Configuring the sa cache mechanism – H3C Technologies H3C SecPath F1000-E User Manual

Page 74

Advertising
background image

13

Upon receiving an SA message with an encapsulated multicast data packet, the router decrements

the TTL value of the multicast packet by 1 and then checks the TTL value. If the TTL value is less than

the threshold, the router does not forward the SA message to the designated MSDP peer; if the TTL
value is greater than or equal to the threshold, the router re-encapsulates the multicast data in an SA

message and sends the SA message out.

Follow these steps to configure a filtering rule for receiving or forwarding SA messages:

To do...

Use the command...

Remarks

Enter system view

system-view

Enter public network MSDP view

msdp

Configure an SA message creation
rule

import-source [ acl acl-number ]

Required

No restrictions on (S, G) entries by
default

Configure a filtering rule for
receiving or forwarding SA

messages

peer peer-address sa-policy
{ import | export } [ acl

acl-number ]

Required

No filtering rule by default

Configure the TTL threshold for

multicast data packet
encapsulation in SA messages

peer peer-address minimum-ttl

ttl-value

Optional

0 by default

Configuring the SA Cache Mechanism

To reduce the time spent in obtaining the multicast information, you can enable the SA cache mechanism

to cache (S, G) entries contained in SA messages locally on the router. However, the more (S, G) entries

are cached, the larger memory space of the router is used.
With the SA cache mechanism enabled, when receiving a new (*, G) join message, the router searches

its SA cache first:

If the corresponding (S, G) entry does not exist in the cache, the router waits for the SA message its

MSDP peer will send in the next cycle;

If the corresponding (S, G) entry exists in the cache, the router joins the corresponding SPT rooted

at S.

To protect the router effectively against denial of service (DoS) attacks, you can set a limit on the number

of (S, G) entries the router can cache.
Follow these steps to configure the SA message cache:

To do...

Use the command...

Remarks

Enter system view

system-view

Enter public network MSDP view

msdp

Enable the SA cache mechanism

cache-sa-enable

Optional

Enabled by default

Configure the maximum number of (S, G)
entries learned from the specified MSDP

peer that the router can cache

peer peer-address
sa-cache-maximum sa-limit

Optional

8192 by default

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecBlade FW Cards, H3C SecPath U200-A U200-M U200-S

Popular Brands
Popular manuals