Foundry Configuration Guide for the FESX, FSX, and FWSX
19 - 36 © Foundry Networks, Inc. December 2005
The <number> parameter specifies the interface number (for example: loopback number, port number or virtual
routing interface number.)
Filtering MSDP Source-Group Pairs
You can filter individual source-group pairs in MSDP Source-Active messages.
• sa-filter in – Filters source-group pairs received in Source-Active messages from an MSDP neighbor
• sa-filter originate – Filters source-group pairs in Source-Active messages in advertisements to an MSDP
neighbor
Filtering Incoming Source-Active Messages
The following example configures filters for incoming Source-Active messages from three MSDP neighbors:
• For peer 2.2.2.99, all source-group pairs in Source-Active messages from the neighbor are filtered out
(dropped).
• For peer 2.2.2.97, all source-group pairs except those with 10.x.x.x as the source are permitted.
• For peer 2.2.2.96, all source-group pairs except those associated with RP 2.2.42.3 are permitted.
Example
The following commands configure an IP address on port 3/1. This is the port on which the MSDP neighbors will
be configured.
FastIron SuperX Router(config)# interface ethernet 3/1
FastIron SuperX Router(config-if-3/1)# ip address 2.2.2.98/24
FastIron SuperX Router(config-if-3/1)# exit
The following commands configure a loopback interface. The Layer 3 Switch will use this interface as the source
address for communicating with the MSDP neighbors.
FastIron SuperX Router(config)# interface loopback 1
FastIron SuperX Router(config-lbif-1)# ip address 9.9.9.8/32
FastIron SuperX Router(config-lbif-1)# exit
The following commands configure extended ACLs. The ACLs will be used in route maps, which will be used by
the Source-Active filters.
The following commands configure the route maps.
FastIron SuperX Router(config)# access-list 123 permit 10.0.0.0 0.255.255.255 any
FastIron SuperX Router(config)# access-list 124 permit 2.2.42.3 0.0.0.0 any
FastIron SuperX Router(config)# access-list 125 permit any any
FastIron SuperX Router(config)# route-map msdp_map deny 1
FastIron SuperX Router(config-routemap msdp_map)# match ip address 123
FastIron SuperX Router(config-routemap msdp_map)# exit
FastIron SuperX Router(config)# route-map msdp2_map permit 1
FastIron SuperX Router(config-routemap msdp2_map)# match ip address 125
FastIron SuperX Router(config-routemap msdp2_map)# exit
FastIron SuperX Router(config)# route-map msdp2_rp_map deny 1
FastIron SuperX Router(config-routemap msdp2_rp_map)# match ip route-source 124
FastIron SuperX Router(config-routemap msdp2_rp_map)# exit
To Next Page
Loading...
Need help?
General
