wg-multicast - Re: Recommended MSDP ACL
Subject: All things related to multicast
List archive
- From: Greg Shepherd <>
- To: Gordon Rogier <>
- Cc: ,
- Subject: Re: Recommended MSDP ACL
- Date: Mon, 6 Dec 1999 07:44:52 -0800 (PST)
Gordon,
This is for everyone. I appreciate anything you can contribute.
Greg
On Mon, 6 Dec 1999, Gordon Rogier wrote:
> Greg,
>
> i know that this is a thread mainly between you and Beau, but i want to
> interject here.
>
> this note about 'sa-filter' from beau is the same thread of thought i
> spoke with you about yesterday at nlanr/i2. i will try to get hope to my
> configs to you later today or tomarrow in anticipation on discussing it at
> almeroth's bof at nlanr/i2.
>
> thanks.
>
> --*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*--
> Gordon Rogier
>
>
> Network Engineer 785-864-0381wk 785-550-4468 cell
> Great Plains Network 785-864-9330 FAX
>
> On Mon, 6 Dec 1999, Greg Shepherd wrote:
>
> >
> >
> > On Mon, 6 Dec 1999, Beau Williamson wrote:
> >
> > > At 02:33 PM 12/5/1999, Kevin C. Almeroth wrote:
> > > >Does anybody else have any suggestions/comments/recommendations?
> > > >
> > > >-Kevin
> > > >
> > > >>>Here is the current recommendation:
> > > >>>
> > > >>>access-list 111 deny ip any host 224.0.2.2
> > > >>>access-list 111 deny ip any host 224.0.1.3
> > > >>>access-list 111 deny ip any host 224.0.1.24
> > > >>>access-list 111 deny ip any host 224.0.1.22
> > > >>>access-list 111 deny ip any host 224.0.1.2
> > > >>>access-list 111 deny ip any host 224.0.1.35
> > > >>>access-list 111 deny ip any host 224.0.1.60
> > > >>>access-list 111 deny ip any host 224.0.1.39
> > > >>>access-list 111 deny ip any host 224.0.1.40
> > > >>>access-list 111 deny ip any 239.0.0.0 0.255.255.255
> > > >>>access-list 111 deny ip 10.0.0.0 0.255.255.255 any
> > > >>>access-list 111 deny ip 127.0.0.0 0.255.255.255 any
> > > >>>access-list 111 deny ip 172.0.0.0 0.255.255.255 any <<<<<<<
> > > >>>access-list 111 deny ip 192.0.0.0 0.255.255.255 any <<<<<<<
> > > >>>access-list 111 permit ip any any
> > > >
> > > Shep, et al,
> > >
> > > Uh, aren't the last two entries a bit too broad in scope? Shouldn't
> > > they really be:
> > >
> > > access-list 111 deny ip 172.16.0.0 0.15.255.255 any
> > > access-list 111 deny ip 192.168.0.0 0.0.255.255 any
> >
> > Good point. For the reference, here is a snip from RFC1918:
> >
> > 3. Private Address Space
> >
> > The Internet Assigned Numbers Authority (IANA) has reserved the
> > following three blocks of the IP address space for private internets:
> >
> > 10.0.0.0 - 10.255.255.255 (10/8 prefix)
> > 172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
> > 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
> >
> >
> >
> > > to match RFC1918 ranges?
> > >
> > > Also, are you using these in 'sa-filter' lists or 'sa redistribute'
> > > lists or both?
> >
> > I currently have confi'd this for 'sa-filter'. Can you explain the
> > difference?
> >
> > Thanks,
> > Greg
> >
> > > Beau
> > >
> > >
> >
> >
>
>
>
- Recommended MSDP ACL, Greg Shepherd, 12/05/1999
- <Possible follow-up(s)>
- Re: Recommended MSDP ACL, Kevin C. Almeroth, 12/05/1999
- Re: Recommended MSDP ACL, David Meyer, 12/05/1999
- Re: Recommended MSDP ACL, Beau Williamson, 12/06/1999
- Re: Recommended MSDP ACL, Greg Shepherd, 12/06/1999
- Re: Recommended MSDP ACL, Gordon Rogier, 12/06/1999
- Re: Recommended MSDP ACL, Greg Shepherd, 12/06/1999
- Re: Recommended MSDP ACL, John M. Zwiebel, 12/06/1999
- Re: Recommended MSDP ACL, Gordon Rogier, 12/06/1999
- Message not available
- Re: Recommended MSDP ACL, Beau Williamson, 12/06/1999
- Re: Recommended MSDP ACL, Greg Shepherd, 12/06/1999
Archive powered by MHonArc 2.6.16.