From: Popgeorgiev Nikolay (nikolay.popgeorgiev@siemens.com)
Date: Thu Jun 15 2006 - 08:12:20 ART
Guys,
Also something else to question here regarding this topic. Where actually is needed the command ip forward protocol udp XXX if you are tranfering some udp traffic - on the first hop router, on the end router or on both.
I think it should be done on the place where the broadcast is converted to multicast - you actually allow the router to do this.
Can you confirm please
Thanks !
Nick
-----Original Message-----
From: Petr Lapukhov [mailto:petrsoft@gmail.com]
Sent: Thursday, June 15, 2006 1:58 PM
To: Pierre-Alex
Cc: ccielab@groupstudy.com
Subject: Re: analysis: multicast-helper map and directed broadcast
Pierre,
Usually "multicast-helper" is used with pim-dense mode, so no need
to register source here. I actually tried to test it with sparse mode,
had no luck, and dropped my attempts due to the lack of time ;))
Next, if you dont put "ip directed-broadcast"
and "ip broadcast-address" the router will simply send packets
to address 255.255.255.255, AFAIR. If you need some specific
broadcast address, you should configure it.
HTH
Petr
2006/6/15, Pierre-Alex <paguanel@hotmail.com>:
>
> In the cisco Documentation , on the interface of the last hop router is
> configured a "directed broacast" statement.
>
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/himc_r/
> mlt_i1h.htm#wp1075964
>
> I have labbed the example WITHOUT this command and the conversion worked
> properly: my last hop router is sending broadcast.
>
> Also I have not enable pim on the outgoing interface of the last hop
> router as
> the example, and it is working too.
>
> The way I explain theses results is as follows:
>
> 1. " By default, IP directed broadcasts are dropped; they are not
> forwarded.
> By dropping IP directed broadcasts, routers are less susceptible to
> denial-of-service attacks."
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_c/
> 1cprt2/1cipadr.htm#wp4443
>
> In this case, the router is not receiving directed broadcast. It is
> receiving
> a multicast flow from its upstream neighbor, so there is no issue of
> directed
> broadcast.
>
> 2. When the router transforms the multicast flow it first creates a flow
> to
> the directed broadcast address. Since the flow was originated INTERNALLY
> (by no interface whatsoever), there is no issue of "fowarding a directed
> broadcast" and therefore no restriction on converting this flow to
> broadcast.
> So the router broadcasts its self-created directed broadcast.
>
>
> 3. Regarding enabling multicast on the source I suspect this is
> necessary so
> that the first-hop router can create the (S,G) entry, as if it an actual
> registration had occured. But on the destination I believe it is not
> necessary , since the whole purpose is to direct traffic to users who are
> not
> multicast able.
>
> On first-hop router
>
> (*, 225.1.1.1), 01:29:02/stopped, RP 150.1.2.2, flags: S
> Incoming interface: Null, RPF nbr 0.0.0.0
> Outgoing interface list:
> Serial0/1, Forward/Sparse, 01:29:02/00:03:18
>
> (10.1.2.200, 225.1.1.1), 01:12:28/00:03:29, flags: T
> Incoming interface: FastEthernet0/0, RPF nbr 0.0.0.0
> Outgoing interface list:
> Serial0/1, Forward/Sparse, 01:12:28/00:03:18
>
>
> I would appreciate some feedback / comment on my analysis. Working
> configurations below.
>
> Thank You,
>
> Pierre-Alex
>
> ----------------
> Diagram:
> -----------------
>
> Server(source)--F0/0--R2----multicast----r3-e0/0--R4(Receiver)
> The source 10.1.2.200 is sending udp broadcast on dest port 65300
>
> -----
> Configs
> -------
>
> !r2
>
>
> interface FastEthernet0/0
> ip address 10.1.2.2 255.255.255.0
> ip pim sparse-mode ! REQUIRED
> ip multicast helper-map broadcast 225.1.1.1 100 ! REQUIRED: for conversion
> of
> broadcast
> duplex auto
> speed auto
>
> access-list 100 permit udp any any eq 65300
>
>
> ip forward-protocol udp 65300
> ! REQUIRED: Allows the processing of incoming udp broadcast packets
>
>
> ! r3
>
>
> interface Ethernet0/0
> ip address dhcp
> ip multicast helper-map 225.5.5.5 192.168.108.255 100
> ! I HAVE NOT ENABLED PIM ON THIS INTERFACE
>
>
> R3#sh ip int e 0/0
> Ethernet0/0 is up, line protocol is up
> Internet address is 192.168.108.203/24
> Broadcast address is 255.255.255.255
> Address determined by DHCP
> MTU is 1500 bytes
> Helper address is not set
> Directed broadcast forwarding is disabled !-----> I HAVE NOT ENABLED
> DIRECTED BROADCASTS
> Multicast reserved groups joined: 224.0.0.1 224.0.0.2 224.0.0.22
>
>
> ! r4 (receiver)
>
>
> interface Ethernet0/0
> ip address dhcp
> ip access-group 100 in
> half-duplex
>
> access-list 100 permit udp any any eq 65300
> access-list 100 permit ip any any
>
> Extended IP access list 100
> 10 permit udp any any eq 65300 (251180 matches) !!! RECEIVER IS
> GETTING
> THE TRAFFIC
> 20 permit ip any any (48 matches)
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Jul 01 2006 - 07:57:32 ART