Multicast MSDP SA (Source Active) Filtering

ReneMolenaar · January 23, 2018, 6:05pm

This topic is to discuss the following lesson:

samer.rafid · August 1, 2018, 8:18am

Hi Rene,

I think this topics should be also put in CCIE R/S since its on CCIE blue printer, not only under written…just a suggestion

lagapidis · August 3, 2018, 3:03pm

Hello Samer

Thanks for the suggestion! @ReneMolenaar will take a look and when he gets a chance.

Thanks again!

Laz

hengsovandara1345 · December 21, 2018, 10:13am

Hi Rene
I really confuse about this, since R1 connected to R2 via internet, so MSDP can establish peering through global network which not enable multicast routing like internet ? and can we send multicast traffic from one site to one site through internet without using VPN ?
Sovandara
Thank you

lagapidis · January 2, 2019, 1:03pm

Hello Heng

The important thing to note here is that multicast mechanisms are not being employed over the Internet itself. MSDP allows for two edge routers to share multicast information such that multicast traffic can be sent between them. Such multicast traffic is sent using PIM Sparse Mode, which means that multicast traffic traversing the internet is sent to the RP that is at the edge of the other autonomous system and is being used as the specific “next hop” of the multicast traffic. Remember, the RP knows about all the sources and receivers for any particular multicast group.

Note that no intervening routers on the Internet are employing multicast mechanisms.

More about MSDP can be found here:

I hope this has been helpful!

Laz

souam.zouhair · February 18, 2021, 12:28pm

Hello René,

Great work, thank you.
I had a problem with your ACL that match also the source address deny ip 192.168.0.0 0.0.255.255 any, with this entry the filter will not work because the source is using 192.168.0.0/24 segment. could you confirm that please ?
regards,

lagapidis · March 1, 2021, 5:37am

Hello Zouhair

You don’t necessarily have to choose to filter all private addresses, you can filter only some, whichever ones you choose. Typically MSDP is used on a network where you have multiple LANs connected to each other through private WANs. It is over that private WAN that you would want to filter out some addresses, possibly the ones that you wouldn’t want to send over the WAN for purposes of saving bandwidth.

So although the example uses the private address space, it would not necessarily be so in a production network.

I hope this has been helpful!

Laz

sven.heine · July 4, 2024, 8:33am

I consider this an unimportant remark, but possibly still slightly mentionworthy:

From https://www.iana.org/assignments/multicast-addresses/multicast-addresses.xhtml
“The range of addresses between 224.0.0.0 and 224.0.0.255, inclusive, is reserved for the use of routing protocols and other low-level topology discovery or maintenance protocols, such as gateway discovery and group membership reporting. Multicast routers should not forward any multicast datagram with destination addresses in this range, regardless of its TTL.”
Currently, I don’t know how to conjure up examples as to why this should not be filtered. If so, I’d like it to see examples mentioned.

Thank you for your article @René’s crew (including René, naturally).

lagapidis · July 8, 2024, 4:19am

Hello Sven

This range of multicast addresses 224.0.0.0/24 is called the local network control block. As suggested in the text you shared, it is non-routable and used for routing protocols and other control plane protocols. Indeed, OSPF uses the 224.0.0.5 and 224.0.0.6 addresses for its operation, and RIP uses 224.0.0.9, all of which are within this multicast range.

The statement “Multicast routers should not forward any multicast datagram with destination addresses in this range” simply means that routing devices must not and will not route this traffic. So traffic destined to any address within 224.0.0.0/24 will, by definition, remain within the subnet/network segment within which it originated, and will never be routed outside of that segment.

This is simply a declaration of how such traffic behaves, and that all routing devices must conform to this. You don’t actually have to filter such traffic, it is automatically done. Does that make sense?

You can find out more (including links) at the following NetworkLessons Notes page on the topic.

I hope this has been helpful!

Laz

sven.heine · July 8, 2024, 4:49am

Hallo Laz,

na klar macht das Sinn. / Of course, that makes sense.
I just didn’t know that routers have this implicit behaviour coded in (similar to private network ranges). (Or: I got stuck on “should” in the IANA’s declaration.)
What does that mean for me?: “Ask yourself for possible implicit behaviour.”
(You have satisfied my curiosity.)

Dank u wel (also, for the reference onto this part of your pages).