Skip to Content.
Sympa Menu

wg-multicast - Re: Recommended MSDP ACL

Subject: All things related to multicast

List archive

Re: Recommended MSDP ACL


Chronological Thread 
  • From: Gordon Rogier <>
  • To: ,
  • Subject: Re: Recommended MSDP ACL
  • Date: Mon, 6 Dec 1999 09:29:57 -0600 (CST)

Greg,

i know that this is a thread mainly between you and Beau, but i want to
interject here.

this note about 'sa-filter' from beau is the same thread of thought i
spoke with you about yesterday at nlanr/i2. i will try to get hope to my
configs to you later today or tomarrow in anticipation on discussing it at
almeroth's bof at nlanr/i2.

thanks.

--*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*--
Gordon Rogier


Network Engineer 785-864-0381wk 785-550-4468 cell
Great Plains Network 785-864-9330 FAX

On Mon, 6 Dec 1999, Greg Shepherd wrote:

>
>
> On Mon, 6 Dec 1999, Beau Williamson wrote:
>
> > At 02:33 PM 12/5/1999, Kevin C. Almeroth wrote:
> > >Does anybody else have any suggestions/comments/recommendations?
> > >
> > >-Kevin
> > >
> > >>>Here is the current recommendation:
> > >>>
> > >>>access-list 111 deny ip any host 224.0.2.2
> > >>>access-list 111 deny ip any host 224.0.1.3
> > >>>access-list 111 deny ip any host 224.0.1.24
> > >>>access-list 111 deny ip any host 224.0.1.22
> > >>>access-list 111 deny ip any host 224.0.1.2
> > >>>access-list 111 deny ip any host 224.0.1.35
> > >>>access-list 111 deny ip any host 224.0.1.60
> > >>>access-list 111 deny ip any host 224.0.1.39
> > >>>access-list 111 deny ip any host 224.0.1.40
> > >>>access-list 111 deny ip any 239.0.0.0 0.255.255.255
> > >>>access-list 111 deny ip 10.0.0.0 0.255.255.255 any
> > >>>access-list 111 deny ip 127.0.0.0 0.255.255.255 any
> > >>>access-list 111 deny ip 172.0.0.0 0.255.255.255 any <<<<<<<
> > >>>access-list 111 deny ip 192.0.0.0 0.255.255.255 any <<<<<<<
> > >>>access-list 111 permit ip any any
> > >
> > Shep, et al,
> >
> > Uh, aren't the last two entries a bit too broad in scope? Shouldn't they
> > really be:
> >
> > access-list 111 deny ip 172.16.0.0 0.15.255.255 any
> > access-list 111 deny ip 192.168.0.0 0.0.255.255 any
>
> Good point. For the reference, here is a snip from RFC1918:
>
> 3. Private Address Space
>
> The Internet Assigned Numbers Authority (IANA) has reserved the
> following three blocks of the IP address space for private internets:
>
> 10.0.0.0 - 10.255.255.255 (10/8 prefix)
> 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
> 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
>
>
>
> > to match RFC1918 ranges?
> >
> > Also, are you using these in 'sa-filter' lists or 'sa redistribute' lists
> > or both?
>
> I currently have confi'd this for 'sa-filter'. Can you explain the
> difference?
>
> Thanks,
> Greg
>
> > Beau
> >
> >
>
>




Archive powered by MHonArc 2.6.16.

Top of Page