Table of Contents
Advertisement
To do...
Enter system view
Enter IPv6 PIM view
Configure the C-RP-Adv interval
Configure C-RP timeout time
NOTE:
For more information about the configuration of other timers in IPv6 PIM-SM, see
PIM common
Configuring a BSR
An IPv6 BIDIR-PIM domain can have only one BSR, but must have at least one C-BSR. Any router can be
configured as a C-BSR. Elected from C-BSRs, the BSR collects and advertises RP information in the IPv6
BIDIR-PIM domain.
Configuring a C-BSR
C-BSRs must be configured on routers on the backbone network. When configuring a router as a C-BSR,
be sure to specify an IPv6 PIM-SM-enabled interface on the router. The BSR election process is as
follows:
Initially, every C-BSR assumes itself to be the BSR of the IPv6 BIDIR-PIM domain, and uses its
•
interface IP address as the BSR address to send bootstrap messages.
When a C-BSR receives the bootstrap message of another C-BSR, it first compares its own priority
•
with the other C-BSR's priority carried in message. The C-BSR with a higher priority wins. If a tie in
the priority exists, the C-BSR with a higher IP address wins. The loser uses the winner's BSR address
to replace its own BSR address and no longer assumes itself to be the BSR, but the winner retains its
own BSR address and continues assuming itself to be the BSR.
Configuring a legal range of BSR addresses enables filtering of bootstrap messages based on the
address range, thus to prevent a maliciously configured host from masquerading as a BSR. The same
configuration must be made on all routers in the IPv6 BIDIR-PIM domain. The following are typical BSR
spoofing cases and the corresponding preventive measures:
Some maliciously configured hosts can forge bootstrap messages to fool routers and change RP
1.
mappings. Such attacks often occur on border routers. Because a BSR is inside the network
whereas hosts are outside the network, a BSR can be protected against attacks from external hosts
after you enable the border routers to perform neighbor checks and RPF checks on bootstrap
messages and discard unwanted messages.
When a router in the network is controlled by an attacker or when an illegal router is present in the
2.
network, the attacker can configure this router as a C-BSR and make it win BSR election to control
the right of advertising RP information in the network. After being configured as a C-BSR, a router
automatically floods the network with bootstrap messages. Because a bootstrap message has a TTL
value of 1, the whole network will not be affected as long as the neighbor router discards these
bootstrap messages. Therefore, with a legal BSR address range configured on all routers in the
entire network, all these routers will discard bootstrap messages from out of the legal address
range.
Use the command...
system-view
pim ipv6
c-rp advertisement-interval
interval
c-rp holdtime interval
timers."
Remarks
—
—
Optional
60 seconds by default
Optional
150 seconds by default
362
"Configuring IPv6
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
