HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
155 PIM-SSM configuration task list Task Remarks Enabling PIM-SM Required Configuring the SSM group range Optional Configuring PIM common features Optional Configuration prerequisites Before you configure PIM-SSM, complete the following tasks: • Configure any unicast routing protocol so that a ll devices in the domain are interoperable at the network layer. • Determine the SSM group range. Enabling PIM-SM The implementation of the SSM model is based on so me subsets of PIM-SM. Therefore, you must enable PIM-SM before configuring PIM-SSM. When deploying a PIM-SSM domain, enable PIM-SM on non-border interfaces of the routers. IMPORTANT: All the interfaces in the same VPN instance on the same device must operate in the same PIM mode. Enabling PIM-SM globally on the public network Step Command Remarks 1. Enter system view. system-view N/A 2. Enable IP multicast routing. multicast routing-enable Disabled by default 3. Enter interface view. interface interface-type interface-number N/A 4. Enable PIM-SM. pim sm Disabled by default Enabling PIM-SM in a VPN instance Step Command Description 1. Enter system view. system-view N/A 2. Create a VPN instance and enter VPN instance view. ip vpn-instance vpn-instance-name N/A 3. Configure an RD for the VPN instance. route-distinguisher route-distinguisher No RD is configured by default. 4. Enable IP multicast routing. multicast routing-enable Disabled by default.
156 Step Command Description 5. Enter interface view. interface interface-type interface-number N/A 6. Bind the interface with a VPN instance. ip binding vpn-instance vpn-instance-name By default, an interface belongs to the public network, and it is not bound with any VPN instance. 7. Enable PIM-SM. pim sm Disabled by default. For more information about the ip vpn-instance, route-distinguisher , and ip binding vpn-instance commands, see IP Routing Command Referenc e. For more information about the multicast routing-enable command, see IP Multicast Command Reference . Configuring the SSM group range Configuration guidelines As for whether the information from a multicast source is delivered to the receivers based on the PIM-SSM model or the PIM-SM model, this depends on whethe r the group address in the (S, G) channel subscribed by the receivers falls into the SSM group range. All PIM-SM-enabled interfaces assume that multicast groups within this address range are using the PIM-SSM model. Make sure that the same SSM group range is configured on all routers in the entire domain. Otherwise, multicast information cannot be delivered through the SSM model. When a member of a multicast group in the SSM group range sends an IGMPv1 or IGMPv2 report message, the device does not trigger a (*, G) join. Configuration procedure Perform the following configuration on all routers in the PIM-SSM domain. To configure an SSM multicast group range: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter public network PIM view or VPN instance PIM view. pim [ vpn-instance vpn-instance-name ] N/A 3. Configure the SSM group range. ssm-policy acl-number Optional 232.0.0.0/8 by default Configuring PIM common features For the functions or parameters that can be configured in both PIM view and interface view described in this section: • In PIM view, the configuration is effective on all interfaces. In interface view, the configuration is effective on only the current interface.
157 • If the same function or parameter is configured in both PIM view and interface view, the configuration in interface view has preference over the configuration in PIM view, regardless of the configuration sequence. PIM common feature configuration task list Task Remarks Configuring a multicast data filter Optional Configuring a hello message filter Optional Configuring PIM hello options Optional Configuring the prune delay Optional Configuring PIM common timers Optional Configuring join/prune message sizes Optional Configuring PIM to work with BFD Optional Setting the DSCP value for PIM messages Optional Configuration prerequisites Before you configure PIM common features, complete the following tasks: • Configure any unicast routing protocol so that a ll devices in the domain are interoperable at the network layer. • Configure PIM-DM, or PIM-SM, or PIM-SSM. • Determine the ACL rule for filtering multicast data. • Determine the ACL rule defining a legal source address range for hello messages. • Determine the priority for DR election (global value/interface level value). • Determine the PIM neighbor timeout time (global value/interface value). • Determine the prune message delay (global value/interface level value). • Determine the prune override interval (global value/interface level value). • Determine the prune delay. • Determine the hello interval (global value/interface level value). • Determine the maximum delay between hello message (interface level value). • Determine the assert timeout time (global value/interface value). • Determine the join/prune interval (global value/interface level value). • Determine the join/prune timeout (global value/interface value). • Determine the multicast source lifetime. • Determine the maximum size of join/prune messages. • Determine the maximum number of (S, G) entries in a join/prune message. • Determine the DSCP value for PIM messages.
