Re: Auto-RP group filtering

From: Herbert Maosa (asawilunda@googlemail.com)
Date: Wed Feb 06 2008 - 13:48:44 ARST

• Next message: Joel Amao: "RE: Route preference"
• Previous message: Larry: "Re: Route preference"
• Maybe in reply to: Dan Holme: "Auto-RP group filtering"
• Next in thread: Gupta, Gopal (NWCC): "RE: Auto-RP group filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

First of, Its good to know how to do it both ways just in case you have a
lab restriction that prevents you from doing it one way or the other. In the
absence of any such restriction then it is not necessary to duplicate the
effort in a lab that is so time constrained, but it is definitely necessary
in a real world scenario. In the real world, multiple levels of protection
are always good because you need to also provide protection against
mis-configuration ( the filters could be misconfigured on the RP, the MA
filters would then provide the protection ).

My 2 pence worth.

On 2/6/08, Dan Holme <d@g0at.net> wrote:
>
> Hello folks
>
> In a lot of workbook scenarios where one RP is allocated for one block
> of multicast groups and another RP for the rest, there is typically
> filtering on the RPs themselves, to ensure the RPs only send the
> relevant groups in their announcements to the mapping-agent. This is fine.
>
> ie. ip pim send-rp-announce loopback0 scope 16 group-list 1
> access-list 1 permit 224.0.0.0 7.255.255.255
>
> However, in these workbooks, there is also matching filtering on the
> mapping-agent, acting as an ingress filter to the announcements from the
> RP(s).
>
> ie. ip pim send-rp-discovery loopback0 scope 16
> ip pim rp-announce-filter rp-list R1 group-list 1
> access-list 1 permit 224.0.0.0 7.255.255.255
> ip access-list standard R1
> permit 150.1.1.1
>
> My question is, providing you are not trying to filter out bogon or
> unnecessary groups within announcements that you don't have control
> over, what is the point in putting the filtering on both ends?
>
> I feel like I'm missing something, but I'm probably just being paranoid
> :-) It seems it could add a little unnecessary configuration time in the
> lab. The filtering works just fine when I only filter the egress RP
> announcements from the actual RP(s) themselves.
>
>
> D
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Joel Amao: "RE: Route preference"
• Previous message: Larry: "Re: Route preference"
• Maybe in reply to: Dan Holme: "Auto-RP group filtering"
• Next in thread: Gupta, Gopal (NWCC): "RE: Auto-RP group filtering"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:47 ARST