Configuring A Bsr - HP 4800G Series Configuration Manual

Follow these steps to configure C-RP timers globally:
To do...
Enter system view
Enter PIM view
Configure the C-RP-Adv
interval
Configure C-RP timeout time
For the configuration of other timers in PIM-SM, refer to

Configuring a BSR

A PIM-SM domain can have only one BSR, but must have at least one C-BSR. Any router can be
configured as a C-BSR. Elected from C-BSRs, the BSR is responsible for collecting and advertising RP
information in the PIM-SM domain.
Configuring a C-BSR
C-BSRs should be configured on routers in the backbone network. When configuring a router as a
C-BSR, be sure to specify a PIM-SM-enabled interface on the router. The BSR election process is
summarized as follows:
Initially, every C-BSR assumes itself to be the BSR of this PIM-SM domain, and uses its interface
IP address as the BSR address to send bootstrap messages.
When a C-BSR receives the bootstrap message of another C-BSR, it first compares its own priority
with the other C-BSR's priority carried in message. The C-BSR with a higher priority wins. If there is
a tie in the priority, the C-BSR with a higher IP address wins. The loser uses the winner's BSR
address to replace its own BSR address and no longer assumes itself to be the BSR, while the
winner retains its own BSR address and continues assuming itself to be the BSR.
Configuring a legal range of BSR addresses enables filtering of bootstrap messages based on the
address range, thus to prevent a maliciously configured host from masquerading as a BSR. The same
configuration needs to be made on all routers in the PIM-SM domain. The following are typical BSR
spoofing cases and the corresponding preventive measures:
1) Some maliciously configured hosts can forge bootstrap messages to fool routers and change RP
mappings. Such attacks often occur on border routers. Because a BSR is inside the network
whereas hosts are outside the network, you can protect a BSR against attacks from external hosts
by enabling the border routers to perform neighbor checks and RPF checks on bootstrap
messages and discard unwanted messages.
2) When a router in the network is controlled by an attacker or when an illegal router is present in the
network, the attacker can configure this router as a C-BSR and make it win BSR election to control
the right of advertising RP information in the network. After being configured as a C-BSR, a router
automatically floods the network with bootstrap messages. As a bootstrap message has a TTL
Use the command...
system-view
pim
c-rp advertisement-interval
interval
c-rp holdtime interval
Configuring PIM Common
1-21
Remarks
—
—
Optional
60 seconds by default
Optional
150 seconds by default
Timers.