PIM-SM routing policies

Multicast traffic can be restricted from certain source addresses by creating routing policies. Join messages can be filtered using import filters. PIM join policies can be used to reduce denial of service attacks and subsequent PIM state explosion in the router and to remove unwanted multicast streams at the edge of the network before it is carried across the core. Route policies are created in the config>router>policy-options context. Join and register route policy match criteria for PIM-SM can specify the following:

• router interface or interfaces specified by name or IP address

• neighbor address (the source address in the IP header of the join and prune message)

• multicast group address embedded in the join and prune message

• multicast source address embedded in the join and prune message

Join policies can be used to filter PIM join messages so that no *,G or S,G state is created on the router. The following table describes the match conditions.

PIM register messages are sent by the first hop designated router that has a direct connection to the source. This serves a dual purpose:

• It notifies the RP that a source has active data for the group.

• It delivers the multicast stream in register encapsulation to the RP and its potential receivers.

• If no one has joined the group at the RP, the RP will ignore the registers.

In an environment where the sources to particular multicast groups are always known, it is possible to apply register filters at the RP to prevent any unwanted sources from transmitting a multicast stream. You can apply these filters at the edge so that register data does not travel unnecessarily over the network toward the RP.

The following table describes the match conditions.