From: Godswill Oletu (oletu@inbox.lv)
Date: Sun Jul 09 2006 - 08:50:23 ART
Jon,
Though there is no command in PIMv2 that is directly similar to the
'rp-announce-filter', that can do group-to-rp mappings for you on your BSR
candidate, but you can still achieve the same level of operation & filtering
by using the 'priority' option on your RP-candidates.
ip pim rp-candidate loopback0 group-list 1 priority 255
The priority value of 255 will ensure that, this router will always be the
prefer RP for the multicast groups specified in access-list 1.
If you are still paranoid, you can further secure your multicast environment
by using the 'ip pim bsr-border' interface command to build a fence around
your PIMv2 multicast environement.
The 'Hash Mask length' bit is another filtering capability that you can
utilize in the PIMv2 world, but it is very doubtful if you will see Tasks
that will require you to manipulate this value from it's 32 bits default.
The priority value of 255 on the BSR candidate is another filtering option
that will help to ensure that, your intended router will alway be the BSR
candidate.
A good combinations of these PIMv2 filtering options, will help to lock out
rogue candidate RPs & BSRs.
HTH
Godswill Oletu
CCIE #16464
----- Original Message -----
From: "Jon Hein" <gs@dfwmall.net>
To: <ccielab@groupstudy.com>
Sent: Sunday, July 09, 2006 4:32 AM
Subject: BSR spoofing
> Is there command when using BSR to protect from spoofing, like the
> rp-announce-filter when using Auto-RP?
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:47 ART