Routing

Expand all | Collapse all

Firewall filter for LDP and RIP includes IGMP

Jump to Best Answer
  • 1.  Firewall filter for LDP and RIP includes IGMP

    Posted 05-29-2020 23:02

    Day One: Securing the Routing Engine v2 build firewall filters for RIP (page 74) and LDP (page 78). I do not understand why these filters include a term for IGMP. Here is the an example of the rip filter:

     

    filter accept-rip {

       term accept-rip {
          from {
             source-prefix-list {
                router-ipv4; 
                router-ipv4-logical-systms; 
             }
             destination-prefix-list {
                rip; 
             }
           protocol udp;
           destination-port rip;
         }
        then {
          count accept-rip;
          accept;
       }

    }

    term accept-rip-igmp {
       from {
           source-prefix-list {
               router-ipv4; 
               router-ipv4-logical-systms;
           }
           destination-prefix-list {
               rip; 
           }
           protocol igmp;
           }
           then {
               count accept-rip-igmp;
               accept;
           }
       }
    }



  • 2.  RE: Firewall filter for LDP and RIP includes IGMP
    Best Answer

    Posted 05-30-2020 07:59

    Hello,

     

    This could be a workaround for the scenario where routers are interconnected through some switches with below-average intelligence who require multicast membership for multicast link subnetwork control range 224.0.0.0/24, despite that standards say this range must be always flooded.

    These entries allow the router to received IGMP queries from these switches and respond to them, refreshing the IGMP membership in these switches.

    HTH

    Thx

    Alex