Filter For Multicast Groups in the MA

mcast1.jpg

We are going to configure Sparse-dense mode for the network between R3, R5, and R6, the Ethernet network between R5 and R2, and the 192.168.x.x loopbacks on R3, R5, and R6. We just need to enable multicast on our routers, and configure the interfaces for the PIM mode of sparse-dense. We will also configure the loopback

R5#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#ip multicast-routing
R5(config)#int ser0/0/0.136
R5(config-subif)#ip pim sparse-dense
R5(config-subif)#int fasteth0/0
R5(config-if)#ip pim sparse-dense
R5(config-if)#int loop1
R5(config-if)#ip pim sparse-dense
R5(config-if)#^Z
R5#

R2#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#ip multicast-routing
R2(config)#int fasteth0/0
R2(config-if)#ip pim sparse-dense

R6#
R6#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R6(config)#
R6(config)#ip multicast-routing
R6(config)#int ser0/0/0
R6(config-if)#ip pim sparse-dense
R6(config-if)#int loop1
R6(config-if)#ip pim sparse-dense
R6(config-if)#^Z
R6#

R5 would act as the mapping agent and R3 and R6 would be Candidate RPs for the following groups: 225.0.0.1, 225.0.0.2, 225.0.0.3, 226.0.0.1, 226.0.0.2, 226.0.0.3

In order to configure R5 as a mapping agent, we will configure the command ip pim send-rp-discovery.

R5#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#ip pim send-rp-discovery loop1 scope 4
R5(config)#

In order to configure R3 and R6 as candidate RPs, we will configure an access list for the groups, and use the command ip pim send-rp-announce.

R6#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R6(config)#access-list 24 permit 225.0.0.1
R6(config)#access-list 24 permit 225.0.0.2
R6(config)#access-list 24 permit 225.0.0.3
R6(config)#access-list 24 permit 226.0.0.1
R6(config)#access-list 24 permit 226.0.0.2
R6(config)#access-list 24 permit 226.0.0.3
R6(config)#ip pim send-rp-announce loop1 scope 4 group-list 24
R6(config)#^Z

R3#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#
R3(config)#access-list 24 permit 225.0.0.1
R3(config)#access-list 24 permit 225.0.0.2
R3(config)#access-list 24 permit 225.0.0.3
R3(config)#access-list 24 permit 226.0.0.1
R3(config)#access-list 24 permit 226.0.0.2
R3(config)#access-list 24 permit 226.0.0.3
R3(config)#ip pim send-rp-announce loop1 scope 4 group-list 24
R3(config)#^Z

Verify that R5 shows as a mapping agent with the command show ip pim rp mapping.

R5#show ip pim rp mapping
PIM Group-to-RP Mappings
This system is an RP-mapping agent (Loopback1)

Group(s) 225.0.0.1/32
RP 192.168.3.3 (?), v2v1
Info source: 192.168.3.3 (?), elected via Auto-RP
Uptime: 00:00:13, expires: 00:02:47
Group(s) 225.0.0.2/32
RP 192.168.3.3 (?), v2v1
Info source: 192.168.3.3 (?), elected via Auto-RP
Uptime: 00:00:13, expires: 00:02:42
Group(s) 225.0.0.3/32
RP 192.168.3.3 (?), v2v1
Info source: 192.168.3.3 (?), elected via Auto-RP
Uptime: 00:00:13, expires: 00:02:47
Group(s) 226.0.0.1/32
RP 192.168.3.3 (?), v2v1
Info source: 192.168.3.3 (?), elected via Auto-RP
Uptime: 00:00:13, expires: 00:02:43
Group(s) 226.0.0.2/32
RP 192.168.3.3 (?), v2v1
Info source: 192.168.3.3 (?), elected via Auto-RP
Uptime: 00:00:13, expires: 00:02:47
Group(s) 226.0.0.3/32
RP 192.168.3.3 (?), v2v1
Info source: 192.168.3.3 (?), elected via Auto-RP
Uptime: 00:00:13, expires: 00:02:43

We are going to configure a filter so that R5 will accept R3 as the RP for the 225.x.x.x groups, and will accept R6 as the RP for the 226.x.x.x groups. Verify that R2 sees R3 as the RP for the 225 groups, and R6 as the RP for the 226 groups.

In order to filter the groups, we will configure the command ip pim rp-announce-filter rp-list on R5. First, we will configure four access lists. Two access lists will match the two groups of multicast addresses, and two will match our RPs.

