Adjusting Control Parameters for Establishing Neighbor Relationships
Context
By adjusting parameters that control Hello message exchange between neighbors, you can prevent authorized devices from establishing PIM neighbor relationships with the local device. This guarantees security of a PIM-DM network.
Adjusting Time Parameters for Hello Messages
Context
PIM devices send Hello messages periodically to maintain PIM neighbor relationships. When a PIM device receives a Hello message from a neighbor, the PIM device starts the timer and sets the timer to the holdtime of Hello messages. If the PIM device does not receive a new Hello message from the neighbor within the holdtime, it considers the neighbor invalid or unreachable. Therefore, the interval for a PIM device to send Hello messages must be smaller than the holdtime of Hello messages.
If multiple PIM devices transmit Hello messages simultaneously, a conflict occurs on the network. To solve this problem, when a PIM device receives a Hello message, it waits a period before transmitting the Hello message. This period can be a random value and is smaller than the maximum delay for triggering Hello messages.
The interval for sending Hello messages and the holdtime of Hello messages can be set either globally or on an interface. If you configure the two parameters in the global PIM view and in the interface view simultaneously, the configuration in the interface view takes effect.
You can configure the maximum delay for triggering Hello messages only in the interface view.
Configuring PIM Neighbor Filtering
Context
- Configure a valid neighbor address range to prevent unauthorized neighbors from connecting to the network.
- Configure the router to reject Hello messages without Generation IDs so that the router connects only to normally working PIM neighbors.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
- Run pim neighbor-policy { basic-acl-number | acl-name acl-name }
The range of valid neighbor addresses is configured.
If the IP address of a PIM neighbor that has established a neighbor relationship with the router is not in the configured range of valid neighbor addresses, the router will no longer receive Hello messages from this PIM neighbor. When the holdtime of Hello messages expires, the neighbor relationship between the PIM device and the router is terminated.
- Run pim require-genid
The router is configured to receive only Hello messages that contain Generation IDs.
By default, a PIM interface receives the Hello messages without the Generation ID.
Verifying the Configuration of Control Parameters for Establishing Neighbor Relationships
Prerequisites
After the control parameters for establishing the neighbor relationship are adjusted, you can check information about the PIM interface and the PIM neighbor.
Procedure
- Run the display pim [ vpn-instance vpn-instance-name | all-instance ] interface [ interface-type interface-number | up | down ] [ verbose ] command to check PIM information on an interface.
- Run the display pim [ vpn-instance vpn-instance-name | all-instance ] neighbor [ neighbor-address | interface interface-type interface-number | verbose ] * command to check information about PIM neighbors.