RP Configuration:
Static:
The following command is used to
configure rp in the router,
Ip pim rp-address
<IP_Of_Router> <access-listNo>
If multiple rp’s are
configured,the one with higher ip will be selected by the router.
Auto RP:
Cisco proprietary tool for
advertising RP info for multicast groups.
It uses multicast to distribute
group to RP mapping info.
Cisco PIM routers learn about
the group to RP mapping by joining the group Cisco-RP-discovery 224.0.1.40, the
mapping agent will advertise the mapping info to this group.
The mapping agent will learn of
the possible RP candidates by joining to group Cisco-RP-announce 224.0.1.39.
Candidate RPs announce their
intention to be RP for a group or group range by multicasting RP announce
messages to the group 224.0.1.39.
Configuring mapping agent:
ip pim send-rp-discovery scope
ttl
Configuring candidate RPs:
ip pim send-rp-announce
interface scope ttl [group-list acl]
If group-list is not specified,
the router will announce as candidate for 224.0.0.0/4
If the mapping agents receive
multiple rp announcements, all of them will cache the group to RP announcements
and select RP with higher IP address.
Multiple mapping agents can be
configured in a network, all mapping agents will select the same RP for a given
group and routers will have the same set of rp mappings. Only ‘the source info’
of the mapping will be toggling in the routers.
Can tweak the
RP-announce-interval to have short failover times, however with the default SPT
threshold of zero, all the routers would have switched to SPT and the failure
of a RP will have little effect.
RP-announce and RP-discovery are
always operated as dense mode groups. If the RP info is not found for a group,
the group will be operated in dense mode.
Security:
To stop sending rp discovery messages,
configure the following on the interface
‘ip multicast boundary
<access-list>’
access-list 10 deny 224.0.1.39
access-list 10 deny 224.0.1.40
access-list 10 deny 239.0.0.0 0.255.255.255
access-list 10 permit 224.0.0.0 15.255.255.255
We can configure the following
on the mapping agent to prevent candidate RP spoofing,
ip pim rp-announce-filter
rp-list acl [group-list acl]
eg:
access-list 1 permit host 1.1.1.2
access-list 2 deny any
ip pim rp-announce-filter rp-list 1 group-list 2
With the above configuration, the filtering is performed on the IP
addresses permitted by the rp-list i.e. 1.
Here, the RP permitted in ACL 1 denied to be the RP for groups
referenced in ACL2.
1.1.1.2 is denied to be the RP for all multicast groups.
All the interfaces must be
configured to operate in ‘sparse-dense’ mode.
When the interfaces are configured
to operate in sparse mode,
‘ip pim autorp listener’ àAllows the two group
addresses 224.0.1.39 and 224.0.1.40 to operate in dense mode and other groups
in sparse mode.
Misc:
- If router interfaces are configured in sparse mode, Auto-RP can still be used if all routers are configured with a static RP address for the Auto-RP groups.
- RPs discovered dynamically through Auto-RP take precedence over statically configured RPs
- To accept all RPs advertised with Auto-RP and reject all other RPs by default, use the ip pim accept-rp auto-rp command.
PIM V2 Bootstrap Mechanism:
BSR uses hop by hop flooding of
special bootstrap messages to distribute all group to RP mapping info.
The combination of hop-by-hop
flooding of BSR messages and unicasting C-RP advertisements to the
BSR completely eliminates the
need for multicast in order for the BSR mechanism to function.
ip pim rp-candidate interface
[group-list acl]
When this global configuration
command is added to a router's configuration, the router begins to
unicast PIMv2 C-RP
advertisements to the currently elected BSR.
ip pim bsr-candidate interface
hash-mask-length [priority]
After configuring, the router
sets its Bootstrap timer to the bootstrap timeout value (150 sec) and enters
the C-BSR state ,waiting to
receive BSR messages from current BSR.
If the router receives a BSR
messages with higher priority, it accepts the message, the timer is reset and
forwards out all the other interfaces.
Low priority messages will be
discarded.
If the bootstrap timer expires,
the C-BSR will start sending BSR messages every 60 sec.
If a high priority BSR message
is received, it will transition back to C-BSR state.
In this way, the candidate RP
router will come to know of the BSR and starts unicasting its RP intention to
BSR.
The BSR will cache all such
mappings and send them in BSR messages.
Each router now receives all the
RP to group mapping info through hop by hop flooding mechanism and run some
hashing algorithm to identify the RP for a group.
If two routers announce to be
the RP candidates for entire multicast range, in BSR, the routers will share
the RP workload for multicast range.
