All things related to multicast

[Michael H Lambert <>]

On 12 Feb 2014, at 11:18, Bill Owens 
<>
 wrote:

> BTW, I noticed this because I'm finally fed up with all the crap SAs (and 
> traffic) floating around, and am starting to tighten down our MSDP filters 
> to exclude the reserved ranges. I wasn't going to do 
> 224.5.0.0-224.251.255.255 because it's a pain to write it out in Cisco ACL 
> format, but maybe I will make an exception thanks to MIT's example in this 
> area.

Here's what we're using on a Brocade (the MSDP filter also includes a term 
for SSM, not desirable for PIM):

>show access-list name PIM_Boundary         

Extended IP access list PIM_Boundary : 29 entries
ACL Remark:  Martian source IP addresses
10: deny ip 10.0.0.0/8 any 
20: deny ip 127.0.0.0/8 any 
30: deny ip 169.254.0.0/16 any 
40: deny ip 172.16.0.0/12 any 
50: deny ip 192.168.0.0/16 any 
ACL Remark:  Filtered groups in allowed ranges
60: deny ip any host 224.0.1.2 
70: deny ip any host 224.0.1.3 
80: deny ip any host 224.0.1.8 
90: deny ip any host 224.0.1.20 
100: deny ip any host 224.0.1.22 
110: deny ip any host 224.0.1.24 
120: deny ip any host 224.0.1.25 
130: deny ip any host 224.0.1.35 
140: deny ip any host 224.0.1.39 
150: deny ip any host 224.0.1.40 
160: deny ip any host 224.0.1.60 
170: deny ip any host 224.0.1.76 
180: deny ip any host 224.0.2.1 
190: deny ip any host 224.0.2.2 
200: deny ip any host 224.0.23.1                                  
210: deny ip any host 224.0.23.2 
ACL Remark:  Explicitly allowed group ranges for PIM joins (RFC5771)
220: permit ip any 224.0.0.0/16 
230: permit ip any 224.2.0.0/16 
240: permit ip any 224.3.0.0/16 
250: permit ip any 224.4.0.0/16 
260: permit ip any 232.0.0.0/8 
270: permit ip any 233.0.0.0/8 
ACL Remark:  Unicast-Prefix-based IPv4 Multicast Addresses (RFC6034)
280: permit ip any 234.0.0.0/8 
ACL Remark:  All other groups are excluded by default
290: deny ip any any 


Michael