All things related to multicast

["John M. Zwiebel" <>]

In addition to what Beau stated...
... the redistribute command has been going through some growing pains.
Now that the "A" flag gets set to control which sources are orignated by
an RP, the redistribute command acts a bit more the way Beau wants it to.

The "redistribution" was from PIM to MSDP, although that has certainly 
caused some misunderstanding on the part of many who have deployed it.  Now,
that command is used more to limit which sources will be advertised in an
SA, than to actually permit which sources are going to be advertised.

ie, once upon a time, we had the msdp border command which was used to
advertise dense-mode sources.  Now, we have the interface proxy register
command which is used to register a dense-mode source with an RP which
in turn sets the A flag so that only one MSDP system will be responsible for
advertising the SA.

yes, this makes for configuration problems and backward compatibilty problems,
but its better than letting folks mess up their configs as they have in the
past causing MSDP SA loops etc. 

Toerless has a writeup on the new 'proxy-register' command.  I don't know
if its been posted yet on ftp-eng.

z

 ^ 
 ^ 
 ^ On Mon, 6 Dec 1999, Beau Williamson wrote:
 ^ 
 ^ > At 02:33 PM 12/5/1999, Kevin C. Almeroth wrote:
 ^ > >Does anybody else have any suggestions/comments/recommendations?
 ^ > >
 ^ > >-Kevin
 ^ > >
 ^ > >>>Here is the current recommendation:
 ^ > >>>
 ^ > >>>access-list 111 deny   ip any host 224.0.2.2
 ^ > >>>access-list 111 deny   ip any host 224.0.1.3
 ^ > >>>access-list 111 deny   ip any host 224.0.1.24
 ^ > >>>access-list 111 deny   ip any host 224.0.1.22
 ^ > >>>access-list 111 deny   ip any host 224.0.1.2
 ^ > >>>access-list 111 deny   ip any host 224.0.1.35
 ^ > >>>access-list 111 deny   ip any host 224.0.1.60
 ^ > >>>access-list 111 deny   ip any host 224.0.1.39
 ^ > >>>access-list 111 deny   ip any host 224.0.1.40
 ^ > >>>access-list 111 deny   ip any 239.0.0.0 0.255.255.255
 ^ > >>>access-list 111 deny   ip 10.0.0.0 0.255.255.255 any
 ^ > >>>access-list 111 deny   ip 127.0.0.0 0.255.255.255 any
 ^ > >>>access-list 111 deny   ip 172.0.0.0 0.255.255.255 any  <<<<<<<
 ^ > >>>access-list 111 deny   ip 192.0.0.0 0.255.255.255 any  <<<<<<<
 ^ > >>>access-list 111 permit ip any any
 ^ > >
 ^ > Shep, et al,
 ^ > 
 ^ > Uh, aren't the last two entries a bit too broad in scope?  Shouldn't 
they 
    really be:
 ^ > 
 ^ > access-list 111 deny   ip 172.16.0.0 0.15.255.255 any
 ^ > access-list 111 deny   ip 192.168.0.0 0.0.255.255 any
 ^ 
 ^ Good point. For the reference, here is a snip from RFC1918:
 ^ 
 ^ 3. Private Address Space
 ^ 
 ^    The Internet Assigned Numbers Authority (IANA) has reserved the
 ^    following three blocks of the IP address space for private internets:
 ^ 
 ^      10.0.0.0        -   10.255.255.255  (10/8 prefix)
 ^      172.16.0.0      -   172.31.255.255  (172.16/12 prefix)
 ^      192.168.0.0     -   192.168.255.255 (192.168/16 prefix)
 ^ 
 ^ 
 ^  
 ^ > to match RFC1918 ranges?
 ^ > 
 ^ > Also, are you using these in 'sa-filter' lists or 'sa redistribute' 
lists 
    or both?
 ^ 
 ^ I currently have confi'd this for 'sa-filter'. Can you explain the
 ^ difference?
 ^ 
 ^ Thanks,
 ^ Greg
 ^  
 ^ > Beau
 ^ > 
 ^ > 
 ^ 
 ^ 

------------------------------------------------------------------------------
        John Zwiebel                       Phone: 408-526-5303
        Cisco Systems Inc.                 
        IP Multicast Group