wg-multicast - Re: junos filtering msdp "reflector" originator
Subject: All things related to multicast
List archive
- From: Leonard Giuliano <>
- To: Zenon Mousmoulas <>
- Cc: <>
- Subject: Re: junos filtering msdp "reflector" originator
- Date: Mon, 9 Mar 2015 14:32:29 -0700
- Authentication-results: spf=softfail (sender IP is 66.129.239.17) ; admin.grnet.gr; dkim=none (message not signed) header.d=none;
Zenon,
You can filter SAs based on source, group or peer, but not originator.
As to the question of whether they should pass peer-rpf, do a "show route
detail" on the peer (62.40.124.89) as well as the originator
(194.82.152.254). The results can then be compared against the rpf rules
in sect 10.1.3 in RFC 3618. You'll probably see it accepted bc of rule
iv: 62.40.124.89 resides in the AS path in the best path for
194.82.152.254.
MSDP peer-rpf doesn't care about the source; rather, it only cares about
the peer with respect to the originator. Put another way, MSDP will NOT
decide if it's OK for 194.82.152.254 to originate an SA with source
233.21.32.32; it WILL decide if 62.40.124.89 is the peer who should be
allowed to advertise SAs with the originator of 194.82.152.254.
Hope this helps,
Lenny
On Sat, 28 Feb 2015, Zenon Mousmoulas wrote:
| While investigating an issue with PIM register messages being dropped by
| our RP routers (due to misconfiguration), I noticed that some S,G state
| for local sources was mysteriously still present on the RP, even though
| register messages were being dropped. I then realized this state was
| triggered by MSDP SAs such as the following, which seem to be originated
| by some system in the UK. I can't think of a valid scenario where it
| could be an originator for what is certainly a foreign (in terms of a
| PIM domain) S,G. Such SAs are being accepted by the router -- I'm not
| sure at this stage if they should pass peer-rpf-check or not.
|
| Group address Source address Peer address Originator Flags
| 233.21.32.32 62.217.124.105 62.40.124.89 194.82.152.254 Accept
| 233.21.32.234 62.217.124.105 62.40.124.89 194.82.152.254 Accept
|
| Given these oddities about 194.82.152.254, which seems to act as a MSDP
| reflector (currently for up to 590 SAs), I wanted to see if I could drop
| such SAs in the MSDP import policy statement. However there doesn't seem
| to be a match condition for originator, at least not on JunOS 13.3. I
| wonder if there is any other way to do this?
|
| Regards,
| Z.
|
- Re: junos filtering msdp "reflector" originator, Leonard Giuliano, 03/09/2015
- Re: junos filtering msdp "reflector" originator, Zenon Mousmoulas, 03/10/2015
- Re: junos filtering msdp "reflector" originator, Leonard Giuliano, 03/10/2015
- Re: junos filtering msdp "reflector" originator, Zenon Mousmoulas, 03/11/2015
- Re: junos filtering msdp "reflector" originator, Chuck Anderson, 03/11/2015
- Re: junos filtering msdp "reflector" originator, Zenon Mousmoulas, 03/11/2015
- Re: junos filtering msdp "reflector" originator, Leonard Giuliano, 03/11/2015
- Re: junos filtering msdp "reflector" originator, Zenon Mousmoulas, 03/11/2015
- Re: junos filtering msdp "reflector" originator, Chuck Anderson, 03/11/2015
- Re: junos filtering msdp "reflector" originator, Zenon Mousmoulas, 03/11/2015
- Re: junos filtering msdp "reflector" originator, Leonard Giuliano, 03/11/2015
- Re: junos filtering msdp "reflector" originator, Chuck Anderson, 03/11/2015
- Re: junos filtering msdp "reflector" originator, Zenon Mousmoulas, 03/11/2015
- Re: junos filtering msdp "reflector" originator, Chuck Anderson, 03/11/2015
- Re: junos filtering msdp "reflector" originator, Zenon Mousmoulas, 03/11/2015
- Re: junos filtering msdp "reflector" originator, Leonard Giuliano, 03/10/2015
- Re: junos filtering msdp "reflector" originator, Zenon Mousmoulas, 03/10/2015
Archive powered by MHonArc 2.6.16.