The system can work normally with default PIM-SM parameters. You are also allowed to adjust parameters related to neighbor discovery, forwarding, DR, Rendezvous Point (RP), join, register, and assert. In addition, you can configure various filtering policies and the PIM silent function to enhance the PIM-SM security. PIM-SM supports Source-Specific Multicast (SSM), PIM GR, and shortest path tree (SPT) switchover.
PIM-SM supports the Any-Source Multicast (ASM) and SSM models. You can set the range of ASM group addresses or the range of SSM group addresses.
You can specify a static RP on all the FWs in a PIM-SM domain. When a dynamic RP exists in the domain, the dynamic RP is preferred by default, but you can configure the static RP to be preferred.
You can configure Candidate-RPs (C-RPs) and Candidate-BSRs (C-BSRs) in a PIM-SM domain and set the unified rules used to dynamically generate the BootStrap router (BSR) and the RP. You can adjust the priority for C-RP election, adjust the lifetime of the advertisement message on the BSR received from the C-RP, adjust the interval for the C-RP to send advertisement messages, and specify an Access Control List (ACL) to limit the range of the multicast groups served by the C-RP.
You can specify the C-BSR in the BSR domain, adjust the hash length used by the RP for C-RP election, adjust the priority used for BSR election, and adjust the legal BSR address range. To limit the transmission of BSR messages, you can configure the BSR service boundary on an interface of the FW on the boundary of the BSR domain.
You can configure filtering rules of the multicast source address to control multicast sources. You can configure the policy to filter Register messages, and suppress PIM-SM Register messages.
You can configure the service boundary of the BSR administrative domain and the boundary of the administrative domain by using the related commands.
Interval for sending Hello messages
Time period for the neighbor to hold the reachable state
Whether to receive the Hello messages with Generation IDs
Maximum delay in triggering the Hello messages
Priority for DR election
DR switching delay
Neighbor filtering function: An interface sets up neighbor relationships with only the addresses matching the filtering rules.
Interval for sending Join messages
Time period for the downstream interface to keep the forwarding state
Time for overriding the prune action
Filtering Join information in the Join/Prune messages
Neighbor check function: checks whether the Join/Prune and Assert messages are sent to or received from a PIM neighbor. If not, these messages are not processed.
You can configure the period for retaining the Assert state of the FW interface.
You can adjust conditions of the SPT switchover and the interval for checking the forwarding rate of multicast data.
On the access layer, the FW interface directly connected to hosts needs to be enabled with PIM. You can establish a PIM neighbor on the FW interface to process various PIM packets. The configuration, however, has the potential security risks. When a host maliciously generates PIM Hello packets and sends the packets in large quantity, the FW may break down.
To prevent the preceding case, you can set the status of the FW interface to PIM silent. When the interface is in the PIM silent state, the interface is prohibited from receiving and forwarding any PIM packet. Then all PIM neighbors and PIM state machines on the interface are deleted. The interface acts as the static DR and immediately takes effect. At the same time, IGMP on the interface is not affected.
In multi-instance applications, a multicast FW needs to maintain the PIM neighbor list, multicast routing table, BSR information, and RP-Set information for different VPN instances and keep the information independent between the instances. The FW functions as multiple multicast FWs running PIM independently.
When a FW receives a data packet, it needs to differentiate which VPN instance the packet belongs to and forward it based on the multicast routing table of that VPN instance, or create PIM-related multicast routing entries in that VPN instance.