Operation Manual – Multicast Protocol
H3C S3610&S5510 Series Ethernet Switches
Chapter 6 PIM Configuration
6-22
perform neighbor check and RPF check on BSR messages and discard unwanted
messages.
2)
When a router in the network is controlled by an attacker or when an illegal router
is present in the network, the attacker can configure such a router to be a C-BSR
and make it win BSR election so as to gain the right of advertising RP information
in the network. After being configured as a C-BSR, a router automatically floods
the network with BSR messages. As a BSR message has a TTL value of 1, the
whole network will not be affected as long as the neighbor router discards these
BSR messages. Therefore, if a legal BSR address range is configured on all
routers in the entire network, all routers will discard BSR messages from out of the
legal address range, and thus this kind of attacks can be prevented.
The above-mentioned preventive measures can partially protect the security of BSRs in
a network. However, if a legal BSR is controlled by an attacker, the above-mentioned
problem will also occur.
Follow these steps to complete basic C-BSR configuration:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Enter PIM view
pim
—
Configure an interface as
a C-BSR
c-bsr interface-type
interface-number
[
hash-length
[
priority
] ]
Required
No C-BSR is configured
by default
Configure a legal BSR
address range
bsr-policy acl-number
Optional
No restrictions on BSR
address range by default
Note:
Since a large amount of information needs to be exchanged between a BSR and the
other devices in the PIM-SM domain, a relatively large bandwidth should be provided
between the C-BSR and the other devices in the PIM-SM domain.
II. Configuring a global-scope C-BSR
Follow these steps to configure a global-scope C-BSR:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Enter PIM view
pim
—