All things related to multicast

[Marshall Eubanks <>]

On May 10, 2007, at 2:49 PM, Leonard Giuliano wrote:

> On Thu, 10 May 2007, debbie fligor wrote:
>
> -) >
> -) > In a router you want to block 232.0.0.0/4 outbound but not  
> inbound, which
> -) > is generally pretty simple.
> -)
>
> Also, blocking all of 224/4 (I assume that's what Marshall meant)  
> may have

Yes. Sorry for the typo.

> other problems, like preventing protocols like OSPF and VRRP, which  
> use
> mcast, from working.  So you may want to allow just 224.0.0/24 to  
> get out.

And PIM itself uses multicast, so that's a good idea.

> -)
> -) I think you have to be careful where you do this.  If it's at  
> your campus
> -) edge, that should work. If it's on the net where the users are  
> because you
> -) don't want that traffic in your core at all, you need to be  
> careful.

Yes. And it occurred to me that some campuses have multicast edges in  
non-obvious places (such as at the nearest
Giga-POP). So, "edge" here is really at the PIM domain boundary,  
which may not be the same as the AS
boundary.

> -)
> -)  I was planning on using an ACL to block a specific group from  
> going out an
> -) interface in order to keep traffic local to that net and  
> mentioned this to an
> -) SE. He said he'd just had that come up elsewhere, and if I  
> applied that ACL
> -) to that interface the router would drop it before processing the  
> IGMP and
> -) then couldn't be the IGMP querier for that group (which I needed  
> it to be).
> -) This is for Foundry gear, others may be different.
> -)
> -) Also what Bruce said below about IGMP for joins applies as well.
> -)

Regards
Marshall