wg-multicast - Re: 22% of the global MSDP table. . .
Subject: All things related to multicast
List archive
- From: David Farmer <>
- To: Michael H Lambert <>, wg-multicast <>
- Cc: David Farmer <>
- Subject: Re: 22% of the global MSDP table. . .
- Date: Wed, 12 Feb 2014 15:13:27 -0600
- Organization: University of Minnesota
On 2/12/14, 10:37 , Michael H Lambert wrote:
On 12 Feb 2014, at 11:18, Bill OwensYou should probably add 100.64.0.0/10, see RFC6598, I've been adding that to all my RFC1918 type lists.
<>
wrote:
BTW, I noticed this because I'm finally fed up with all the crap SAs (and
traffic) floating around, and am starting to tighten down our MSDP filters to
exclude the reserved ranges. I wasn't going to do 224.5.0.0-224.251.255.255
because it's a pain to write it out in Cisco ACL format, but maybe I will
make an exception thanks to MIT's example in this area.
Here's what we're using on a Brocade (the MSDP filter also includes a term
for SSM, not desirable for PIM):
show access-list name PIM_Boundary
Extended IP access list PIM_Boundary : 29 entries
ACL Remark: Martian source IP addresses
10: deny ip 10.0.0.0/8 any
20: deny ip 127.0.0.0/8 any
30: deny ip 169.254.0.0/16 any
40: deny ip 172.16.0.0/12 any
50: deny ip 192.168.0.0/16 any
I see you got 169.254.0.0/16, there are a number of other things out of IPv4 Special registry you might want to consider as well.
http://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xml
ACL Remark: Filtered groups in allowed ranges
60: deny ip any host 224.0.1.2
70: deny ip any host 224.0.1.3
80: deny ip any host 224.0.1.8
90: deny ip any host 224.0.1.20
100: deny ip any host 224.0.1.22
110: deny ip any host 224.0.1.24
120: deny ip any host 224.0.1.25
130: deny ip any host 224.0.1.35
140: deny ip any host 224.0.1.39
150: deny ip any host 224.0.1.40
160: deny ip any host 224.0.1.60
170: deny ip any host 224.0.1.76
180: deny ip any host 224.0.2.1
190: deny ip any host 224.0.2.2
200: deny ip any host 224.0.23.1
210: deny ip any host 224.0.23.2
ACL Remark: Explicitly allowed group ranges for PIM joins (RFC5771)
220: permit ip any 224.0.0.0/16
230: permit ip any 224.2.0.0/16
240: permit ip any 224.3.0.0/16
250: permit ip any 224.4.0.0/16
260: permit ip any 232.0.0.0/8
270: permit ip any 233.0.0.0/8
ACL Remark: Unicast-Prefix-based IPv4 Multicast Addresses (RFC6034)
280: permit ip any 234.0.0.0/8
ACL Remark: All other groups are excluded by default
290: deny ip any any
Michael
--
================================================
David Farmer Email:
Office of Information Technology
University of Minnesota
2218 University Ave SE Phone: 1-612-626-0815
Minneapolis, MN 55414-3029 Cell: 1-612-812-9952
================================================
- 22% of the global MSDP table. . ., Bill Owens, 02/12/2014
- Re: 22% of the global MSDP table. . ., Michael H Lambert, 02/12/2014
- Re: 22% of the global MSDP table. . ., David Farmer, 02/12/2014
- Re: 22% of the global MSDP table. . ., Brent Sweeny, 02/12/2014
- Re: 22% of the global MSDP table. . ., Bill Owens, 02/13/2014
- Re: 22% of the global MSDP table. . ., whinery, 02/13/2014
- Re: 22% of the global MSDP table. . ., Bill Owens, 02/13/2014
- Re: 22% of the global MSDP table. . ., Jeffry Handal, 02/12/2014
- Re: 22% of the global MSDP table. . ., Brent Sweeny, 02/12/2014
- Re: 22% of the global MSDP table. . ., David Farmer, 02/12/2014
- Re: 22% of the global MSDP table. . ., Bill Owens, 02/12/2014
- Re: 22% of the global MSDP table. . ., Michael H Lambert, 02/12/2014
Archive powered by MHonArc 2.6.16.