Configuring an ipv6 multicast data filter, Configuring a hello message filter – H3C Technologies H3C SecPath F1000-E User Manual

Page 193

Advertising
background image

30

Maximum size of join/prune messages

Maximum number of (S, G) entries in a join/prune message

Configuring an IPv6 Multicast Data Filter

No matter in an IPv6 PIM-DM domain or an IPv6 PIM-SM domain, routers can check passing-by IPv6

multicast data based on the configured filtering rules and determine whether to continue forwarding the

IPv6 multicast data. In other words, IPv6 PIM routers can act as IPv6 multicast data filters. These filters can

help implement traffic control on one hand, and control the information available to downstream

receivers to enhance data security on the other hand.
Follow these steps to configure an IPv6 multicast data filter:

To do...

Use the command...

Remarks

Enter system view

system-view

Enter IPv6 PIM view

pim ipv6

Configure an IPv6 multicast group
filter

source-policy acl6-number

Required
No IPv6 multicast data filter by

default

NOTE:

Generally, a smaller distance from the filter to the IPv6 multicast source results in a more remarkable
filtering effect.

This filter works not only on independent IPv6 multicast data but also on IPv6 multicast data
encapsulated in register messages.

Configuring a Hello Message Filter

Along with the wide applications of IPv6 PIM, the security requirement for the protocol is becoming more
and more demanding. The establishment of correct IPv6 PIM neighboring relationships is a prerequisite

for secure application of IPv6 PIM. You can configure a legal source address range for hello messages

on interfaces of routers to ensure the correct IPv6 PIM neighboring relationships and thus to guide

against IPv6 PIM message attacks.
Follow these steps to configure a hello message filter:

To do…

Use the command…

Remarks

Enter system view

system-view

Enter interface view

interface interface-type

interface-number

Configure a hello message filter

pim ipv6 neighbor-policy
acl6-number

Required
No hello message filter by default.

NOTE:

With the hello message filter configured, if hello messages of an existing IPv6 PIM neighbor fail to pass the
filter, the IPv6 PIM neighbor will be removed automatically when it times out.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecBlade FW Cards, H3C SecPath U200-A U200-M U200-S

Popular Brands
Popular manuals