peer sa-policy

By default, the SA messages received and forwarded are not filtered. All (S, G) entries are received and forwarded to MSDP peers.

Usage Scenario

The peer sa-policy command can be used to control the transmission of information about multicast sources during SA message transmission. After the peer sa-policy command is run, MSDP will filter (S, G) forwarding entries carried in SA messages received from or forwarded to specified MSDP peers based on multicast source addresses.

After the peer peer-address sa-policy import command is used, when an SA message reaches the local FW from the specified peer, the local FW filters the message using the import policy to determine whether to process the SA message.

• If acl is not set in the peer peer-address sa-policy import command, the FW does not process the SA message.

• If acl is set in the peer peer-address sa-policy import acl advanced-acl-number command, only the (S, G) information sent by a specified peer and matches the ACL rule is processed.

After the peer peer-address sa-policy export command is used, a FW filters an SA message using the export policy before forwarding the SA message. When the SA message matches the ACL, the FW forwards it.

• If acl is not set in the peer peer-address sa-policy export command, the FW does not forward any SA message to a specified MSDP peer.

• If acl is set in the peer peer-address sa-policy export acl advanced-acl-number command, only the (S, G) information that matches the ACL rule is advertised.

Besides controlling the transmission of SA messages, you can run import-source command on the peer nearest to the source to control the creation of SA messages.

Configuration Impact

This command is cyclical. The latest command overwrites the previous one, and takes effect.