RE: Sink RP for Auto RP

From: Kubrat Vapzarov (kvapzarov@yahoo.com)
Date: Fri Jan 04 2008 - 14:31:11 ARST

• Next message: Narbik Kocharians: "Re: Good explanation for "area nssa translate"?"
• Previous message: rohit sen: "LAB SWAP DATE DUBAI"
• Maybe in reply to: Kubrat Vapzarov: "Sink RP for Auto RP"
• Next in thread: Scott Morris: "RE: Sink RP for Auto RP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This defeats the purpose of having Auto-RP, which is to be able to distribute RP information without the need of too much static configuration on every multicast-enabled router. I guess what this means is that Auto-RP is not secure and if we want to provide real multicast security we should always use static RP mapings and use Auto-RP if and only if asked to do so, correct?
  
Scott Morris <smorris@ipexpert.com> wrote:
  spt-threshold has to do with switching over from (*,G) to (S,G) in
sparse-mode.

I think what you are more looking for is "no ip pim dm-fallback". Although
there's still some potential there.

A sink-hole RP is only good for sparse-mode operations (dense mode does NOT
use an RP!). The thing that you would use it for is to prevent rampant
multicast operations in the event of a DoS on yourRP. Each router is
configured to use itself as an RP which will likely stop most multicast
traffic in the event of an RP outage.

HTH,

Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M
#153, JNCIS-ER, CISSP, et al.
CCSI/JNCI-M/JNCI-ER
VP - Technical Training - IPexpert, Inc.
IPexpert Sr. Technical Instructor

A Cisco Learning Partner - We Accept Learning Credits!

smorris@ipexpert.com

Telephone: +1.810.326.1444
Fax: +1.810.454.0130
http://www.ipexpert.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Kubrat Vapzarov
Sent: Friday, January 04, 2008 7:19 AM
To: ccielab@groupstudy.com
Subject: Sink RP for Auto RP

Hello Group,

I have a question about multicast routing with Auto-RP. According to some
Cisco documents in order to prevent the multicast groups (other than
224.0.1.39 and .40) from operating in dense mode, a sink RP must be
configured. Something like this:

ip pim rp-address 1.1.1.1 20
ip pim send-rp-announce Loopback0 scope 32 group-list 10 ip pim
send-rp-discovery Loopback0 scope 32 access-list 10 permit 224.0.0.0
15.255.255.255 access-list 20 deny 224.0.1.39 access-list 20 deny 224.0.1.40
access-list 20 permit 224.0.0.0 15.255.255.255

However, there is a command "ip pim spt-threshold" whose "infinity" option
will do the same, or so I think.
My question is do these two different configurations achieve the same or are
they different and how?

Kubrat

---------------------------------
Never miss a thing. Make Yahoo your homepage.

• Next message: Narbik Kocharians: "Re: Good explanation for "area nssa translate"?"
• Previous message: rohit sen: "LAB SWAP DATE DUBAI"
• Maybe in reply to: Kubrat Vapzarov: "Sink RP for Auto RP"
• Next in thread: Scott Morris: "RE: Sink RP for Auto RP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:57 ARST