Table of Contents
Advertisement
•
When an attacker controls a router on the network, the attacker can configure the router as a
C-BSR to win the BSR election. Through this router, the attacker controls the advertising of RP
information.
When you configure a C-BSR, follow these guidelines:
•
Configure C-BSRs on routers that are on the backbone network.
•
Reserve a relatively large bandwidth between the C-BSR and the other devices in the PIM-SM
domain.
•
You must configure the same BSR policy on all routers in the PIM-SM domain. The BSR policy
discards illegal BSR messages, but it partially guards against BSR attacks on the network. If an
attacker controls a legal BSR, the problem still exists.
•
When C-BSRs connect to other PIM routers through tunnels, static multicast routes must be
configured to make sure the next hop to a C-BSR is a tunnel interface. Otherwise, RPF check is
affected. For more information about static multicast routes, see
and
forwarding."
To configure a C-BSR:
Step
Enter system view.
1.
Enter PIM view.
2.
Configure a C-BSR.
3.
(Optional.) Configure a BSR
4.
policy.
Configuring a PIM domain border
A PIM domain border determines the transmission boundary of bootstrap messages. Bootstrap
messages cannot cross the domain border in either direction. A number of PIM domain border
interfaces partition a network into different PIM-SM domains.
To configure a PIM domain border:
Step
Enter system view.
1.
Enter interface view.
2.
Configure a PIM domain
3.
border.
Disabling BSM semantic fragmentation
BSM semantic fragmentation enables a BSR to split a BSM into multiple BSM fragments (BSMFs) if
the BSM exceeds the MTU. In this way, a non-BSR router can update the RP-set information for a
group range after receiving all BSMFs for the group range. The loss of one BSMF only affects the
RP-set information of the group ranges that the fragment contains.
If the PIM-SM domain contains a device that does not support this feature, you must disable this
feature on all C-BSRs. If you do not disable this feature, such a device regards a BSMF as a BSM
and updates the RP-set information each time it receives a BSMF. It learns only part of the RP-set
information, which further affects the RP election.
Command
system-view
pim [ vpn-instance
vpn-instance-name ]
c-bsr ip-address [ scope
group-address { mask-length |
mask } ] [ hash-length
hash-length | priority priority ] *
bsr-policy acl-number
Command
system-view
interface interface-type
interface-number
pim bsr-boundary
113
"Configuring multicast routing
Remarks
N/A
N/A
By default, no C-BSRs exist.
By default, no BSR policy exists.
Remarks
N/A
N/A
By default, an interface is not a
PIM domain border.
Advertisement
Table of Contents
Troubleshooting