158 Configuring a multicast data filter In either a PIM-DM domain or a PIM-SM domain, routers can check passing-by multicast data based on the configured filtering rules and determine whether to continue forwarding the multicast data. In other words, PIM routers can act as multicast data filters. Th ese filters can help implement traffic control on one hand, and control the information available to receivers downstream to enhance data security on the other hand. Generally, a smaller distance from the filter to the multicast source results in a more remarkable filtering effect. This filter works not only on independent multicas t data but also on multicast data encapsulated in register messages. To configure a multicast data filter: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter public network PIM view or VPN instance PIM view. pim [ vpn-instance vpn-instance-name ] N/A 3. Configure a multicast group filter. source-policy acl-number No multicast data filter by default Configuring a hello message filter Along with the wide applications of PIM, the security requirement for the protocol is becoming increasingly demanding. The establishment of correct PIM neighboring relationships is the prerequisite for secure application of PIM. You can configure a legal source address range for hello messages on interfaces of routers to ensure the correct PIM neig hboring relationships, guarding against PIM message attacks. To configure a hello message filter: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure a hello message filter. pim neighbor-policy acl-number No hello message filter is configured by default. NOTE: With the hello message filter configured, if hello messages of an existing PIM neighbor fail to pass the filter, the PIM neighbor will be removed automatically when it times out. Configuring PIM hello options PIM hello options In either a PIM-DM domain or a PIM-SM domain, the hello messages sent among routers contain the following configurable options:
159 • DR_Priority (for PIM-SM only)—Priority for DR election. The device with the highest priority wins the DR election. You can configure this parameter on all the routers in a multi-access network directly connected to multicast sources or receivers. • Holdtime —The timeout time of PIM neighbor reachability state. When this timer times out, if the router has received no hello message from a neighb or, it assumes that this neighbor has expired or become unreachable. • LAN_Prune_Delay —The delay of prune messages on a multi-a ccess network. This option consists of LAN-delay (namely, prune message delay), override-interval, and neighbor tracking flag. If the LAN-delay or override-interval values of different PIM routers on a multi-access subnet are different, the largest value takes effect. If you want to enable neighbor tracking, be sure to enable the neighbor tracking feature on all PIM routers on a multi-access subnet. The LAN-delay setting will cause the upstream routers to delay processing received prune messages. The override-interval sets the length of time that a downstream router can wait before sending a prune override message. When a router receives a prun e message from a downstream router, it does not perform the prune action immediately. Instead, it ma intains the current forwarding state for a period of LAN-delay plus override-interval. If the downstream router needs to continue receiving multicast data, it must send a join message within the prune override interval. Otherwise, the upstream router will perform the prune action when the period of LAN-delay plus override-interval times out. A hello message sent from a PIM router contains a ge neration ID option. The generation ID is a random value for the interface on which the hello message is sent. Normally, the generation ID of a PIM router does not change unless the status of the router changes (for example, when PIM is just enabled on the interface or the device is restarted). When the rout er starts or restarts sending hello messages, it generates a new generation ID. If a PIM router finds that the generation ID in a hello message from the upstream router has changed, it assumes that the status of the upstream neighbor is lost or that the upstream neighbor has changed. In this case, it triggers a join mess age for state update. If you disable join suppression (namely, enable ne ighbor tracking), be sure to disable the join suppression feature on all PIM routers on a multi-access subnet. Otherwise, the upstream router will fail to explicitly track join messages from downstream routers. Configuring hello options globally Step Command Remarks 1. Enter system view. system-view N/A 2. Enter public network PIM view or VPN instance PIM view. pim [ vpn-instance vpn-instance-name ] N/A 3. Configure the priority for DR election. hello-option dr-priority priority Optional. 1 by default. 4. Configure PIM neighbor timeout time. hello-option holdtime interval Optional. 105 seconds by default. 5. Configure the prune message delay time (LAN-delay). hello-option lan-delay interval Optional. 500 milliseconds by default. 6. Configure the prune override interval. hello-option override-interval interval Optional. 2500 milliseconds by default. 7. Disable join suppression. hello-option neighbor-tracking Enabled by default.
