On 03/06/2013 21:44, Tim Stevenson wrote:
At 01:08 PM 6/3/2013 Monday, Phil Mayers clamored:
How can I accomplish the equivalent of the "boundary" on NX-OS 5.2 for
N7k, given it lacks the command? Does one just use a normal ACL, and
if so, are there any caveats to doing so e.g. does "boundary" do
*other* things that a plain ACL would miss?
In n7k, you must use a combination of control plane & data plane
filtering to get the equivalent functionality of multicast boundary.
For data plane, it's nothing more than ip access-group with matches on
multicast traffic.
Ok, so just "use ACLs".
Out of curiosity, what was the rationale for merging the unicast and
multicast data-plane filtering? The IOS-style split seems to have some
advantages in terms of manageability, including that you don't need to
write both ingress and egress ACLs. Though I suppose the latter are more
flexible.
For control plane, there is independent filtering control for each
protocol, ie, PIM, IGMP, MSDP, etc.
Indeed. It's somewhat non-obvious to me at this time how the PIM control
plane filtering interacts with data- and IGMP-driven PIM events on edge
subnets, but I probably need to re-read the docs.
Hope that helps,
Very much so, thanks.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
