Configuring a hello message filter, Configuring ipv6 pim hello options – H3C Technologies H3C S12500 Series Switches User Manual
Page 415
399
Configuring a hello message filter
Along with the wide applications of IPv6 PIM, the security requirement for the protocol is becoming
increasingly demanding. The establishment of correct IPv6 PIM neighboring relationships is a
prerequisite for secure application of IPv6 PIM. To guide against IPv6 PIM message attacks, you can
configure a legal source address range for hello messages on interfaces of routers to ensure the correct
IPv6 PIM neighboring relationships.
To configure a hello message filter:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter interface view.
interface interface-type
interface-number
N/A
3.
Configure a hello message
filter.
pim ipv6 neighbor-policy
acl6-number
No hello message filter by default.
NOTE:
With the hello message filter configured, if hello messages of an existing IPv6 PIM neighbor fail to pass the
filter, the IPv6 PIM neighbor will be removed automatically when it times out.
Configuring IPv6 PIM hello options
In both an IPv6 PIM-DM domain and an IPv6 PIM-SM domain, the hello messages sent among routers
contain the following configurable options:
•
DR_Priority (for IPv6 PIM-SM only)—Priority for DR election. The higher the priority is, the easier it
is for the router to win DR election. You can configure this parameter on all the routers in a
multi-access network directly connected to IPv6 multicast sources or receivers.
•
Holdtime—Timeout time of IPv6 PIM neighbor reachability state. When this timer times out, if the
router has received no hello message from an IPv6 PIM neighbor, it assumes that this neighbor has
expired or become unreachable.
•
LAN_Prune_Delay—Delay of prune messages on a multi-access network. This option consists of
Lan-delay (prune message delay), override-interval, and neighbor tracking flag. If the LAN-delay or
override-interval values of different IPv6 PIM routers on a multi-access subnet are different, the
largest value will take effect. If you want to enable neighbor tracking, be sure to enable the
neighbor tracking feature on all IPv6 PIM routers on a multi-access subnet.
The LAN-delay setting will cause the upstream routers to delay forwarding received prune messages. The
override-interval sets the length of time that a downstream router can wait before sending a prune
override message. When a router receives a prune message from a downstream router, it does not
perform the prune action immediately. Instead, it maintains the current forwarding state for a period of
LAN-delay plus override-interval. If the downstream router needs to continue receiving IPv6 multicast
data, it must send a join message within the prune override interval. Otherwise, the upstream route will
perform the prune action when the period of LAN-delay plus override-interval times out.
A hello message sent from an IPv6 PIM router contains a generation ID option. The generation ID is a
random value for the interface on which the hello message is sent. Generally, the generation ID of an
IPv6 PIM router does not change unless the status of the router changes (for example, when IPv6 PIM is
just enabled on the interface or the device is restarted). When the router starts or restarts sending hello