Configuring a Policy for Processing MLD Message

In this configuration task, you can configure a device to deny all the MLD packets without Router-Alert options, send MLD packets without Router-Alert options, and filter MLD packets based on source addresses.

Usage Scenario

Generally, a device sends a packet to the routing protocol layer for processing only if the destination IP address of the packet is the IP address of a local interface. The destination IP address of an MLD packet is usually a multicast address but not the address of an interface on a multicast device and thus the MLD packet may fail to be sent to the routing protocol layer for processing. Router-Alert options can address such a problem. MLD packets carrying Router-Alert options need to be sent to the routing protocol layer for processing.

To improve a device's security, you can configure a device to filter MLD packets based on source addresses. This filtering function is implemented by specifying source addresses in ACL rules, so the device permits an MLD packet only if the packet carries a source address that is specified as a valid source address in an ACL rule.

For details about Router-Alert options, see relevant standards.

Pre-configuration Tasks

Before configuring a Policy for Processing MLD message, complete the following tasks:

Configuring a unicast routing protocol to make devices routable
Configuring Basic MLD Functions

Configuring the router to Deny MLD Messages Without the Router-Alert Option: If user hosts do not want to receive MLD messages without the Router-Alert option, configure the router directly connected to the user hosts to deny all MLD messages without the Router-Alert option.

Configuring the router to Send MLD Messages Without the Router-Alert Option: If some MLD interfaces on the same network need to receive MLD messages without the Router-Alert option, configure the router connected to the user network segment to send MLD messages without the Router-Alert option.

Setting the Maximum Number of MLD Group Members That an Interface Can Maintain: This section describes how to configure an MLD entry limit on an interface to allow users who have joined multicast groups to enjoy smoother multicast services.

Configuring Source Address-based MLD Message Filtering: Source address-based MLD message filtering is a security policy used for filtering MLD message on the router's interface connected to user hosts.

Verifying the Configuration of the Policy for Processing MLD Packets: After configuring the Policy for Processing MLD Packets, verify MLD configurations and running information on the interface to ensure normal running of MLD.