160 Configuring hello options on an interface Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure the priority for DR election. pim hello-option dr-priority priority Optional. 1 by default. 4. Configure PIM neighbor timeout time. pim hello-option holdtime interval Optional. 105 seconds by default. 5. Configure the prune message delay time (LAN-delay). pim hello-option lan-delay interval Optional. 500 milliseconds by default. 6. Configure the prune override interval. pim hello-option override-interval interval Optional. 2,00 milliseconds by default. 7. Disable join suppression. pim hello-option neighbor-tracking Enabled by default. 8. Configure the interface to reject hello messages without a generation ID. pim require-genid By default, hello messages without Generation_ID are accepted. Configuring the prune delay Configuring a prune delay interval on an upstream router on a shared network segment can make the upstream router not perform the prune action immediately after it receives the prune message from its downstream router. Instead, the upst ream router maintains the current forwarding state for a period of time that the prune delay interval defines. In this pe riod, if the upstream router receives a join message from the downstream router, it cancels the prune action. Otherwise, it performs the prune action. To configure the prune delay time: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter public network PIM view or VPN instance PIM view. pim [ vpn-instance vpn-instance-name ] N/A 3. Configure the prune delay interval. prune delay interval Optional. 3 seconds by default, which equals the prune pending time. Configuring PIM common timers PIM common timers PIM routers discover PIM neighbors and maintain PIM neighboring relationships with other routers by periodically sending out hello messages.
161 After receiving a hello message, a PIM router waits a random period, which is smaller than the maximum delay between hello messages, before sending a hello message. This delay avoids collisions that occur when multiple PIM routers send hello messages simultaneously. A PIM router periodically sends join/prune messages to its upstream for state update. A join/prune message contains the join/prune timeout time. The up stream router sets a join/prune timeout timer for each pruned downstream interface. Any router that has lost assert election will prune its downstream interface and maintain the assert state for a period of time. When the assert state times out, the assert losers will resume multicast forwarding. When a router fails to receive subsequent multicast data from multicast source S, the router does not immediately delete the corresponding (S, G) entry. Instead, it maintain s the (S, G) entry for a period of time (namely, the multicast source lifetime) before deleting the (S, G) entry. Configuring PIM common timers globally Step Command Remarks 1. Enter system view. system-view N/A 2. Enter public network PIM view or VPN instance PIM view. pim [ vpn-instance vpn-instance-name ] N/A 3. Configure the hello interval. timer hello interval Optional. 30 seconds by default. 4. Configure the join/prune interval. timer join-prune interval Optional. 60 seconds by default. 5. Configure the join/prune timeout time. holdtime join-prune interval Optional. 210 seconds by default. 6. Configure assert timeout time. holdtime assert interval Optional. 180 seconds by default. 7. Configure the multicast source lifetime. source-lifetime interval Optional. 210 seconds by default. Configuring PIM common timers on an interface Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure the hello interval. pim timer hello interval Optional. 30 seconds by default. 4. Configure the maximum delay between hello messages. pim triggered-hello-delay interval Optional. 5 seconds by default. 5. Configure the join/prune interval. pim timer join-prune interval Optional. 60 seconds by default.
162 Step Command Remarks 6. Configure the join/prune timeout time. pim holdtime join-prune interval Optional. 210 seconds by default. 7. Configure assert timeout time. pim holdtime assert interval Optional. 180 seconds by default. NOTE: If no special networking requirements are raised, use the default settings. Configuring join/prune message sizes A l arg e s ize of a joi n/pru ne message might res u l t i n loss of a larger amount of information if a message is lost. You can set a small value for the size of each join/prune message to reduce the impact in case of the loss of a message. By controlling the maximum number of (S, G) entries in a join/prune message, you can effectively reduce the number of (S, G) entries sent per unit of time. IMPORTANT: If PIM snooping–enabled switches are deployed in the PIM network, be sure to set a value no greater than the path MTU for the maximum size of each join/pru ne message on the receiver-side edge PIM devices To configure join/prune message sizes: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter public network PIM view or VPN instance PIM view. pim [ vpn-instance vpn-instance-name ] N/A 3. Configure the maximum size of each join/prune message. jp-pkt-size packet-size Optional. 8100 bytes by default. 4. Configure the maximum number of (S, G) entries in a join/prune message. jp-queue-size queue-size Optional. 1020 by default. Configuring PIM to work with BFD PIM uses hello messages to elect a DR for a multi-acce ss network. The elected DR will be the only multicast forwarder on the multi-access network. If the DR fails, a new DR election process will start after t h e D R i s a g e d o u t. H oweve r, i t m i g h t t a ke a l o n g period of time. To start a new DR election process immediately after the original DR fails, enable PIM to work with Bidirectional Forwarding Detection (BFD) on a multi-access network to detect failures of the links among PIM neighbors. You must enable PIM to work with BFD on all PIM-capable routers on a multi-access network, so that the PIM neighbors can fa st detect DR failures and start a new DR election process. For more information about BFD, see High Availability Configuration Guide .
