Tuesday, December 8, 2015

Multicast Part 2


RP Configuration:

Static:
The following command is used to configure rp in the router,
Ip pim rp-address <IP_Of_Router> <access-listNo>

If multiple rp’s are configured,the one with higher ip will be selected by the router.

Auto RP:
Cisco proprietary tool for advertising RP info for multicast groups.
It uses multicast to distribute group to RP mapping info.

Cisco PIM routers learn about the group to RP mapping by joining the group Cisco-RP-discovery 224.0.1.40, the mapping agent will advertise the mapping info to this group.
The mapping agent will learn of the possible RP candidates by joining to group Cisco-RP-announce 224.0.1.39.
Candidate RPs announce their intention to be RP for a group or group range by multicasting RP announce messages to the group 224.0.1.39.

Configuring mapping agent:
ip pim send-rp-discovery scope ttl

Configuring candidate RPs:
ip pim send-rp-announce interface scope ttl [group-list acl]
If group-list is not specified, the router will announce as candidate for 224.0.0.0/4

If the mapping agents receive multiple rp announcements, all of them will cache the group to RP announcements and select RP with higher IP address.

Multiple mapping agents can be configured in a network, all mapping agents will select the same RP for a given group and routers will have the same set of rp mappings. Only ‘the source info’ of the mapping will be toggling in the routers.
Can tweak the RP-announce-interval to have short failover times, however with the default SPT threshold of zero, all the routers would have switched to SPT and the failure of a RP will have little effect.

RP-announce and RP-discovery are always operated as dense mode groups. If the RP info is not found for a group, the group will be operated in dense mode.

Security:
To stop sending rp discovery messages, configure the following on the interface
‘ip multicast boundary <access-list>’
access-list 10 deny 224.0.1.39
access-list 10 deny 224.0.1.40
access-list 10 deny 239.0.0.0 0.255.255.255
access-list 10 permit 224.0.0.0 15.255.255.255


We can configure the following on the mapping agent to prevent candidate RP spoofing,
ip pim rp-announce-filter rp-list acl [group-list acl]
eg:
access-list 1 permit host 1.1.1.2
access-list 2 deny any
ip pim rp-announce-filter rp-list 1 group-list 2

With the above configuration, the filtering is performed on the IP addresses permitted by the rp-list i.e. 1.
Here, the RP permitted in ACL 1 denied to be the RP for groups referenced in ACL2.
1.1.1.2 is denied to be the RP for all multicast groups.

All the interfaces must be configured to operate in ‘sparse-dense’ mode.

When the interfaces are configured to operate in sparse mode,
‘ip pim autorp listener’ àAllows the two group addresses 224.0.1.39 and 224.0.1.40 to operate in dense mode and other groups in sparse mode.

Misc:

  • If router interfaces are configured in sparse mode, Auto-RP can still be used if all routers are configured with a static RP address for the Auto-RP groups.
  • RPs discovered dynamically through Auto-RP take precedence over statically configured RPs
  • To accept all RPs advertised with Auto-RP and reject all other RPs by default, use the ip pim accept-rp auto-rp command.

PIM V2 Bootstrap Mechanism:
BSR uses hop by hop flooding of special bootstrap messages to distribute all group to RP mapping info.

The combination of hop-by-hop flooding of BSR messages and unicasting C-RP advertisements to the
BSR completely eliminates the need for multicast in order for the BSR mechanism to function.

ip pim rp-candidate interface [group-list acl]
When this global configuration command is added to a router's configuration, the router begins to
unicast PIMv2 C-RP advertisements to the currently elected BSR.


ip pim bsr-candidate interface hash-mask-length [priority]
After configuring, the router sets its Bootstrap timer to the bootstrap timeout value (150 sec) and enters
the C-BSR state ,waiting to receive BSR messages from current BSR.

If the router receives a BSR messages with higher priority, it accepts the message, the timer is reset and forwards out all the other interfaces.
Low priority messages will be discarded.

If the bootstrap timer expires, the C-BSR will start sending BSR messages every 60 sec.
If a high priority BSR message is received, it will transition back to C-BSR state.

In this way, the candidate RP router will come to know of the BSR and starts unicasting its RP intention to BSR.
The BSR will cache all such mappings and send them in BSR messages.
Each router now receives all the RP to group mapping info through hop by hop flooding mechanism and run some hashing algorithm to identify the RP for a group.