R5#conf
*Jul 31 05:35:12.063: %SYS-5-CONFIG_I: Configured from console by console
R5#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#
R5(config)#ip access-list standard permitR3
R5(config-std-nacl)#permit 192.168.3.3
R5(config-std-nacl)#
R5(config-std-nacl)#ip access-list standard permitR6
R5(config-std-nacl)#permit 192.168.6.6
R5(config-std-nacl)#
R5(config-std-nacl)#ip access-list standard R3groups
R5(config-std-nacl)#permit 225.0.0.0 0.0.0.3
R5(config-std-nacl)#
R5(config-std-nacl)#ip access-list standard R6groups
R5(config-std-nacl)#permit 226.0.0.0 0.0.0.3
R5(config-std-nacl)#

Before we apply our filtering, let’s take a look at R2 and see what R2 currently has for mappings. At this point, R2 just sees mappings with R6 as the RP, due to the election

R2#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 225.0.0.1/32
RP 192.168.6.6 (?), v2v1
Info source: 192.168.5.5 (?), elected via Auto-RP
Uptime: 00:02:09, expires: 00:02:47
Group(s) 225.0.0.2/32
RP 192.168.6.6 (?), v2v1
Info source: 192.168.5.5 (?), elected via Auto-RP
Uptime: 00:02:09, expires: 00:02:49
Group(s) 225.0.0.3/32
RP 192.168.6.6 (?), v2v1
Info source: 192.168.5.5 (?), elected via Auto-RP
Uptime: 00:02:09, expires: 00:02:49
Group(s) 226.0.0.1/32
RP 192.168.6.6 (?), v2v1
Info source: 192.168.5.5 (?), elected via Auto-RP
Uptime: 00:02:09, expires: 00:02:45
Group(s) 226.0.0.2/32
RP 192.168.6.6 (?), v2v1
Info source: 192.168.5.5 (?), elected via Auto-RP
Uptime: 00:02:09, expires: 00:02:49
Group(s) 226.0.0.3/32
RP 192.168.6.6 (?), v2v1
Info source: 192.168.5.5 (?), elected via Auto-RP
Uptime: 00:02:09, expires: 00:02:49
R2#

We will apply our filtering, using the access-lists created to match our RPs and groups. There are two parts to the ip pim rp-announce-filter command. The first part identifies the RP, and the second identifies the groups.

R5#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#ip pim rp-announce-filter rp-list permitR3 group-list R3groups
R5(config)#ip pim rp-announce-filter rp-list permitR6 group-list R6groups
R5(config)#^Z
R5#
R5#wr

The first line filters the groups that we are permitting for R3, the second filters the groups that we are permitting for R6.
If we had left off the second filter, it wouldn’t mean that R6 would be denied as a candidate RP, it would mean that R6’s multicast groups would not be filtered at all.

Let’s take a look at the output of debug ip pim auto-rp. Notice what happens with the updates from R3 and R6.

*Mar 2 19:05:59.732: Auto-RP(0): Received RP-announce, from 192.168.3.3, RP_cnt 1, ht 181
*Mar 2 19:05:59.732: Auto-RP(0): Update (225.0.0.1/32, RP:192.168.3.3), PIMv2 v1
*Mar 2 19:05:59.732: Auto-RP(0): Filtered 226.0.0.2/32 for RP 192.168.3.3
*Mar 2 19:05:59.732: Auto-RP(0): Filtered 226.0.0.3/32 for RP 192.168.3.3
*Mar 2 19:05:59.736: Auto-RP(0): Update (225.0.0.3/32, RP:192.168.3.3), PIMv2 v1
*Mar 2 19:05:59.736: Auto-RP(0): Update (225.0.0.2/32, RP:192.168.3.3), PIMv2 v1
*Mar 2 19:05:59.736: Auto-RP(0): Filtered 226.0.0.1/32 for RP 192.168.3.3

*Mar 2 19:08:33.993: Auto-RP(0): Received RP-announce, from 192.168.6.6, RP_cnt 1, ht 181
*Mar 2 19:08:33.997: Auto-RP(0): Filtered 225.0.0.1/32 for RP 192.168.6.6
*Mar 2 19:08:33.997: Auto-RP(0): Update (226.0.0.2/32, RP:192.168.6.6), PIMv2 v1
*Mar 2 19:08:33.997: Auto-RP(0): Update (226.0.0.3/32, RP:192.168.6.6), PIMv2 v1
*Mar 2 19:08:33.997: Auto-RP(0): Filtered 225.0.0.3/32 for RP 192.168.6.6
*Mar 2 19:08:33.997: Auto-RP(0): Filtered 225.0.0.2/32 for RP 192.168.6.6
*Mar 2 19:08:34.001: Auto-RP(0): Update (226.0.0.1/32, RP:192.168.6.6), PIMv2 v1

Now that our filtering is complete, verify the RP mappings on R5 and R2 with the command show ip pim rp mapping.

