Cisco ASR 9000 Series Software Manual page 49

Layer 3 multicast routing

Hide thumbs Also See for ASR 9000 Series:

Command reference manual (1138 pages)

Routing configuration manual (702 pages)

Reference manual (696 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

page of 166

/ 166
Bookmarks

Implementing Layer-3 Multicast Routing on Cisco IOS XR Software

MSDP MD5 Password Authentication

MSDP MD5 password authentication is an enhancement to support Message Digest 5 (MD5) signature

protection on a TCP connection between two Multicast Source Discovery Protocol (MSDP) peers. This feature

provides added security by protecting MSDP against the threat of spoofed TCP segments being introduced

into the TCP connection stream.

MSDP MD5 password authentication verifies each segment sent on the TCP connection between MSDP peers.

The password clear command is used to enable MD5 authentication for TCP connections between two MSDP

peers. When MD5 authentication is enabled between two MSDP peers, each segment sent on the TCP

connection between the peers is verified.

MSDP MD5 authentication must be configured with the same password on both MSDP peers to enable

Note

the connection between them. The 'password encrypted' command is used only for applying the stored

running configuration. Once you configure the MSDP MD5 authentication, you can restore the configuration

using this command.

MSDP MD5 password authentication uses an industry-standard MD5 algorithm for improved reliability and

security.

Overriding VRFs in IGMP Interfaces

All unicast traffic on the user-to-network interfaces of next-generation aggregation or core networks must be

mapped to a specific VRF. They must then be mapped to an MPLS VPN on the network-to-network side.

This requires the configuration of a physical interface in this specific VRF.

This feature allows mapping of IGMP packets entering through a user-to-user interface to the multicast routes

in the global multicast routing table. This ensures that the interface in a specific VRF can be part of the outgoing

list of interfaces in the table for a multicast route.

IGMP packets entering through a non-default VRF interface in the default (global) VRF are processed, with

IGMP later distributing the interface-related multicast state (route/interface) to MRIB. This occurs through

the default VRF rather than through the VRF to which the interface belongs. MRIB, PIM, MSDP, and MFIB

then process the multicast state for this interface through the default VRF.

When an IGMP join for a specific (S, G) is received on the configured interface, IGMP stores this information

in its VRF-specific databases. But, when sending an update to MRIB, IGMP sends this route through the

default VRF. MRIB then programs this (S, G) along with this interface as an OLIST member in the default

multicast routing table.

Similarly, when PIM requests information about IGMP routes from MRIB, MRIB sends this update to PIM

in the context of the default VRF.

This feature specifically supports:

• Mapping of IGMP requests on an interface in a non-default VRF to the default VRF multicast routing

• Enabling and disabling of VRF override functionality at run time.

• Routing policy configuration at the global (default) VRF level, because routing policy configuration

table.

cannot be done at the granularity of an individual interface.

Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide, Release 5.1.x

MSDP MD5 Password Authentication

Cisco ASR 9000 Series Software Manual page 49

Related Manuals for Cisco ASR 9000 Series

Related Products for Cisco ASR 9000 Series