wg-multicast - Re: notes from Vancouver BoF 7/18/05
Subject: All things related to multicast
List archive
- From: debbie fligor <>
- To: Peter John Hill <>
- Cc: debbie fligor <>, Alan Crosswell <>,
- Subject: Re: notes from Vancouver BoF 7/18/05
- Date: Wed, 27 Jul 2005 15:01:38 -0500
At 12:22 -0700 7/26/05, Peter John Hill wrote:
On Jul 26, 2005, at 11:21 AM, debbie fligor wrote:
At 9:24 -0400 7/25/05, Alan Crosswell wrote:Yikes... are you talking about GRE tunnels and sending the multicast around them? Are you also doing something like msdp with prefix lists for filters to limit the traffic somewhat through the gre tunnel... what sources are allowed to be known from one side to the other?
- Firewall w/multicast?
-> - Ask Debbie
Fligor@UIUC
We're sending multicast traffic around the campus exit firewall/webcache/ips structure via a dedicated gigE link, while the unicast traffic (including that to the RP, which is on the untrusted side of our dmz) flows through the firewalls.
The hardest part getting it all working was getting the PIM bugs worked out of the switch vendor's code, and getting them to change their static mroute command to accept administrative distance when specifying an rpf_address not an interface.
If anyone else is trying to setup something like this and wants to hear how we're getting ours to work, just let me know.
I am curious as to the applications that one would want to run across a firewall that use multicast... I also wonder if there are better solutions then sending the multicast directly through? Something along the lines of what Tibco (yuck) does... or perhaps for something like video, a reflector outside the "trust boundary" of the firewall.
Just remember, multicast is fun!
it's job security, that's for sure :)
Peter
I know more about how to bypass them than how to make them work.
--
-debbie
Debbie Fligor, n9dn Network Engineer, CITES, Univ. of Il
email:
<http://www.uiuc.edu/ph/www/fligor>
"Every keystroke can be monitored. And the computers never forget."
--
-debbie
Debbie Fligor, n9dn Network Engineer, CITES, Univ. of Il
email:
<http://www.uiuc.edu/ph/www/fligor>
"Every keystroke can be monitored. And the computers never forget."
- notes from Vancouver BoF 7/18/05, Alan Crosswell, 07/25/2005
- Re: notes from Vancouver BoF 7/18/05, Brent Sweeny, 07/25/2005
- Re: notes from Vancouver BoF 7/18/05, Stig Venaas, 07/25/2005
- Re: notes from Vancouver BoF 7/18/05, debbie fligor, 07/26/2005
- Re: notes from Vancouver BoF 7/18/05, Marc Manthey, 07/26/2005
- Re: notes from Vancouver BoF 7/18/05, Peter John Hill, 07/26/2005
- Re: notes from Vancouver BoF 7/18/05, debbie fligor, 07/27/2005
- Re: notes from Vancouver BoF 7/18/05, Brent Sweeny, 07/25/2005
Archive powered by MHonArc 2.6.16.