Configuring A Bsr - HP FlexNetwork 7500 Series Configuration Manual

Step
Enter system view.
1.
Enter IPv6 PIM view.
2.
Configure a C-RP.
3.
(Optional.) Configure a C-RP
4.
policy.

Configuring a BSR

You must configure a BSR if C-RPs are configured to dynamically select the RP. In a network with
only a static RP, this configuration task is unnecessary.
An IPv6 PIM-SM domain can have only one BSR, but must have at least one C-BSR. Any router can
be configured as a C-BSR. Elected from C-BSRs, the BSR is responsible for collecting and
advertising RP information in the IPv6 PIM-SM domain.
Configuring a C-BSR
The BSR election process is summarized as follows:
Initially, each C-BSR regards itself as the BSR of the IPv6 PIM-SM domain and sends a BSM to
1.
other routers in the domain.
When a C-BSR receives the BSM from another C-BSR, it compares its own priority with the
2.
priority carried in the message. The C-BSR with a higher priority wins the BSR election. If a tie
exists in the priority, the C-BSR with a higher IPv6 address wins. The loser uses the winner's
BSR address to replace its own BSR address and no longer regards itself as the BSR. The
winner retains its own BSR address and continues to regard itself as the BSR.
The elected BSR distributes the RP-set information collected from C-RPs to all routers in the IPv6
PIM-SM domain. All routers use the same hash algorithm to get an RP for a specific IPv6 multicast
group.
A BSR policy enables the router to filter BSR messages by using an ACL that specifies the legal BSR
addresses. It is used to guard against the following BSR spoofing cases:
•
Some maliciously configured hosts can forge BSMs to fool routers and change RP mappings.
Such attacks often occur on border routers
•
When an attacker controls a router on the network, the attacker can configure the router as a
C-BSR to win the BSR election. Through this router, the attacker controls the advertising of RP
information.
When you configure a C-BSR, follow these guidelines:
•
Configure C-BSRs on routers that are on the backbone network.
•
Reserve a relatively large bandwidth between the C-BSR and the other devices in the IPv6
PIM-SM domain.
•
You must configure the same BSR policy on all routers in the IPv6 PIM-SM domain. The BSR
policy discards illegal BSR messages, but it partially guards against BSR attacks on the
network. If an attacker controls a legal BSR, the problem still exists.
To configure a C-BSR:
Command
system-view
ipv6 pim [ vpn-instance
vpn-instance-name ]
c-rp ipv6-address
[ advertisement-interval adv-interval |
{ group-policy acl6-number | scope
scope-id } | holdtime hold-time | priority
priority ] *
crp-policy acl6-number
320
Remarks
N/A
N/A
By default, no C-RPs exist.
By default, no C-RP policy
exists.