Manualsbrain.com
  1. 매뉴얼
  2. 브랜드
  3. 3com
  4. S7906E
  5. 설치 설명서

3com S7906E 설치 설명서

다운로드
페이지 2621
 
1-21 
 
 
Configuring a BSR 
An IPv6 PIM-SM domain can have only one BSR, but must have at least one C-BSR. Any router can be 
configured as a C-BSR. Elected from C-BSRs, the BSR is responsible for collecting and advertising RP 
information in the IPv6 PIM-SM domain.  
Configuring a C-BSR 
C-BSRs should be configured on routers in the backbone network. When configuring a router as a 
C-BSR, make sure to specify the IPv6 address of an IPv6 PIM-SM enabled interface on the router. The 
BSR election process is summarized as follows:  
Initially, every C-BSR assumes itself to be the BSR of this IPv6 PIM-SM domain, and uses its 
interface IPv6 address as the BSR address to send bootstrap messages.  
When a C-BSR receives the bootstrap message of another C-BSR, it first compares its own priority 
with the other C-BSR’s priority carried in the message. The C-BSR with a higher priority wins. If 
there is a tie in the priority, the C-BSR with a higher IPv6 address wins. The loser uses the winner’s 
BSR address to replace its own BSR address and no longer assumes itself to be the BSR, while 
the winner keeps its own BSR address and continues assuming itself to be the BSR.  
Configuring a legal range of BSR addresses enables filtering of bootstrap messages based on the 
address range, thus to prevent a maliciously configured host from masquerading as a BSR. The same 
configuration needs to be made on all routers in the IPv6 PIM-SM domain. The following are typical 
BSR spoofing cases and the corresponding preventive measures:  
1)  Some maliciously configured hosts can forge bootstrap messages to fool routers and change RP 
mappings. Such attacks often occur on border routers. Because a BSR is inside the network 
whereas hosts are outside the network, you can protect a BSR against attacks from external hosts 
by enabling the border routers to perform neighbor checks and RPF checks on bootstrap 
messages and discard unwanted messages.  
2)  When a router in the network is controlled by an attacker or when an illegal router is present in the 
network, the attacker can configure this router as a C-BSR and make it win BSR election to control 
the right of advertising RP information in the network. After being configured as a C-BSR, a router 
automatically floods the network with bootstrap messages. As a bootstrap message has a hop limit 
value of 1, the whole network will not be affected as long as the neighbor router discards these 
bootstrap messages. Therefore, with a legal BSR address range configured on all routers in the 
entire network, all these routers will discard bootstrap messages from out of the legal address 
range.  
The above-mentioned preventive measures can partially protect the security of BSRs in a network. 
However, if a legal BSR is controlled by an attacker, the above-mentioned problem will also occur. 
Follow these steps to complete basic BSR configuration:  
To do... 
Use the command... 
Remarks 
Enter system view 
system-view 
—