Configuring A Bsr - HP MSR2003 Configuration Manual

Step
1. Enter
view.
2. Enter IPv6 PIM
view.
3. Configure
Anycast RP.

Configuring a BSR

You must configure a BSR if C-RPs are configured to dynamically select the RP. In a network with a static
RP, this configuration task is unnecessary.
An IPv6 PIM-SM domain can have only one BSR, but must have at least one C-BSR. Any router can be
configured as a C-BSR. Elected from C-BSRs, the BSR is responsible for collecting and advertising RP
information in the IPv6 PIM-SM domain.
Configuring a C-BSR
C-BSRs should be configured on routers on the backbone network. The BSR election process is
summarized as follows:
1. Initially, each C-BSR regards itself as the BSR of the IPv6 PIM-SM domain and sends BSMs to other
routers in the domain.
2. When a C-BSR receives the BSM from another C-BSR, it compares its own priority with the priority
carried in the message. The C-BSR with a higher priority wins the BSR election. If a tie exists in the
priority, the C-BSR with a higher IPv6 address wins. The loser uses the winner's BSR address to
replace its own BSR address and no longer regards itself as the BSR. The winner retains its own
BSR address and continues to regard itself as the BSR.
In an IPv6 PIM-SM domain, the BSR does the following:
• Collects C-RP information from the received advertisement messages from the C-RPs.
Encapsulates the C-RP information in the RP-set information.
•
Distributes the RP-set information to all routers in the IPv6 PIM-SM domain.
•
All routers use the same hash algorithm to get an RP for a specific IPv6 multicast group.
Configuring a legal BSR address range enables filtering of BSMs based on the address range, which
prevents a maliciously configured host from masquerading as a BSR. The same configuration must be
made on all routers in the IPv6 PIM-SM domain. The following describes the typical BSR spoofing cases
and the corresponding preventive measures:
Some maliciously configured hosts can forge BSMs to fool routers and change RP mappings. Such
•
attacks often occur on border routers. A BSR is inside the network and receiver hosts are outside the
network. To protect a BSR against external attacks, you can enable the border routers to do the
following:
Perform neighbor checks and RPF checks on BSMs.
Discard unwanted messages.
Command
system
system-view
ipv6 pim [ vpn-instance vpn-instance-name ]
anycast-rp ipv6-anycast-rp-address
ipv6-member-address
297
Remarks
N/A
N/A
By default, Anycast RP is not
configured. You can repeat this
command to add multiple RP
member addresses to an Anycast
RP set.