Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
Filtering Incoming PIM Join Messages
Multicast scoping controls the propagation of multicast messages. While multicast scoping prevents the actual multicast data packets from flowing in or out of an interface, PIM join filters prevent a state from being created in a router. A state—the (*,G) or (S,G) entries—is the information used for forwarding unicast or multicast packets. Using PIM join filters prevents the transport of multicast traffic across a network and the dropping of packets at a scope at the edge of the network. Also, PIM join filters reduce the potential for denial-of-service (DoS) attacks and PIM state explosion—large numbers of PIM join messages forwarded to each router on the rendezvous-point tree (RPT), resulting in memory consumption.
To use PIM join filters to efficiently restrict multicast traffic from certain source addresses, create and apply the routing policy across all routers in the network.
See Table 8 for a list of match conditions.
Table 8: PIM Join Filter Match Conditions
Match Condition | Matches On |
|---|---|
interface | Router interface or interfaces specified by name or IP address |
neighbor | Neighbor address (the source address in the IP header of the join and prune message) |
route-filter | Multicast group address embedded in the join and prune message |
source-address-filter | Multicast source address embedded in the join and prune message |
The following example shows how to create a PIM join filter. The filter is composed of a route filter and a source address filter—bad-groups and bad-sources, respectively. Policy bad-groups prevents (*,G) or (S,G) join messages from being received for all groups listed. Policy bad-sources prevents (S,G) join messages from being received for all sources listed. The bad-groups filter and bad-sources filter are in two different terms. If route filters and source address filters are in the same term, they are logically ANDed.
To filter incoming PIM join messages:
- Configure the policy.[edit]user@host# edit policy-statement pim-join-filter term bad-groupsuser@host# set from route-filter 224.0.1.2/32 exactuser@host# set from route-filter 239.0.0.0/8 orlongeruser@host# set then reject[edit]user@host# edit policy-statement pim-join-filter term bad-sourcesuser@host# set from source-address-filter 10.0.0.0/8 orlongeruser@host# set from source-address-filter 127.0.0.0/8 orlongeruser@host# set then reject
- Apply one or more policies to routes
being imported into the routing table from PIM.
- Verify the configuration by checking the output of the show pim join and show policy commands.
Related Topics
- Multicast Administrative Scoping
- Filtering Outgoing PIM Join Messages
- show pim join in the Routing Protocols and Policies Command Reference
- show policy in the Routing Protocols and Policies Command Reference
