Configuring a bsr, Configuring a c-bsr – H3C Technologies H3C S10500 Series Switches User Manual
Page 165
150
and encapsulates its own IP address together with the RP-set information in its bootstrap messages. The
BSR then floods the bootstrap messages to all PIM routers in the network.
Each C-RP encapsulates a timeout value in its C-RP-Adv messages. After receiving a C_RP-Adv message,
the BSR obtains this timeout value and starts a C-RP timeout timer. If the BSR fails to hear a subsequent
C-RP-Adv message from the C-RP when this timer times out, the BSR assumes the C-RP to have expired or
become unreachable.
The C-RP timers need to be configured on C-RP routers.
Follow these steps to configure C-RP timers globally:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Enter public network PIM view or
VPN instance PIM view
pim [ vpn-instance
vpn-instance-name ]
—
Configure the C-RP-Adv interval
c-rp advertisement-interval interval
Optional
60 seconds by default.
Configure C-RP timeout time
c-rp holdtime interval
Optional
150 seconds by default.
NOTE:
For more information about the configuration of other timers in PIM-SM, see “
Configuring a BSR
A PIM-SM domain can have only one BSR, but must have at least one C-BSR. Any router can be
configured as a C-BSR. Elected from C-BSRs, the BSR is responsible for collecting and advertising RP
information in the PIM-SM domain.
Configuring a C-BSR
C-BSRs should be configured on routers in the backbone network. When configuring a router as a C-BSR,
be sure to specify a PIM-SM-enabled interface on the router. The BSR election process is summarized as
follows:
•
Initially, every C-BSR assumes itself to be the BSR of this PIM-SM domain and uses its interface IP
address as the BSR address to send bootstrap messages.
•
When a C-BSR receives the bootstrap message of another C-BSR, it first compares its own priority
with the other C-BSR’s priority carried in the message. The C-BSR with a higher priority wins. If a tie
exists in the priority, the C-BSR with a higher IP address wins. The loser uses the winner’s BSR
address to replace its own BSR address and no longer assumes itself to be the BSR, and the winner
retains its own BSR address and continues to assume itself to be the BSR.
Configuring a legal range of BSR addresses enables filtering of bootstrap messages based on the
address range, thereby preventing a maliciously configured host from masquerading as a BSR. You must
make the same configuration on all routers in the PIM-SM domain. The typical BSR spoofing cases and
the corresponding preventive measures are as follows:
1.
Some maliciously configured hosts can forge bootstrap messages to fool routers and change RP
mappings. Such attacks often occur on border routers. Because a BSR is inside the network
whereas hosts are outside the network, you can protect a BSR against attacks from external hosts