R5#show ip pim rp mapping
PIM Group-to-RP Mappings
This system is an RP-mapping agent (Loopback1)

Group(s) 225.0.0.1/32
RP 192.168.3.3 (?), v2v1
Info source: 192.168.3.3 (?), elected via Auto-RP
Uptime: 00:02:10, expires: 00:02:48
Group(s) 225.0.0.2/32
RP 192.168.3.3 (?), v2v1
Info source: 192.168.3.3 (?), elected via Auto-RP
Uptime: 00:02:10, expires: 00:02:45
Group(s) 225.0.0.3/32
RP 192.168.3.3 (?), v2v1
Info source: 192.168.3.3 (?), elected via Auto-RP
Uptime: 00:02:10, expires: 00:02:45
Group(s) 226.0.0.1/32
RP 192.168.6.6 (?), v2v1
Info source: 192.168.6.6 (?), elected via Auto-RP
Uptime: 00:50:36, expires: 00:02:22
Group(s) 226.0.0.2/32
RP 192.168.6.6 (?), v2v1
Info source: 192.168.6.6 (?), elected via Auto-RP
Uptime: 00:50:36, expires: 00:02:19
Group(s) 226.0.0.3/32
RP 192.168.6.6 (?), v2v1
Info source: 192.168.6.6 (?), elected via Auto-RP
Uptime: 00:50:47, expires: 00:02:09

R2#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 225.0.0.1/32
RP 192.168.3.3 (?), v2v1
Info source: 192.168.5.5 (?), via Auto-RP
Uptime: 00:06:37, expires: 00:02:50
Group(s) 225.0.0.2/32
RP 192.168.3.3 (?), v2v1
Info source: 192.168.5.5 (?), via Auto-RP
Uptime: 00:06:37, expires: 00:02:51
Group(s) 225.0.0.3/32
RP 192.168.3.3 (?), v2v1
Info source: 192.168.5.5 (?), via Auto-RP
Uptime: 00:06:37, expires: 00:02:52
Group(s) 226.0.0.1/32
RP 192.168.6.6 (?), v2v1
Info source: 192.168.5.5 (?), via Auto-RP
Uptime: 00:55:03, expires: 00:02:52
Group(s) 226.0.0.2/32
RP 192.168.6.6 (?), v2v1
Info source: 192.168.5.5 (?), via Auto-RP
Uptime: 00:55:03, expires: 00:02:54
Group(s) 226.0.0.3/32
RP 192.168.6.6 (?), v2v1
Info source: 192.168.5.5 (?), via Auto-RP
Uptime: 00:55:03, expires: 00:02:54
Lab5R2#

If you want to clear the mappings and verify that they are relearned properly, use the command clear ip pim rp-mapping.

Note: Be very careful when configuring your access lists on the RPs. The access list in the command send-rp-announce on the RP is sent to the mapping agent line by line. If we had configured a different access list on R3 and R6, our groups may have been completely blocked by our filter on R5.

Example: Here is the sample output, with a different access list on R3.

R3(config)#access-list 24 permit 224.0.0.0 15.255.255.255

OUTPUT ON R5 – Debug ip pim auto-rp:

