Configuring the sa cache mechanism – H3C Technologies H3C SecPath F1000-E User Manual

Page 682

Advertising
background image

657

After receiving an SA message with an encapsulated multicast data packet, the router decrements

the TTL value of the multicast packet by 1 and then checks the TTL value. If the TTL value is less than
the threshold, the router does not forward the SA message to the designated MSDP peer. If the TTL

value is greater than or equal to the threshold, the router re-encapsulates the multicast data in an SA

message and sends the SA message.

To configure a filtering rule for receiving or forwarding SA messages:

Step

Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter public network MSDP view. msdp

N/A

3.

Configure an SA message

creation rule.

import-source [ acl acl-number ]

No restrictions on (S, G)
entries by default.

4.

Configure a filtering rule for
receiving or forwarding SA

messages.

peer peer-address sa-policy { import |
export } [ acl acl-number ]

No filtering rule by
default.

5.

Configure the TTL threshold for
multicast data packet

encapsulation in SA messages.

peer peer-address minimum-ttl ttl-value

Optional.
0 by default.

Configuring the SA cache mechanism

To reduce the time spent in obtaining the multicast information, you can enable the SA cache mechanism

to cache (S, G) entries contained in SA messages locally on the router. However, caching (S, G) entries

uses memory space on the router.
When the SA cache mechanism is enabled and the router receives a new (*, G) join message, the router
searches its SA cache first.

If the corresponding (S, G) entry does not exist in the cache, the router waits for the SA message that
its MSDP peer will send in the next cycle.

If the corresponding (S, G) entry exists in the cache, the router joins the corresponding SPT rooted
at S.

To protect the router effectively against denial of service (DoS) attacks, you can set a limit on the number

of (S, G) entries the router can cache.
To configure the SA message cache:

Step

Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter public network MSDP view. msdp

N/A

3.

Enable the SA cache mechanism. cache-sa-enable

Optional.
Enabled by default.

4.

Configure the maximum number
of (S, G) entries learned from the

specified MSDP peer that the

router can cache.

peer peer-address sa-cache-maximum
sa-limit

Optional.
2048 by default.

Advertising
This manual is related to the following products:

H3C SecPath F5000-A5 Firewall, H3C SecPath F1000-A-EI, H3C SecPath F1000-E-SI, H3C SecPath F1000-S-AI, H3C SecPath F5000-S Firewall, H3C SecPath F5000-C Firewall, H3C SecPath F100-C-SI, H3C SecPath F1000-C-SI, H3C SecPath F100-A-SI, H3C SecBlade FW Cards, H3C SecBlade FW Enhanced Cards, H3C SecPath U200-A U200-M U200-S, H3C SecPath U200-CA U200-CM U200-CS, H3C SecBlade LB Cards, H3C SecPath L1000-A Load Balancer

Popular Brands
Popular manuals