[Xorp-users] A sample config.boot for linux to test pim part of xorp.

Philippe Van Hecke philippe.vanhecke@belnet.be
Mon, 7 Jun 2004 22:28:13 +0200 

Le Monday 07 June 2004 22:08, Pavlin Radoslavov a écrit :
See my comment inline.
>
> Yes, there is a way to do this in XORP. The XORP RIB (Routing
> Information Base) basically keeps two separate tables: one for
> unicast routes, and one for multicast routes. The fib2mrib module
> populates the multicast RIB table with the unicast routes from the
> kernel.
> However, you can modify the MRIB table by adding/overwriting values
> by using static routes. To do that you need to add entries like:
>
> protocols {
>     static {
> 	mrib-route4 10.10.0.0/16 {
> 	    nexthop: 10.20.0.1
> 	}
>
> 	/* The default entry */
> 	mrib-route4 0.0.0.0/0 {
> 	    nexthop: 10.30.0.1
> 	}
>     }
> }
Ok i will try this and keep you informed.
>
>
> Sorry, I didn't know that you have a fancy setup like that so I
> tried to keep the sample config file a bit simpler :)

I know the setup is a bit complicate. But what we try also to do is to find
a way to push multicast configuration to our users that are school, university 
and research center. If we are able to provide a good guideline to let hem
have multicast passing a simple linux or freebsd firewall may be more of 
our users will do the step. And for me xorp is the best way to do it.

> > echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter

> To the best of my knowledge, the purpose of rp_filter is for Reverse
> Path Filtering: if it is set to 1, then the host/router will ignore
> packets if they don't arrive on the reverse-path interface. For a
> better description see
> http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.rpf.html
> Long time ago a fellow who was playing with GRE tunnels and PIM-SM
> told me that "echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter" is
> needed if you run PIM-SM over tunnels, but myself I haven't played
> yet with that particular option to verify whether it is really
> mandatory. If you want to avoid any unexpected behavior, then it may
> be simpler if you indeed set rp_filter to 0.

Ok i admit that the best practice is to let the flags to 1. But when i had try
pimd it was the only way for me to be able to forward multicast (i this time i 
don't really know why and probably due to an other issue). Any way our 
firewall is behind a firewall on juniper router where an anti spoofing rule 
is. The problem is that on juniper if you want a state full firewall you need 
a dedicated PIC for that like you need a dedicated PIC to be able to run RP. 


Thanks 

Philippe.
-- 
__________________________________________________________________
Philippe Van Hecke - BELNET, The Belgian Research Network
"In a world without walls or fences, who needs Windows and Gates?"
__________________________________________________________________