HP MSR2003 Configuration Manual page 308
Hp msr router series
Hide thumbs
Also See for MSR2003:
- Configuration manual (517 pages) ,
- Command reference manual (471 pages) ,
- Manual (73 pages)
Table of Contents
Advertisement
When an attacker controls a router on the network, the attacker can configure the router as a C-BSR
•
to win the BSR election. Through this router, the attacker controls the advertising of RP information.
For security purposes, you can configure a legal BSR address range on all routers on the network.
All routers will discard BSMs that are out of the legal address range.
These preventive measures can partially protect the BSR in a network. However, if an attacker controls a
legal BSR, the problem still exists.
When you configure a C-BSR, reserve a relatively large bandwidth between the C-BSR and the other
devices in the IPv6 PIM-SM domain.
To configure a C-BSR:
Step
1.
Enter system view.
2.
Enter IPv6 PIM view.
3.
Configure a C-BSR.
4.
(Optional.) Configure a legal
BSR address range.
Configuring an IPv6 PIM domain border
As the administrative core of an IPv6 PIM-SM domain, the BSR sends the collected RP-set information in
the BSMs to all routers in the IPv6 PIM-SM domain.
An IPv6 PIM domain border is a bootstrap message boundary. Each BSR has its specific service scope.
IPv6 PIM domain border interfaces partition a network into different IPv6 PIM-SM domains. Bootstrap
messages cannot cross a domain border in either direction.
Perform the following configuration on routers that you want to configure as an IPv6 PIM domain border.
To configure an IPv6 PIM border domain:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Configuring
domain border.
Disabling the BSM semantic fragmentation function
Generally, a BSR periodically advertises the RP-set information in BSMs within the IPv6 PIM-SM domain.
It encapsulates a BSM in an IPv6 datagram. When a BSM exceeds the MTU, it is split into multiple BSM
fragments (BSMFs). In this case, the loss of a single IP fragment leads to unavailability of the entire
message.
Semantic fragmentation of BSMs can solve this issue. When a non-BSR receives a BSMF, it examines the
RP-set information for an IPv6 multicast group range:
Command
system-view
ipv6 pim [ vpn-instance
vpn-instance-name ]
c-bsr ipv6-address [ scope
scope-id ] [ hash-length
hash-length | priority priority ] *
bsr-policy acl6-number
Command
system-view
interface interface-type
interface-number
an
IPv6
PIM
ipv6 pim bsr-boundary
298
Remarks
N/A
N/A
By default, no C-BSR is configured.
By default, no restrictions are
defined.
Remarks
N/A
N/A
By default, no IPv6 PIM domain
border is configured.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
