Filtering PIM-SM Bootstrap Messages

Problem

Your PIM-SM domain uses bootstrap routers to elect RPs. Some of the routers have interfaces that connect to other PIM-SM domains. You need to ensure that Bootstrap messages do not cross the domain boundary.

Solution

On router interfaces that connect to other PIM-SM domains, create filters to prevent bootstrap router messages from crossing domain boundaries:

[edit policy-options] aviva@RouterB# set policy-statement pim-bootstrap-import from interface se-0/0/3 aviva@RouterB# set policy-statement pim-bootstrap-import then reject aviva@RouterB# set policy-statement pim-bootstrap-export from interface se-0/0/3 aviva@RouterB# set policy-statement pim-bootstrap-export then reject [edit protocols pim] aviva@RouterB# set rp bootstrap-import pim-bootstrap-import aviva@RouterB# set rp bootstrap-export pim-bootstrap-export

Discussion

As a final part of the bootstrap router configuration, you need to make sure that Bootstrap messages from one PIM-SM domain don accidentally cross into another PIM-SM domain. To prevent this from happening, configure bootstrap routing-policy filters that reject all incoming and outgoing traffic on interfaces that connect to other PIM-SM domains. The two policies you need to accomplish this are very simple:

aviva@RouterB> show configuration policy-options policy-statement pim-bootstrap-import { from interface se-0/0/3.0; then reject; } policy-statement pim-bootstrap-export { from interface se-0/0/3.0; then reject; }

Apply these policies directly in the PIM bootstrap configuration, with the set rp bootstrap-import and set rp bootstrap-export commands in the [edit protocols pim] hierarchy.

See Also

Recipes 9.1 and 16.4