The crp-policy limits the range of valid C-RP addresses and the range of the multicast addresses served by a C-RP. The BSR drops the C-RP messages with addresses out of the specified range to protect valid C-RPs.
The undo crp-policy command restores the default configuration.
By default, the BSR does not limit the range of valid C-RP addresses and the range of the multicast groups served by a C-RP. The BSR considers all the received C-RP messages valid.
| Parameter | Description | Value |
|---|---|---|
advanced-acl-number |
Specifies the number of an advanced ACL. The ACL defines the range of the C-RP addresses and the range of the group addresses served by a C-RP. |
The value is an integer that ranges from 3000 to 3999. |
Usage Scenario
On a PIM SM network that uses the BSR mechanism, any switch can be configured as a C-RP to serve the multicast groups in a specified range. Each C-RP sends its information to the BSR in unicast mode. The BSR summarizes all received C-RP information into am RP-set and floods it on the entire network using BSR messages. The local switch then works out the RP serving a specific multicast group address range according to the RP-set.
To protect valid C-RPs from spoofing, configure crp-policy on BSR switches to limit the range of valid C-RP addresses and the range of multicast group addresses served by a C-RP. Configure the same filtering rule on each C-BSR because any C-BSR can become the BSR.
Prerequisites
IP multicast routing has been enabled using the multicast routing-enable command.
Configuration Impact
If an ACL rule is specified but no C-RP address range is set, all C-RP messages are denied.
Precautions
The crp-policy command and the acl command are used together. In the ACL view, you can set the valid source address range for the C-RP by specifying the source parameter in the rule command. You can set the address range of multicast groups that are served by specifying the destination parameter in the rule command.
A received C-RP message matches the configured filtering policy only when the C-RP address carried by the message matches source and the group address range carried by the message is a subset of the group address range defined in the ACL.
# Configure a C-RP policy on the C-BSR, which allows only the C-RP with the address 10.1.1.1/32 and allows the C-RP to serve only the multicast groups 225.1.0.0/16.
<HUAWEI> system-view [HUAWEI] acl number 3100 [HUAWEI-acl-adv-3100] rule permit ip source 10.1.1.1 0 destination 225.1.0.0 0.0.255.255 [HUAWEI-acl-adv-3100] quit [HUAWEI] multicast routing-enable [HUAWEI] pim [HUAWEI-pim] crp-policy 3100