Configuring the sa cache mechanism – H3C Technologies H3C S10500 Series Switches User Manual

216

By configuring a TTL threshold for multicast data packet encapsulation in SA messages, you can control

the multicast data packet encapsulation in SA messages and limit the propagation range of SA

messages:

•

Before creating an SA message with an encapsulated multicast data packet, the router checks the

TTL value of the multicast data packet. If the TTL value is less than the threshold, the router does not
create an SA message. If the TTL value is greater than or equal to the threshold, the router

encapsulates the multicast data in an SA message and sends the SA message.

•

After receiving an SA message with an encapsulated multicast data packet, the router decreases the
TTL value of the multicast packet by 1 and then checks the TTL value. If the TTL value is less than the

threshold, the router does not forward the SA message to the designated MSDP peer. If the TTL

value is greater than or equal to the threshold, the router re-encapsulates the multicast data in an SA

message and sends the SA message.

Follow these steps to configure a filtering rule for receiving or forwarding SA messages:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enter public network MSDP view or
VPN instance MSDP view

msdp [ vpn-instance
vpn-instance-name ]

—

Configure an SA message creation
rule

import-source [ acl acl-number ]

Required
No restrictions on (S, G) entries by
default

Configure a filtering rule for
receiving or forwarding SA

messages

peer peer-address sa-policy
{ import | export } [ acl

acl-number ]

Required
No filtering rule by default

Configure the TTL threshold for
multicast data packet

encapsulation in SA messages

peer peer-address minimum-ttl
ttl-value

Optional
0 by default

Configuring the SA cache mechanism

To reduce the time spent in obtaining the multicast information, you can enable the SA cache mechanism

to cache (S, G) entries contained in SA messages locally on the router. However, caching (S, G) entries

uses memory space on the router.
When the SA cache mechanism is enabled and the router receives a new (*, G) join message, the router
searches its SA cache first.

•

If the corresponding (S, G) entry does not exist in the cache, the router waits for the SA message that
its MSDP peer will send in the next cycle.

•

If the corresponding (S, G) entry exists in the cache, the router joins the corresponding SPT rooted
at S.

To protect the router effectively against denial of service (DoS) attacks, you can set a limit on the number

of (S, G) entries the router can cache.
Follow these steps to configure the SA message cache:

To do...

Use the command...

Remarks

Enter system view

system-view

—