Join policies are used in Protocol Independent Multicast (PIM) configurations to prevent the transportation of multicast traffic across a network and the dropping of packets at a scope at the edge of the network. PIM Join filters reduce the potential for denial of service (DoS) attacks and PIM state explosion—large numbers of Joins forwarded to each router on the RPT, resulting in memory consumption.
*,g or s,g is the information used to forward unicast or multicast packets.
group-address matches the group in join/prune messages
group-address 239.55.150.208/32 exact
source-address matches the source in join/prune messages
source-address 192.168.0.0/16 longer
interface matches any join message received on the specified interface:
interface port 1/1/1
neighbor matches any join message received from the specified neighbor:
neighbor 1.1.1.1
The following configuration example does not allow join messages for group 239.50.50.208/32 and source 192.168.0.0/16 but allows join messages for 192.168.0.0/16, 239.50.50.208.
A:ALA-B>config>router>policy-options# info
----------------------------------------------
...
policy-statement "foo"
entry 10
from
group-address "239.50.50.208/32"
source-address 192.168.0.0
exit
action reject
exit
exit
policy-statement "reg-pol"
entry 10
from
group-address "239.0.0.0/8"
exit
action accept
exit
exit
exit
...
----------------------------------------------
A:ALA-B>config>router>policy-options#