Configuring a BSR
You must configure a BSR if C-RPs are configured to dynamically select the RP. You do not need to configure a BSR when you have configured only a static RP but no C-RPs.
A PIM-SM domain can have only one BSR, but must have a minimum of one C-BSR. Any router can be configured as a C-BSR. Elected from C-BSRs, the BSR is responsible for collecting and advertising RP information in the PIM-SM domain.
Configuring a C-BSR
The BSR election process is summarized as follows:
Initially, each C-BSR regards itself as the BSR of the PIM-SM domain and sends BSMs to other routers in the domain.
When a C-BSR receives the BSM from another C-BSR, it compares its own priority with the priority carried in the message. The C-BSR with a higher priority wins the BSR election. If a tie exists in the priority, the C-BSR with a higher IP address wins. The loser uses the winner's BSR address to replace its own BSR address and no longer regards itself as the BSR, and the winner retains its own BSR address and continues to regard itself as the BSR.
The elected BSR distributes the RP-set information collected from C-RPs to all routers in the PIM-SM domain. All routers use the same hash algorithm to get an RP for a specific multicast group.
A BSR policy enables a PIM-SM router to filter BSR messages by using an ACL that specifies the legal BSR addresses. It is used to guard against the following BSR spoofing cases:
Some maliciously configured hosts can forge BSMs to fool routers and change RP mappings. Such attacks often occur on border routers.
When an attacker controls a router on the network, the attacker can configure the router as a C-BSR to win the BSR election. Through this router, the attacker controls the advertising of RP information.
When you configure a C-BSR, follow these guidelines:
Configure C-BSRs on routers that are on the backbone network.
Reserve a relatively large bandwidth between the C-BSR and the other devices in the PIM-SM domain.
You must configure the same BSR policy on all routers in the PIM-SM domain. The BSR policy discards illegal BSR messages, but it partially guards against BSR attacks on the network. If an attacker controls a legal BSR, the problem still exists.
To configure a C-BSR:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter PIM view. | pim [ vpn-instance vpn-instance-name ] | N/A |
3. Configure a C-BSR. | c-bsr ip-address [ scope group-address { mask-length | mask } ] [ hash-length hash-length | priority priority ] * | By default, no C-BSRs exist. |
4. (Optional.) Configure a BSR policy. | bsr-policy acl-number | By default, no BSR policy exists. |
Configuring a PIM domain border
A PIM domain border determines the transmission boundary of bootstrap messages. Bootstrap messages cannot cross the domain border in either direction. A number of PIM domain border interfaces partition a network into different PIM-SM domains.
To configure a PIM domain border:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter interface view. | interface interface-type interface-number | N/A |
3. Configure a PIM domain border. | pim bsr-boundary | By default, no PIM domain border exists. |
Disabling BSM semantic fragmentation
BSM semantic fragmentation enables a BSR to split a BSM into several BSM fragments (BSMF) if the BSM exceeds the MTU. In this way, a non-BSR router can update the RP-set information for a group range after receiving all BSMFs for the group range. The loss of one BSMF only affects the RP-set information of the group ranges that the fragment contains.
BSM semantic fragmentation is enabled by default. A device that does not support this feature might regard a fragment as an entire BSM and thus learns only part of the RP-set information. If such devices exist in the PIM-SM domain, you must disable BSM semantic fragmentation on the C-BSRs.
To disable BSM semantic fragmentation:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter PIM view. | pim [ vpn-instance vpn-instance-name ] | N/A |
3. Disable BSM semantic fragmentation. | undo bsm-fragment enable | By default, BSM semantic fragmentation is enabled. |
NOTE: Generally, a BSR performs BSM semantic fragmentation according to the MTU of its BSR interface. For BSMs originated due to learning of a new PIM neighbor, semantic fragmentation is performed according to the MTU of the interface that sends the BSMs. | ||