snooping port functions
- Configuring IGMP snooping policies
- Displaying and maintaining IGMP snooping
- IGMP snooping configuration examples
- Troubleshooting IGMP snooping
- Configuring multicast routing and forwarding
- Configuring IGMP
- Configuring PIM
- Overview
- Configuring PIM-DM
- Configuring PIM-SM
- Configuring common PIM features
- Displaying and maintaining PIM
- PIM configuration examples
- Troubleshooting PIM
- Configuring MLD snooping
- Overview
- MLD snooping configuration task list
- Configuring basic MLD snooping functions
- Configuring MLD snooping port functions
- Configuring MLD snooping policies
- Displaying and maintaining MLD snooping
- MLD snooping configuration examples
- Troubleshooting MLD snooping
- Configuring IPv6 multicast routing and forwarding
- Configuring MLD
- Configuring IPv6 PIM
- PIM overview
- Configuring IPv6 PIM-DM
- Configuring IPv6 PIM-SM
- Configuring common IPv6 PIM features
- Displaying and maintaining IPv6 PIM
- IPv6 PIM configuration examples
- Troubleshooting IPv6 PIM
- Support and other resources
- Index
81
• When a C-BSR receives the BSM from another C-BSR, it compares its own priority with the priority
carried in the message. The C-BSR with a higher priority wins the BSR election. If a tie exists in the
priority, the C-BSR with a higher IP address wins. The loser uses the winner's BSR address to replace
its own BSR address and no longer regards itself as the BSR, and the winner retains its own BSR
address and continues to regard itself as the BSR.
In a PIM-SM domain, the BSR collects C-RP information from the received advertisement messages from
the C-RPs, encapsulates the C-RP information in the RP-set information, and distributes the RP-set
information to all routers in the PIM-SM domain. All routers use the same hash algorithm to get an RP for
a specific multicast group.
Configuring a legal BSR address range enables filtering of BSMs based on the address range, thereby
preventing a maliciously configured host from masquerading as a BSR. The same configuration must be
made on all routers in the PIM-SM domain. The following describes the typical BSR spoofing cases and
the corresponding preventive measures:
• Some maliciously configured hosts can forge BSMs to fool routers and change RP mappings. Such
attacks often occur on border routers. Because a BSR is inside the network whereas hosts are
outside the network, you can protect a BSR against attacks from external hosts by enabling the
border routers to perform neighbor checks and RPF checks on BSMs and to discard unwanted
messages.
• When an attacker controls a router in the network or when an illegal router is present in the network,
the attacker can configure the router as a C-BSR and make it win the BSR election to advertise RP
information in the network. After a router is configured as a C-BSR, it automatically floods the
network with BSMs. Because a BSM has a TTL value of 1, the whole network will not be affected as
long as the neighbor router discards these BSMs. Therefore, with a legal BSR address range
configured on all routers in the network, all these routers can discard BSMs from out of the legal
address range.
These preventive measures can partially protect the BSR in a network. However, if an attacker controls a
legal BSR, the problem still exists.
When you configure a C-BSR, reserve a relatively large bandwidth between the C-BSR and the other
devices in the PIM-SM domain.
When C-BSRs connect to other PIM routers through tunnels, static multicast routes must be configured to
make sure the next hop to a C-BSR is a tunnel interface. Otherwise, RPF check is affected. For more
information about static multicast routes, see "Configuring multicast routing and forwarding."
To
configure a C-BSR:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enter PIM view.
pim N/A
3. Configure a C-BSR.
c-bsr ip-address [ scope
group-address { mask-length |
mask } ] [ hash-length hash-length
| priority priority ] *
By default, no C-BSR is configured.