HP MSR ASM Configuration Manual page 341

When a C-BSR receives the bootstrap message of another C-BSR, it first compares its own priority
•
with the other C-BSR's priority carried in message. The C-BSR with a higher priority wins. If a tie
exists in the priority, the C-BSR with a higher IPv6 address wins. The loser uses the winner's BSR
address to replace its own BSR address and no longer assumes itself to be the BSR, and the winner
retains its own BSR address and continues assuming itself to be the BSR.
Configuring a legal range of BSR addresses enables filtering of bootstrap messages based on the
address range, therefore preventing a maliciously configured host from masquerading as a BSR. The
same configuration must be made on all routers in the IPv6 BIDIR-PIM domain. The following are typical
BSR spoofing cases and the corresponding preventive measures:
Some maliciously configured hosts can forge bootstrap messages to fool routers and change RP
•
mappings. Such attacks often occur on border routers.
Because a BSR is inside the network whereas hosts are outside the network, you can protect a BSR
against attacks from external hosts by enabling the border routers to perform neighbor checks and
RPF checks on bootstrap messages and discard unwanted messages.
When a router in the network is controlled by an attacker or when an illegal router is present in the
•
network, the attacker can configure this router as a C-BSR and make it win BSR election to control
the right of advertising RP information in the network. After being configured as a C-BSR, a router
automatically floods the network with bootstrap messages.
Because a bootstrap message has a hop limit value of 1, the whole network will not be affected as
long as the neighbor router discards these bootstrap messages. Therefore, with a legal BSR
address range configured on all routers in the entire network, all these routers will discard
bootstrap messages from out of the legal address range.
The preventive measures can partially protect the security of BSRs in a network. However, if a legal BSR
is controlled by an attacker, the preceding problem will still occur.
Because the BSR and the other devices exchange a large amount of information in the IPv6 BIDIR-PIM
domain, provide a relatively large bandwidth between the C-BSRs and the other devices.
To configure a C-BSR:
Step
1. Enter system view.
2. Enter IPv6 PIM view.
3. Configure an interface as a
C-BSR.
4. Configure a legal BSR
address range.
Configuring an IPv6 BIDIR-PIM domain border
As the administrative core of an IPv6 BIDIR-PIM domain, the BSR sends the collected RP-Set information
in the form of bootstrap messages to all routers in the IPv6 BIDIR-PIM domain.
An IPv6 BIDIR-PIM domain border is a bootstrap message boundary. Each BSR has its specific service
scope. A number of IPv6 BIDIR-PIM domain border interfaces partition a network into different IPv6
BIDIR-PIM domains. Bootstrap messages cannot cross a domain border in either direction.
Perform the following configuration on routers that you want to configure as the IPv6 BIDIR-PIM domain
border.
Command
system-view
pim ipv6
c-bsr ipv6-address [ hash-length
[ priority ] ]
bsr-policy acl6-number
329
Remarks
N/A
N/A
No C-BSRs are configured by
default.
Optional.
No restrictions on BSR address
range by default.