Filtering RP/DR Register Messages

You can filter PIM register messages sent from the DR or to the RP. The PIM RP keeps track of all active sources in a single PIM sparse mode domain. In some cases, more control over which sources an RP knows about, or which sources a DR tells other RPs about, is desired. A high degree of control over PIM register messages is provided by RP/DR register message filtering. Message filtering also prevents unauthorized groups and sources from registering with an RP router.

Register messages that are filtered at a DR are not sent to the RP, but the sources are available to local users. Register messages that are filtered at an RP arrive from source DRs, but are ignored by the router. Sources on multicast group traffic can be limited or directed by using RP or DR register message filtering alone or in combination.

If the action of the register filter policy is to discard the register message, the router should send a register-stop message to the DR. These register-stop messages are throttled to prevent malicious users from triggering them on purpose to disrupt the routing process.

Multicast group and source information is encapsulated inside unicast IP packets. This feature allows the router to inspect the multicast group and source information before sending or accepting the PIM register message.

Incoming register messages to an RP are passed through the configured register message filtering policy before any further processing. If the register message is rejected, the RP router sends a register stop message to the DR. When the DR receives the register stop message, the DR stops sending register messages for the filtered groups and sources to the RP. Two fields are used for register message filtering:

• Group multicast address
• Source address

The syntax of the existing policy statements are used to configure the filtering on these two fields. The router-filter statement is useful for multicast group address filtering and the source-address-filter statement is useful for source address filtering. In most cases, the action will be to reject the register messages, but more complex filtering policies are possible.

Filtering cannot be performed on other header fields, such as DR address, protocol, or port. In some configurations, an RP might not send register-stop messages when the policy action is to discard the register messages. This has no effect on the operation of the feature, but the router will continue to receive register messages.

When anycast RP is configured, register messages can be sent or received by the RP. All the RPs in the anycast RP set should have the same RP register message filtering policies configured; otherwise, it might be possible to circumvent the filtering policy. For more information on anycast RP, see RP Mapping with Anycast RP.

For more information on filtering RP/DR register messages, see Configuring RP/DR Register Message Filtering and Example: Configuring RP/DR Register Message Filters.

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.