*Jul 31 05:37:05.679: Auto-RP(0): Received RP-announce, from 192.168.3.3, RP_cnt 1, ht 181
*Jul 31 05:37:05.679: Auto-RP(0): Update (225.0.0.1/32, RP:192.168.3.3), PIMv2 v1
*Jul 31 05:37:05.679: Auto-RP(0): Filtered 226.0.0.2/32 for RP 192.168.3.3
*Jul 31 05:37:05.679: Auto-RP(0): Filtered 226.0.0.3/32 for RP 192.168.3.3
*Jul 31 05:37:05.679: Auto-RP(0): Update (225.0.0.3/32, RP:192.168.3.3), PIMv2 v1
*Jul 31 05:37:05.679: Auto-RP(0): Update (225.0.0.2/32, RP:192.168.3.3), PIMv2 v1
*Jul 31 05:37:05.679: Auto-RP(0): Filtered 226.0.0.1/32 for RP 192.168.3.3
*Jul 31 05:37:05.679: Auto-RP(0): Received RP-announce, from 192.168.3.3, RP_cnt 1, ht 181
R5#
*Jul 31 05:37:05.679: Auto-RP(0): Update (225.0.0.1/32, RP:192.168.3.3), PIMv2 v1
*Jul 31 05:37:05.679: Auto-RP(0): Filtered 226.0.0.2/32 for RP 192.168.3.3
*Jul 31 05:37:05.679: Auto-RP(0): Filtered 226.0.0.3/32 for RP 192.168.3.3
*Jul 31 05:37:05.683: Auto-RP(0): Update (225.0.0.3/32, RP:192.168.3.3), PIMv2 v1
*Jul 31 05:37:05.683: Auto-RP(0): Update (225.0.0.2/32, RP:192.168.3.3), PIMv2 v1
*Jul 31 05:37:05.683: Auto-RP(0): Filtered 226.0.0.1/32 for RP 192.168.3.3
R5#
*Jul 31 05:37:30.055: Auto-RP(0): Build RP-Discovery packet
*Jul 31 05:37:30.055: Auto-RP: Build mapping (225.0.0.1/32, RP:192.168.6.6), PIMv2 v1,
*Jul 31 05:37:30.055: Auto-RP: Build mapping (225.0.0.2/32, RP:192.168.6.6), PIMv2 v1.
*Jul 31 05:37:30.055: Auto-RP: Build mapping (225.0.0.3/32, RP:192.168.6.6), PIMv2 v1.
*Jul 31 05:37:30.055: Auto-RP: Build mapping (226.0.0.1/32, RP:192.168.6.6), PIMv2 v1.
*Jul 31 05:37:30.055: Auto-RP: Build mapping (226.0.0.2/32, RP:192.168.6.6), PIMv2 v1.
*Jul 31 05:37:30.055: Auto-RP: Build mapping (226.0.0.3/32, RP:192.168.6.6), PIMv2 v1.
*Jul 31 05:37:30.055: Auto-RP(0): Send RP-discovery packet on Serial0/0/0.136 (1 RP entries)
R5#
*Jul 31 05:37:30.055: Auto-RP(0): Send RP-discovery packet on FastEthernet0/0 (1 RP entries)
*Jul 31 05:37:30.055: Auto-RP: Send RP-discovery packet on Loopback1 (1 RP entries)
R5#
*Jul 31 05:37:32.311: Auto-RP(0): Received RP-announce, from 192.168.6.6, RP_cnt 1, ht 181
*Jul 31 05:37:32.311: Auto-RP(0): Filtered 225.0.0.1/32 for RP 192.168.6.6
*Jul 31 05:37:32.311: Auto-RP(0): Update (226.0.0.2/32, RP:192.168.6.6), PIMv2 v1
*Jul 31 05:37:32.311: Auto-RP(0): Update (226.0.0.3/32, RP:192.168.6.6), PIMv2 v1
*Jul 31 05:37:32.311: Auto-RP(0): Filtered 225.0.0.3/32 for RP 192.168.6.6
*Jul 31 05:37:32.311: Auto-RP(0): Filtered 225.0.0.2/32 for RP 192.168.6.6
*Jul 31 05:37:32.311: Auto-RP(0): Update (226.0.0.1/32, RP:192.168.6.6), PIMv2 v1
*Jul 31 05:37:32.311: Auto-RP(0): Received RP-announce, from 192.168.6.6, RP_cnt 1, ht 181
R5#
*Jul 31 05:37:32.311: Auto-RP(0): Filtered 225.0.0.1/32 for RP 192.168.6.6
*Jul 31 05:37:32.311: Auto-RP(0): Update (226.0.0.2/32, RP:192.168.6.6), PIMv2 v1
*Jul 31 05:37:32.311: Auto-RP(0): Update (226.0.0.3/32, RP:192.168.6.6), PIMv2 v1
*Jul 31 05:37:32.311: Auto-RP(0): Filtered 225.0.0.3/32 for RP 192.168.6.6
*Jul 31 05:37:32.311: Auto-RP(0): Filtered 225.0.0.2/32 for RP 192.168.6.6
*Jul 31 05:37:32.311: Auto-RP(0): Update (226.0.0.1/32, RP:192.168.6.6), PIMv2 v1
R5#

Notice that the line shows as ‘filtered’ for the access list line.

• Configure R3 to set a limit of 4 on the number of multicast entries for the two sources 143.3.134.200 and 143.3.134.201.

The ability to set such limit has been introduced in 12.3(14)T using the command below.

We will first need to create an access-list to permit the sources we want to apply the limit on.

R3#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#
R3(config)# access-list 5 permit 144.3.134.200
R3(config)# access-list 5 permit 144.3.134.201

Then we will apply the ip multicast limit command to the Fast0/1 interface. Because these sources are directly connected, we will use the keyword connected.

R3(config)#int f0/1
R3(config-if)#ip multicast limit connected 5 4
R3(config-if)#ip pim sparse-dense

be also aware of RP Failures

R3#deb ip mpac
*Jul 31 05:42:42.747: IP(0): s=192.168.5.5 (Serial0/0/0) d=224.0.1.40 id=37012, ttl=3, prot=17, len=88(84), not RPF interface

R3#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#ip mroute 0.0.0.0 0.0.0.0 143.3.136.5

A Networker Blog

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s