Configuring the Maximum Number of (S, G) Entries in the Cache

Setting the maximum number of (S, G) entries in a Source Active (SA) cache can prevent Denial of Service (DoS) attacks.

Prerequisites

Before configuring the maximum number of (S, G) entries in the cache, complete the following tasks:

Configuring a unicast routing protocol to implement interconnection at the network layer
Enabling IP multicast
Configuring a PIM-SM domain to implement intra-domain multicast
Configuring PIM-SM Inter-domain Multicast or Configuring PIM-SM Inter-domain Multicast

Context

By default, SA Cache is enabled on routers on which MSDP peers are configured. The routers can locally store the (S, G) information carried in SA messages. When the routers need to receive (S, G) information, the routers can obtain the (S, G) information from the SA Cache. Setting the maximum number of (S, G) entries can prevent the Denial of Service (DoS) attack.

Procedure

Access the system view.
system-view
Access the MSDP view.
msdp [ vpn-instance vpn-instance-name ]
Set the maximum number of (S, G) entries.
peer peer-address sa-cache-maximum sa-limit

The parameters of the command are explained as follows:
- peer-address: specifies the address of a remote MSDP peer.
- sa-limit: specifies the maximum number of cached (S, G) entries. The value of configuration is valid when it is less than the specification of cache. Contrarily, specification of cache is valid.