[Xorp-users] A sample config.boot for linux to test pim part of xorp.
Philippe Van Hecke
philippe.vanhecke@belnet.be
Mon, 7 Jun 2004 22:28:13 +0200
Le Monday 07 June 2004 22:08, Pavlin Radoslavov a écrit :
See my comment inline.
>
> Yes, there is a way to do this in XORP. The XORP RIB (Routing
> Information Base) basically keeps two separate tables: one for
> unicast routes, and one for multicast routes. The fib2mrib module
> populates the multicast RIB table with the unicast routes from the
> kernel.
> However, you can modify the MRIB table by adding/overwriting values
> by using static routes. To do that you need to add entries like:
>
> protocols {
> static {
> mrib-route4 10.10.0.0/16 {
> nexthop: 10.20.0.1
> }
>
> /* The default entry */
> mrib-route4 0.0.0.0/0 {
> nexthop: 10.30.0.1
> }
> }
> }
Ok i will try this and keep you informed.
>
>
> Sorry, I didn't know that you have a fancy setup like that so I
> tried to keep the sample config file a bit simpler :)
I know the setup is a bit complicate. But what we try also to do is to find
a way to push multicast configuration to our users that are school, university
and research center. If we are able to provide a good guideline to let hem
have multicast passing a simple linux or freebsd firewall may be more of
our users will do the step. And for me xorp is the best way to do it.
> > echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter
> To the best of my knowledge, the purpose of rp_filter is for Reverse
> Path Filtering: if it is set to 1, then the host/router will ignore
> packets if they don't arrive on the reverse-path interface. For a
> better description see
> http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.kernel.rpf.html
> Long time ago a fellow who was playing with GRE tunnels and PIM-SM
> told me that "echo 0 > /proc/sys/net/ipv4/conf/all/rp_filter" is
> needed if you run PIM-SM over tunnels, but myself I haven't played
> yet with that particular option to verify whether it is really
> mandatory. If you want to avoid any unexpected behavior, then it may
> be simpler if you indeed set rp_filter to 0.
Ok i admit that the best practice is to let the flags to 1. But when i had try
pimd it was the only way for me to be able to forward multicast (i this time i
don't really know why and probably due to an other issue). Any way our
firewall is behind a firewall on juniper router where an anti spoofing rule
is. The problem is that on juniper if you want a state full firewall you need
a dedicated PIC for that like you need a dedicated PIC to be able to run RP.
Thanks
Philippe.
--
__________________________________________________________________
Philippe Van Hecke - BELNET, The Belgian Research Network
"In a world without walls or fences, who needs Windows and Gates?"
__________________________________________________________________