PIM-SM routing policies

Multicast traffic can be restricted from specific source addresses by creating routing policies. Join messages can be filtered using import filters. PIM join policies can be used to reduce denial of service attacks and subsequent PIM state explosion in the router and to remove unwanted multicast streams at the edge of the network before it is carried across the core. Route policies are created in the config>router>policy-options context. Join and register route policy match criteria for PIM-SM can specify the following:

• router interface or interfaces specified by name or IP address

• neighbor address (the source address in the IP header of the join and prune message)

• multicast group address embedded in the join and prune message

• multicast source address embedded in the join and prune message

Join policies can be used to filter PIM join messages so no (*,G) or (S,G) state is created on the router.

Table: Join filter policy match conditions lists the join filter policy match conditions.

PIM register message are sent by the first hop designated router that has a direct connection to the source. This serves a dual purpose:

• notifies the RP that a source has active data for the group

• delivers the multicast stream in register encapsulation to the RP and its potential receivers

• if no one has joined the group at the RP, the RP ignores the registers

In an environment where the sources to particular multicast groups are always known, it is possible to apply register filters at the RP to prevent any unwanted sources from transmitting multicast stream. You can apply these filters at the edge so that register data does not travel unnecessarily over the network toward the RP.

Table: Register filter policy match conditions lists the register filter policy match conditions.