163
Before you configure this feature on an inter face, be sure to enable PIM-DM or PIM-SM on the inter face.
To enable PIM to work with BFD:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type interface-number N/A
3. Enable PIM to work
with BFD. pim bfd enable
Disabled by default
Setting the DSCP value for PIM messages
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter public network IGMP
view or VPN instance PIM
view. pim
[ vpn-instance
vpn-instance-name ] N/A
3.
Set the DSCP value for PIM
messages dscp
dscp-value Optional.
By default, the DSCP value in PIM
messages is 48.
Displaying and maintaining PIM
Task Command Remarks
Display the BSR information in the
PIM-SM domain and locally
configured C-RP information in
effect.
display pim
[ all-instance |
vpn-instance vpn-instance-name ]
bsr-info [ | { begin | exclude |
include } regular-expression ]
Available in any view
Display the information of unicast
routes used by PIM.
display pim
[ all-instance |
vpn-instance vpn-instance-name ]
claimed-route [ source-address ] [ |
{ begin | exclude | include }
regular-expression ]
Available in any view
Display the number of PIM control
messages.
display pim
[ all-instance |
vpn-instance vpn-instance-name ]
control-message counters
[ message-type { probe | register |
register-stop } | [ interface
interface-type interface-number |
message-type { assert | bsr | crp |
graft | graft-ack | hello |
join-prune | state-refresh } ] * ] [ |
{ begin | exclude | include }
regular-expression ]
Available in any view
164
Task Command Remarks
Display the DF information of
BIDIR-PIM. display pim
[ all-instance |
vpn-instance vpn-instance-name ]
df-info [ rp-address ] [ | { begin |
exclude | include }
regular-expression ] Available in any view
Display the information about
unacknowledged PIM-DM graft
messages.
display pim
[ all-instance |
vpn-instance vpn-instance-name ]
grafts [ | { begin | exclude |
include } regular-expression ]
Available in any view
Display the PIM information on an
interface or all interfaces.
display pim
[ all-instance |
vpn-instance vpn-instance-name ]
interface [ interface-type
interface-number ] [ verbose ] [ |
{ begin | exclude | include }
regular-expression ]
Available in any view
Display the information of
join/prune messages to send.
display pim
[ all-instance |
vpn-instance vpn-instance-name ]
join-prune mode { sm [ flags
flag-value ] | ssm } [ interface
interface-type interface-number |
neighbor neighbor-address ] *
[ verbose ] [ | { begin | exclude |
include } regular-expression ]
Available in any view
Display PIM neighboring
information.
display pim
[ all-instance |
vpn-instance vpn-instance-name ]
neighbor [ interface interface-type
interface-number |
neighbor-address | verbose ] * [ |
{ begin | exclude | include }
regular-expression ]
Available in any view
Display the content of the PIM
routing table.
display pim
[ all-instance |
vpn-instance vpn-instance-name ]
routing-table [ group-address
[ mask { mask-length | mask } ] |
source-address [ mask
{ mask-length | mask } ] |
incoming-interface [ interface-type
interface-number | register ] |
outgoing-interface { include |
exclude | match } { interface-type
interface-number | register } |
mode mode-type | flags flag-value
| fsm ] * [ | { begin | exclude |
include } regular-expression ]
Available in any view
Display the RP information.
display pim
[ all-instance |
vpn-instance vpn-instance-name ]
rp-info [ group-address ] [ | { begin
| exclude | include }
regular-expression ]
Available in any view