crp-policy

Function

The crp-policy command limits the range of valid candidate-rendezvous point (C-RP) addresses and the range of multicast addresses served by a C-RP. The bootstrap router (BSR) drops C-RP messages that carry addresses not in the range of valid C-RP addresses.

The undo crp-policy command restores the default configuration.

By default, the range of valid C-RP addresses and the range of multicast groups served by a C-RP are not limited. That is, the BSR considers all received C-RP messages valid.

Format

crp-policy { advanced-acl6-number | acl6-name acl6-name }

undo crp-policy

Parameters

Parameter	Description	Value
advanced-acl6-number	Specifies the number of an advanced IPv6 ACL that defines the range of valid C-RP addresses and the range of groups served by a C-RP.	The value is an integer ranging from 3000 to 3999.
acl6-name acl6-name	Specifies the name of a named IPv6 ACL.	The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter (a to z or A to Z, case sensitive).

Parameter

Description

Value

advanced-acl6-number

Specifies the number of an advanced IPv6 ACL that defines the range of valid C-RP addresses and the range of groups served by a C-RP.

The value is an integer ranging from 3000 to 3999.

acl6-name acl6-name

Specifies the name of a named IPv6 ACL.

The value is a string of 1 to 64 case-sensitive characters without spaces. The value must start with a letter (a to z or A to Z, case sensitive).

Views

IPv6 PIM view, VPN instance IPv6 PIM view

Default Level

2: Configuration level

Task Name and Operations

Task Name	Operations
pim	write

Usage Guidelines

Usage Scenario

On a PIM SM network that uses the BSR mechanism, any Router can be configured as a C-RP, and serves the multicast groups in a specified address range. Each C-RP sends its information to the BSR in unicast mode. The BSR summarizes all received C-RP information as an RP-set, and floods it through BSR messages on the entire network. The local Router then works out the RP to which a specific multicast group address range corresponds based on the RP-set.

To protect valid C-RPs from being spoofed, run the crp-policy command to limit the range of valid C-RP addresses and the range of multicast group addresses served by a C-RP. You must configure the same filtering rule on each C-BSR because any C-BSR may become the BSR.

Prerequisites

The multicast routing function has been enabled using the multicast ipv6 routing-enable command in the public network instance view.

ACL rules have been configured.

Configuration Impact

If the crp-policy command is run more than once, the latest configuration overrides the previous one.

If an IPv6 ACL rule is specified but no C-RP address range is set, all C-RP messages are denied.

Example

# Use a named IPv6 ACL to configure a C-RP policy on a C-BSR in the public network instance. Configure the Router with the address 2001::1/128 to function as the C-RP, and configure the C-RP to serve only the multicast groups with addresses on the network segment ff03::101/128.

<HUAWEI> system-view
[~HUAWEI] acl ipv6 name myacl6
[*HUAWEI-acl6-advance-myacl6] rule permit ipv6 source 2001::1 128 destination ff03::101 128
[*HUAWEI-acl6-advance-myacl6] quit
[*HUAWEI] multicast ipv6 routing-enable
[*HUAWEI] pim-ipv6
[*HUAWEI-pim6] crp-policy acl6-name myacl6

# Configure a C-RP policy on a C-BSR in the public network instance. Configure the Router with the address 2001::1/128 to function as the C-RP, and configure the C-RP to serve only multicast groups with addresses on the network segment ff03::101/128.

<HUAWEI> system-view
[~HUAWEI] acl ipv6 number 3100
[*HUAWEI-acl6-advance-3100] rule permit ipv6 source 2001::1 128 destination ff03::101 128
[*HUAWEI-acl6-advance-3100] quit
[*HUAWEI] multicast ipv6 routing-enable
[*HUAWEI] pim-ipv6
[*HUAWEI-pim6] crp-policy 3100