Adjusting Neighbor Parameters

Devices establish neighbor relationships by exchanging Hello messages. PIM neighbor parameters include the interval for sending Hello messages, timeout period of a neighbor relationship, whether to deny a Hello message carrying the Generation ID option, and policy for filtering neighbors.

Context

You can set the interval for sending Hello messages and timeout period of a neighbor relationship either globally or on an interface.

Global configuration: takes effect on all interfaces.
Interface-specific configuration: takes precedence over the global configuration. If an interface-specific configuration is not available, the interface uses the global configuration.

The following functions can be configured on interfaces to improve the security of IPv6 PIM neighbors:

Deny Hello messages without the Generation ID option. If the router finds that a Hello message received from a PIM neighbor contains a different generation ID, the router considers that the status of the PIM neighbor changes.
Configure a neighbor filtering policy to limit the range of valid neighbor addresses. The router discards a Hello message received from a neighbor with the address beyond the set range.

Procedure

Adjust neighbor parameters globally.
1. Run system-view
  The system view is displayed.
2. Run pim-ipv6
  The IPv6 PIM view is displayed.
3. Run timer hello helloInterval
  The interval for sending Hello messages is set.
4. Run hello-option holdtime holdtimeValue
  The neighbor timeout period carried in PIM Hello packets to be sent by a router is set.
  
  The interval at which the router sends Hello messages must be shorter than the neighbor timeout period.
5. Run commit
  The configuration is committed.
Adjust neighbor parameters for a specific interface.
1. Run system-view
  The system view is displayed.
2. Configure a basic numbered ACL6 or a naming ACL6 as needed.
  - Configure a basic numbered ACL6.
    1. Run acl ipv6 [ number ] basic-acl6-number [ match-order { auto | config } ]
      A basic numbered ACL6 is created, and the basic numbered ACL6 view is displayed.
    2. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment | source { source-ipv6-address prefix-length | source-ipv6-address/prefix-length | any } ] ^*
      Rules are configured for the basic numbered ACL6.
  - Configure a naming ACL6.
    1. Run acl ipv6 name acl6-name basic [ match-order { auto | config } ]
      A naming ACL6 is created, and the naming ACL6 view is displayed.
    2. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment | source { source-ipv6-address prefix-length | source-ipv6-address/prefix-length | any } ] ^*
      Rules are configured for the naming ACL6.
3. Run quit
  Return to the system view.
4. Run interface interface-type interface-number
  The IPv6 PIM interface view is displayed.
5. Run pim ipv6 timer hello interval
  The interval at which the interface sends Hello messages is set.
6. Run pim ipv6 hello-option holdtime helloHoldTime
  The neighbor timeout period carried in PIM Hello packets to be sent by a router is set.
  
  The interval at which the router sends Hello messages must be shorter than the neighbor timeout period.
7. Run pim ipv6 require-genid
  The interface is configured to accept the Hello messages with the Generation ID option and deny the Hello messages without the Generation ID option.
8. Run pim ipv6 neighbor-policy { basic-acl6-number | acl6-name acl6-name }
  A neighbor filtering policy is configured.
  
  When being configured on an interface, the neighbor filtering function needs to be configured on the routers that set up PIM neighbor relationships with this interface accordingly.
  - If a peer matches an ACL and the action is permit, the local router sets up a neighbor relationship with this peer.
  - If a peer matches an ACL and the action is deny, the local router does not set up a neighbor relationship with this peer.
  - If a peer does not match any ACL rule, the local router does not set up a neighbor relationship with this peer.
  - If a specified ACL does not exist or does not contain rules, the local router does not set up neighbor relationships with any peers.
9. Run commit
  The configuration is committed.