Configuring an IPv6 multicast data filter
To control IPv6 multicast traffic and the information available to downstream receivers, you can configure
an IPv6 router as an IPv6 multicast data filter. The router will check IPv6 multicast packets that pass by
and determine to forward or discard the packets.
A filter can filter not only independent IPv6 multicast data but also IPv6 multicast data encapsulated in
register messages. Generally, a filter nearer to the IPv6 multicast source has a better filtering effect.
To configure an IPv6 multicast data filter:
Step
1.
Enter system view.
2.
Enter IPv6 PIM view.
3.
Configure an IPv6 multicast
data filter:
Configuring a hello message filter
Along with the wide applications of IPv6 PIM, the security requirement for the protocol is becoming
increasingly demanding. The establishment of correct IPv6 PIM neighboring relationship is a prerequisite
for secure application of IPv6 PIM.
To guard against IPv6 PIM message attacks, you can configure a legal source address range for hello
messages on interfaces of routers to ensure the correct IPv6 PIM neighboring relationship.
To configure a hello message filter:
Step
1.
Enter system view.
2.
Enter interface view.
3.
Configure a hello message
filter.
Configuring IPv6 PIM hello message options
In either an IPv6 PIM-DM domain or an IPv6 PIM-SM domain, hello messages exchanged among routers
contain the following configurable options:
DR_Priority (for IPv6 PIM-SM only)—Priority for DR election. The device with the highest priority
•
wins the DR election. You can configure this option for all the routers in a shared-media LAN that
directly connects to the IPv6 multicast source or the receivers.
Command
system-view
ipv6 pim [ vpn-instance
vpn-instance-name ]
source-policy acl6-number
Command
system-view
interface interface-type
interface-number
ipv6 pim neighbor-policy
acl6-number
308
Remarks
N/A
N/A
By default, no IPv6 multicast data
filter is configured.
Remarks
N/A
N/A
By default, no hello message filter
exists.
If an IPv6 PIM neighbor's hello
messages cannot pass the filter, the
neighbor is automatically removed
when its maximum number of hello
attempts is reached.