Skip to Content.
Sympa Menu

wg-multicast - Re: 22% of the global MSDP table. . .

Subject: All things related to multicast

List archive

Re: 22% of the global MSDP table. . .


Chronological Thread 
  • From: Michael H Lambert <>
  • To: wg-multicast <>
  • Subject: Re: 22% of the global MSDP table. . .
  • Date: Wed, 12 Feb 2014 11:37:14 -0500

On 12 Feb 2014, at 11:18, Bill Owens
<>
wrote:

> BTW, I noticed this because I'm finally fed up with all the crap SAs (and
> traffic) floating around, and am starting to tighten down our MSDP filters
> to exclude the reserved ranges. I wasn't going to do
> 224.5.0.0-224.251.255.255 because it's a pain to write it out in Cisco ACL
> format, but maybe I will make an exception thanks to MIT's example in this
> area.

Here's what we're using on a Brocade (the MSDP filter also includes a term
for SSM, not desirable for PIM):

>show access-list name PIM_Boundary

Extended IP access list PIM_Boundary : 29 entries
ACL Remark: Martian source IP addresses
10: deny ip 10.0.0.0/8 any
20: deny ip 127.0.0.0/8 any
30: deny ip 169.254.0.0/16 any
40: deny ip 172.16.0.0/12 any
50: deny ip 192.168.0.0/16 any
ACL Remark: Filtered groups in allowed ranges
60: deny ip any host 224.0.1.2
70: deny ip any host 224.0.1.3
80: deny ip any host 224.0.1.8
90: deny ip any host 224.0.1.20
100: deny ip any host 224.0.1.22
110: deny ip any host 224.0.1.24
120: deny ip any host 224.0.1.25
130: deny ip any host 224.0.1.35
140: deny ip any host 224.0.1.39
150: deny ip any host 224.0.1.40
160: deny ip any host 224.0.1.60
170: deny ip any host 224.0.1.76
180: deny ip any host 224.0.2.1
190: deny ip any host 224.0.2.2
200: deny ip any host 224.0.23.1
210: deny ip any host 224.0.23.2
ACL Remark: Explicitly allowed group ranges for PIM joins (RFC5771)
220: permit ip any 224.0.0.0/16
230: permit ip any 224.2.0.0/16
240: permit ip any 224.3.0.0/16
250: permit ip any 224.4.0.0/16
260: permit ip any 232.0.0.0/8
270: permit ip any 233.0.0.0/8
ACL Remark: Unicast-Prefix-based IPv4 Multicast Addresses (RFC6034)
280: permit ip any 234.0.0.0/8
ACL Remark: All other groups are excluded by default
290: deny ip any any


Michael




Archive powered by MHonArc 2.6.16.

Top of Page