By changing the hash mask length
value, it is possible to control the no. of consecutive group addresses that
map to the same candidate RP.
BSR messages are flooded to all
PIM routers 224.0.0.13 with a TTL of 1.They contain the following info
·
Ip address of current BSR
·
Group tot RP mapping cache
·
Priority
·
Hash mask length value
‘Ip pim border’ command to
constrain BSR messages. This command will not affect the flow of other PIM
messages join, prune,etc
Forcing groups to remain in
Dense mode:
The following command can be
used to force certain groups to operate in dense mode
ip pim
accept-rp {rp-address | Auto-rp} [group-list acl]
When the router receives IGMP join from a local host, it
will run the RP and group address against this filter, if the filter permits,
the group will be created in sparse mode, else the group will be created in
dense mode.
When the router receives (*, G) join from a downstream router,
the RP address in the join message and group address will be run against the filter,
if the filter allows, the join is propagated towards RP, else discarded.
When the router receives register messages for a group,
the group address and destination address will be run through the filter, if
the filter allows, the register is processed else it will send register stop is
sent.
The ip
pim accept-rp command has the following three basic forms:
ip pim accept-rp rp-address [group-list acl] àIf the matching entry found, search terminates. If permitted,
sparse mode will be used.
ip pim accept-rp Auto-rp [group-list acl]àIf the group to RP cache permits, the group is
created in sparse mode. If denied, wildcard entry will be tried.
ip pim accept-rp 0.0.0.0 [group-list acl]à If the matching entry found, search terminates. If permitted,
sparse mode will be used.
Configure ip pim rp-address to force the group to operate in
sparse mode.
MSDP:
MSDP is a mechanism to connect multiple PIM-SM domains. It shares
the active multicast sources in a domain to RPs in other domains.
MSDP is configured between RPs, it uses TCP over port 639.
On receiving the register messages from first hop router, the RP
will re-encapsulated in source-active messages and are forwarded to all MSDP peers.
MSDP messages are flooded across MSDP peers.
R1----R2-----R3
R1 & R2 msdp peers
R2 & R3 msdp peers
If R1 send a SA message to R2, R2 can forward it to R3.
SSM:
In SSM,only the router closest to the receiving host needs to have
SSM enabled.
access-list
1 permit 232.0.0.0 0.255.255.255
ip pim ssm
range 1
When SSM is enabled, only (S, G) state will be created ,no
(*, G) will be created for the groups
specified in SSM range.
Bi-directional
PIM:
ip pim bidir-enable --- This must be enabled
ip pim rp-address 1.1.1.3 bidir
A designated forwarder is elected for each segment, DF is
nothing but a multicast router that can forward (*, G) traffic in 2 different
directions.
The router with lowest cost to RP will get elected as DR.
IGMP:
In IGMP v2, the router with lowest ip address will become
the querier for that segment.
The DR is the router with the highest IP address on the subnet, whereas the IGMP querier is the router with the lowest IP address.
The router periodically send query message to all host
224.0.0.1
The hosts which want multicast traffic will reply with
membership reports to 224.0.0.2
While leaving, IGMP uses group specific queries to
improve the performance. Host will send a leave message and router will send a
group specific query.
By default, if PIM is enabled on the interface, IGMP v2
is also enabled.
R2#sh ip igmp int fa0/0
IGMP is enabled
on interface
Current IGMP host
version is 2
Current IGMP
router version is 2
IGMP query
interval is 60 secondsàto
discover active multicast group receivers. If two queries are missed, election
for new querier starts.
IGMP querier
timeout is 120 secondsàif
no query seen for 120 sec, the other router will trigger an election for selecting
new querier
IGMP max query
response time is 10 secondsàTweak
to improve the burstiness of the query responses
Last member query
count is 2àno. of queries sent after receiving group
specific leave and before stopping forwarding of multicast traffic
Last member query
response interval is 1000 ms
Inbound IGMP
access group is not setàaccess-list
to restrict hosts from joining some mcast groups
IGMP activity: 1
joins, 0 leaves
Interface IGMP State Limit: 0 active out of 2 maxàMax no. of groups that
hosts can join. After two groups are joined, third group joins are access
denied.
Multicast routing
is enabled on interface
Multicast TTL
threshold is 0
Multicast
designated router (DR) is 10.1.100.2 (this system)
IGMP querying
router is 10.1.100.1-àLower
ip address router will assume the role of querier. This is different from PIM
DR router.
No multicast
groups joined by this system