From: Eugene Ward (eward15@juno.com)
Date: Thu Oct 20 2005 - 07:58:56 GMT-3
Ryan,
The "group-list" option in the "send-rp-announce" message is to limit the subset of groups advertised by a potential RP. For example, if you did not use the "group-list" option, the router would advertise itself as an RP for the whole 224.0.0.0/4 multicast range. However, let's say that you only want the router to be an RP for the 239.0.0.0/8 range; then use the "group-list" to reference an ACL matching only that range.
On the mapping agent side, suppose you had three routers advertising themselves as RPs for the 239.0.0.0/8 range. You could use the "rp-list" option to specify which routers are allowed to be RPs. Also, you could use the "group-list" option in conjunction with the "rp-list" option in the "rp-announce-filter" message to specify a particular RP with a particular range. For example (on the mapping agent):
ip pim rp-announce-filter rp-list 1 group-list 11
ip pim rp-announce-filter rp-list 2 group-list 12
access-list 1 permit 4.4.4.4
access-list 2 permit 7.7.7.7
access-list 11 permit 239.0.0.0 0.255.255.255
access-list 12 permit 224.0.0.0 0.255.255.255
4.4.4.4 is the RP for the 239/8 range, while 7.7.7.7 is the RP for the 224/8 range.
Lastly, (I semi-remember how this works), if the "group-list" option is used with the "rp-announce-filter" command, then the "group-list" advertised by the RP needs to line up with the "group-list" on the mapping agent. I'm sure someone will correct me if I have missed anything.
HTH,
Eugene
----------------------------------------------------------------------
Ok. the "group-list" option in rp-announce-filter is used for
security
reason. I want to know what is the use of "group-list" option in
rp-send-announce ?
I only know that group-list option is used to limit the join-group
access of RP. But not sure the result when use "group-list" in
"rp-announce-filter" and "rp-send-announce".
Thanks!
Ryan
2005/10/20, Jian Gu <guxiaojian@gmail.com>:
> ip pim rp-announce-filter should always be configured on mapping agents,
> what you've configured on RP (group-list etc) is irrelavent, the command
is
> there mainly for security reason, immagine what will happen if a RP is
> adverstising bogus RP-address.
>
>
> On 10/19/05, The Great Ryan <pv.ryan@gmail.com> wrote:
> >
> > Hi, Group,
> >
> > ---(e0)R1(s1)------(s1)R2(e0)---
> >
> >
> > I setup a lab for RP Filtering by using Auto-RP
> > R1 acts as RP announcement
> > R2 acts as mapping agent
> >
> > In R1, I already limit the use of RP by access-list 11 (i.e.
224.0.0.0
> > 7.255.255.255)
> > Is it necessary to also set a RP-filter on the mapping agent to
limit
> > the use of RP?
> > I have no idea where I should put "ip pim
rp-announce-filter" in
> > multicast network. Thanks !
> >
> > Ryan
> > =======================================
> > R2#show ip pim rp mapping
> > PIM Group-to-RP Mappings
> > This system is an RP-mapping agent (Loopback0)
> >
> > Group(s) 224.0.0.0/5
> > RP 172.16.1.1 (?), v2v1
> > Info source: 172.16.1.1 (?), elected via Auto-RP
> > Uptime: 00:20:11, expires: 00:02:48
> >
> > ================R1 Config========================
> >
> > interface Loopback 0
> > ip address 172.16.1.1 255.255.255.0
> > interface serial 1
> > ip pim sparse-dense-mode
> > !
> > ip pim send-rp-announce Loopback0 scope 15 group-list 11
> > access-list 11 permit 224.0.0.0 7.255.255.255
> > ================R2 Config========================
> > R2
> >
> > interface s1
> > ip pim sparse-dense-mode
> > !
> > ip pim send-rp-discovery Loopback0 scope 15
> > ip pim rp-announce-filter rp-list 1 group-list 11
> > access-list 1 permit 172.16.1.1
> > access-list 11 permit 224.0.0.0 7.255.255.255
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:51 GMT-3