Participating in Multicast at Multicast Interexchange Points 6/24/99 In order to participate in MBGP/MSDP/PIM peering at most of todays multicast enabled interexchanges you'll need to take the following steps: A. Attach to the exchange physically Contact the exchange provider and identify which type of media is being used one the exchange. In the case of dedicated exchanges (where multicast will flow on seperate subnet than unicast), you'll need to obtain seperate interface h/w to attach, and then coordinate with the exchange to cable to the existing interconnect h/w. The two most common media being used are multi-mode fddi and Fast Ethernet. Some exchanges, notibly some ATM-based interconnects, you can use the same pvc you are using for unicast if this suites your needs, otherwise you might need to request a seperate pvc for multicast peering. Again, you'll need to contact the exchange provider to get specific policies and limitations of each particular exchange. You'll also need to get an address for the exchange subnet from the exchange operator. B. Configure your cisco for PIM/MBGP/MSDP At the Ames multicast exchange we try to configure for default peering as soon as new peers show up. We do this by using the following config: 1) multicast boundary applied to external peering interface - this ensure you are protected from control packet leaks by peers when they do bring multicast up in middle of night ip multicast boundary 1 ip pim bsr-border access-list 1 deny 224.0.1.39 access-list 1 deny 224.0.1.40 access-list 1 deny 239.0.0.0 0.255.255.255 access-list 1 permit any 2) PIM-SM enabled on external peering interfaces ip pim sparse-mode 3) MBGP peering set up with new peer including nlri multicast - on inbound acl consider: a) filtering bogons b) temporarily allowing mbgp default if you want to RPF to Mbone sources) ip prefix-list sanity-filter description "Deny default, RFC1918, net 10" ! note you can remove the following if you want to accept the ! default being temporarily originated at Ames which allows you to RPF ! to Mbone sources. ip prefix-list sanity-filter seq 5 deny 0.0.0.0/0 ! ip prefix-list sanity-filter seq 10 deny 127.0.0.0/8 le 32 ip prefix-list sanity-filter seq 15 deny 10.0.0.0/8 le 32 ip prefix-list sanity-filter seq 20 deny 172.16.0.0/12 le 32 ip prefix-list sanity-filter seq 25 deny 192.168.0.0/16 le 32 ip prefix-list sanity-filter seq 30 deny 192.0.2.0/24 le 32 ip prefix-list sanity-filter seq 50 permit 0.0.0.0/0 le 32 4) MSDP peering set up with the new peer's MIX interface address - default acl applied to prevent leaking of sa-messages for scoped groups ip msdp peer connect-source ip msdp sa-filter in list 101 ip msdp sa-filter out list 101 access-list 101 deny ip any host 224.0.1.39 access-list 101 deny ip any host 224.0.1.40 access-list 101 deny ip any 239.0.0.0 0.255.255.255 access-list 101 permit ip any any NOTE: On multi-access peering points, it is necessary for all peers to agree to a common distance for MBGP to prevent one peer from arbitrarily winning all PIM asserts on the peering connection. As an example in several of the public MIXs folks use distance 20 (or some commonly agreed upon distance) for external routes. By preconfiguring for all peers then a new peer can just bring up MBGP peering and MSDP peering using the external interface address and multicast can work. It is recommended to leave a key component in "shutdown" mode such that final activation requires simple action by NOC. Eg, you could leave the MSDP peering in shutdown, thus requiring the peer to call the NOC in order for their traffic to flow through your network (it should not if no sa-messages are passed). The NOC only has to "no shutdown" on the MSDP peering session (simple, no adverse effects), and you're then in position to monitor the initial peering and multicast service as it comes up.