wg-multicast - Re: 22% of the global MSDP table. . .
Subject: All things related to multicast
List archive
- From: Brent Sweeny <>
- To: David Farmer <>, Michael H Lambert <>, wg-multicast <>
- Subject: Re: 22% of the global MSDP table. . .
- Date: Wed, 12 Feb 2014 16:43:26 -0500
it's been a while since we've discussed these here.
can we come to a consensus on a BCP that we could all accept as a base
for these lists, with local mods as desired?
On 2/12/2014 4:13 PM, David Farmer wrote:
> On 2/12/14, 10:37 , Michael H Lambert wrote:
>> On 12 Feb 2014, at 11:18, Bill Owens
>> <>
>> wrote:
>>
>>> BTW, I noticed this because I'm finally fed up with all the crap SAs
>>> (and traffic) floating around, and am starting to tighten down our
>>> MSDP filters to exclude the reserved ranges. I wasn't going to do
>>> 224.5.0.0-224.251.255.255 because it's a pain to write it out in
>>> Cisco ACL format, but maybe I will make an exception thanks to MIT's
>>> example in this area.
>>
>> Here's what we're using on a Brocade (the MSDP filter also includes a
>> term for SSM, not desirable for PIM):
>>
>>> show access-list name PIM_Boundary
>>
>> Extended IP access list PIM_Boundary : 29 entries
>> ACL Remark: Martian source IP addresses
>> 10: deny ip 10.0.0.0/8 any
>> 20: deny ip 127.0.0.0/8 any
>> 30: deny ip 169.254.0.0/16 any
>> 40: deny ip 172.16.0.0/12 any
>> 50: deny ip 192.168.0.0/16 any
> You should probably add 100.64.0.0/10, see RFC6598, I've been adding
> that to all my RFC1918 type lists.
>
> I see you got 169.254.0.0/16, there are a number of other things out of
> IPv4 Special registry you might want to consider as well.
>
> http://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xml
>
>
>> ACL Remark: Filtered groups in allowed ranges
>> 60: deny ip any host 224.0.1.2
>> 70: deny ip any host 224.0.1.3
>> 80: deny ip any host 224.0.1.8
>> 90: deny ip any host 224.0.1.20
>> 100: deny ip any host 224.0.1.22
>> 110: deny ip any host 224.0.1.24
>> 120: deny ip any host 224.0.1.25
>> 130: deny ip any host 224.0.1.35
>> 140: deny ip any host 224.0.1.39
>> 150: deny ip any host 224.0.1.40
>> 160: deny ip any host 224.0.1.60
>> 170: deny ip any host 224.0.1.76
>> 180: deny ip any host 224.0.2.1
>> 190: deny ip any host 224.0.2.2
>> 200: deny ip any host 224.0.23.1
>> 210: deny ip any host 224.0.23.2
>> ACL Remark: Explicitly allowed group ranges for PIM joins (RFC5771)
>> 220: permit ip any 224.0.0.0/16
>> 230: permit ip any 224.2.0.0/16
>> 240: permit ip any 224.3.0.0/16
>> 250: permit ip any 224.4.0.0/16
>> 260: permit ip any 232.0.0.0/8
>> 270: permit ip any 233.0.0.0/8
>> ACL Remark: Unicast-Prefix-based IPv4 Multicast Addresses (RFC6034)
>> 280: permit ip any 234.0.0.0/8
>> ACL Remark: All other groups are excluded by default
>> 290: deny ip any any
>>
>>
>> Michael
>>
>
>
- 22% of the global MSDP table. . ., Bill Owens, 02/12/2014
- Re: 22% of the global MSDP table. . ., Michael H Lambert, 02/12/2014
- Re: 22% of the global MSDP table. . ., David Farmer, 02/12/2014
- Re: 22% of the global MSDP table. . ., Brent Sweeny, 02/12/2014
- Re: 22% of the global MSDP table. . ., Bill Owens, 02/13/2014
- Re: 22% of the global MSDP table. . ., whinery, 02/13/2014
- Re: 22% of the global MSDP table. . ., Bill Owens, 02/13/2014
- Re: 22% of the global MSDP table. . ., Jeffry Handal, 02/12/2014
- Re: 22% of the global MSDP table. . ., Brent Sweeny, 02/12/2014
- Re: 22% of the global MSDP table. . ., David Farmer, 02/12/2014
- Re: 22% of the global MSDP table. . ., Bill Owens, 02/12/2014
- Re: 22% of the global MSDP table. . ., Michael H Lambert, 02/12/2014
Archive powered by MHonArc 2.6.16.