Filtering PIM-SM Bootstrap Messages
Problem
Your PIM-SM domain uses bootstrap routers to elect RPs. Some of the routers have interfaces that connect to other PIM-SM domains. You need to ensure that Bootstrap messages do not cross the domain boundary.
Solution
On router interfaces that connect to other PIM-SM domains, create filters to prevent bootstrap router messages from crossing domain boundaries:
[edit policy-options] aviva@RouterB# set policy-statement pim-bootstrap-import from interface se-0/0/3 aviva@RouterB# set policy-statement pim-bootstrap-import then reject aviva@RouterB# set policy-statement pim-bootstrap-export from interface se-0/0/3 aviva@RouterB# set policy-statement pim-bootstrap-export then reject [edit protocols pim] aviva@RouterB# set rp bootstrap-import pim-bootstrap-import aviva@RouterB# set rp bootstrap-export pim-bootstrap-export
Discussion
As a final part of the bootstrap router configuration, you need to make sure that Bootstrap messages from one PIM-SM domain don accidentally cross into another PIM-SM domain. To prevent this from happening, configure bootstrap routing-policy filters that reject all incoming and outgoing traffic on interfaces that connect to other PIM-SM domains. The two policies you need to accomplish this are very simple:
aviva@RouterB> show configuration policy-options policy-statement pim-bootstrap-import { from interface se-0/0/3.0; then reject; } policy-statement pim-bootstrap-export { from interface se-0/0/3.0; then reject; }
Apply these policies directly in the PIM bootstrap configuration, with the set rp bootstrap-import and set rp bootstrap-export commands in the [edit protocols pim] hierarchy.
See Also
Recipes 9.1 and 16.4
Категории