If two routers announce to be the RP candidates for entire multicast range, in BSR, the routers will share the RP workload for multicast range.
By changing the hash mask length value, it is possible to control the no. of consecutive group addresses that map to the same candidate RP.

BSR messages are flooded to all PIM routers 224.0.0.13 with a TTL of 1.They contain the following info
·         Ip address of current BSR
·         Group tot RP mapping cache
·         Priority
·         Hash mask length value

‘Ip pim border’ command to constrain BSR messages. This command will not affect the flow of other PIM messages join, prune,etc


Forcing groups to remain in Dense mode:

The following command can be used to force certain groups to operate in dense mode
ip pim accept-rp {rp-address | Auto-rp} [group-list acl]

When the router receives IGMP join from a local host, it will run the RP and group address against this filter, if the filter permits, the group will be created in sparse mode, else the group will be created in dense mode.
When the router receives (*, G) join from a downstream router, the RP address in the join message and group address will be run against the filter, if the filter allows, the join is propagated towards RP, else discarded.
When the router receives register messages for a group, the group address and destination address will be run through the filter, if the filter allows, the register is processed else it will send register stop is sent.

The ip pim accept-rp command has the following three basic forms:
ip pim accept-rp rp-address [group-list acl] àIf the matching entry found, search terminates. If permitted, sparse mode will be used.
ip pim accept-rp Auto-rp [group-list acl]àIf the group to RP cache permits, the group is created in sparse mode. If denied, wildcard entry will be tried.
ip pim accept-rp 0.0.0.0 [group-list acl]à If the matching entry found, search terminates. If permitted, sparse mode will be used.

Configure ip pim rp-address to force the group to operate in sparse mode.

MSDP:

MSDP is a mechanism to connect multiple PIM-SM domains. It shares the active multicast sources in a domain to RPs in other domains.
MSDP is configured between RPs, it uses TCP over port 639.

On receiving the register messages from first hop router, the RP will re-encapsulated in source-active messages and are forwarded to all MSDP peers.

MSDP messages are flooded across MSDP peers.
R1----R2-----R3
R1 & R2 msdp peers
R2 & R3 msdp peers

If R1 send a SA message to R2, R2 can forward it to R3.

SSM:

In SSM,only the router closest to the receiving host needs to have SSM enabled.

access-list 1 permit 232.0.0.0 0.255.255.255
ip pim ssm range 1

When SSM is enabled, only (S, G) state will be created ,no  (*, G) will be created for the groups specified in SSM range.

Bi-directional PIM:

ip pim bidir-enable --- This must be enabled
ip pim rp-address 1.1.1.3 bidir

A designated forwarder is elected for each segment, DF is nothing but a multicast router that can forward (*, G) traffic in 2 different directions.
The router with lowest cost to RP will get elected as DR.

IGMP:
In IGMP v2, the router with lowest ip address will become the querier for that segment.

The DR is the router with the highest IP address on the subnet, whereas the IGMP querier is the router with the lowest IP address.

The router periodically send query message to all host 224.0.0.1
The hosts which want multicast traffic will reply with membership reports to 224.0.0.2
While leaving, IGMP uses group specific queries to improve the performance. Host will send a leave message and router will send a group specific query.

By default, if PIM is enabled on the interface, IGMP v2 is also enabled.

R2#sh ip igmp int fa0/0
  IGMP is enabled on interface
  Current IGMP host version is 2
  Current IGMP router version is 2
  IGMP query interval is 60 secondsàto discover active multicast group receivers. If two queries are missed, election for new querier starts.
  IGMP querier timeout is 120 secondsàif no query seen for 120 sec, the other router will trigger an election for selecting new querier
  IGMP max query response time is 10 secondsàTweak to improve the burstiness of the query responses
  Last member query count is 2àno.  of queries sent after receiving group specific leave and before stopping forwarding of multicast traffic
  Last member query response interval is 1000 ms
  Inbound IGMP access group is not setàaccess-list to restrict hosts from joining some mcast groups
  IGMP activity: 1 joins, 0 leaves
Interface IGMP State Limit: 0 active out of 2 maxàMax no. of groups that hosts can join. After two groups are joined, third group joins are access denied.
  Multicast routing is enabled on interface
  Multicast TTL threshold is 0
  Multicast designated router (DR) is 10.1.100.2 (this system)
  IGMP querying router is 10.1.100.1-àLower ip address router will assume the role of querier. This is different from PIM DR router.
  No multicast groups joined by this system