Wednesday, October 24, 2012

MULTICAST COMMAND REVIEW


Multicast Command Review

224.0.0.0/4 (224.0.0.0- 239.255.255.255)

224.0.0.0/24 – link local

232.0.0.0/8- ssm

239.0.0.0/8 – private/admin scope


ip pim rp-address 1.1.1.1 (ACL) (override) - the acl list the groups that are mapped to this particular rp overide is to override dynamic

ip pim spt-threshold (rate in kbps|infinity) what rate it wills switchover to spt if inifinity does not switchover. This is done on the first hop router of the reciever.

no ip dm-fallback - put on pim sparse dense mode routers to prevent fallback to dense mode for groups

pim assert- done on multiaccess segments when two or more routers are delivering the mcast stream invokes an election to get on router elected to service segement election based on lowest admin distance if tied lowest metric to source if same highest ip

ip pim accept rp "rp address" "acl of groups"- filtering done on non rp's tp which rp they will accept for which group


pim dr election- decides who will do registered on shared segement traffic has to be incoming if priority is the same highest ip

ip pim dr-priority “ priority” - used to change the priority of an interface


sh ip pim interface - will show priority of interface


ip pim accept register "extended ACl| route-map" - the access-list goes like this

ip access-list REGISTER permit ip "source-ip" "source-wildcard" "group-address" " group-wildcard" - the purpose of the pim accept register is to filter on the rp what sources are allowed to register for what groups

In multicast tunnelling - we need to ensure the tunnel interface have lower admin distance and or metric than the underlying network or use static mroutes to ensure passing rpf check

ip pim nbma mode - only works with sparse mode it treats the frame relay multipoint interface as a collection of point to point it does so by tracking the pim joins. These gets around issue of all host not recieveing pim message such assets on nbma media

ip pim send-rp-annouce <interface> scope <TTL> (group-list "std acl") - this command is used for advertising in autorp a candidate rp to the mapping agent the group list is a standard acl used to limit what group serviced by RP. RP advertisement sent to 224.0.1.39

ip pim send-rp-discovery<interface>scope <TTL>- this command is used to set a router as ma it listens for candidate rp on 224.0.1.39 and advertises to all mcast pim routers on 224.0.1.40. If multiple ma in network they hear each other every one will cease sending discovery apart from MA with highest ip.

MA Rules

  • Recieves announcement for group from 2 or more candidate rp it will select rp with hightest ip
  • Recieves announcement for 2 different groups one is a subset of the other it will send both rp

For Autorp

Need ip pim sparse dense mode or ip pim autorp listner – used to propgate the 224.0.1.39/224.0.1.40. As of the 224.0.1.39/224.0.1.40 being dense groups


Sh ip pim rp mapping- used to see rp mappings

ip pim rp-announce-filter {group-list <access-list> | rp-list <access-list> {group-list <access-list} – used to filter on ma the incoming rp it will accept for what groups

ip pim send-rp-discovery lo0 scope 4 orcan be used to limit the size and set boundary for mcast domain

ip multicast boundary <access-list><filter-autorp> - if standard acl the acl inspecting for any pim/igmp messages to group see if there is match on group if match it is allowed if not disallowed. For extended acl both source and destination is inpected for match. If using filter-autorp it will inspect autorp messages if not matching group they are filtered.The acl has to be standard if using filter autorp


ip pim rp-candidate <pim-enabled-interface> [group-list <standard-ACL>] [interval (seconds) [priority <0-255> - advertise a candidate rp for BSR group list filters what groups it will service priority is used when multiple rp. Lowest priority is preferred default is 0.

ip pim bsr-candidate <interface>[hash-mask-lenght][priority] – setting a router as a bsr candidate the higher priority the more preferred the bsr-candidate. When bsr recieves advertisement for multiple rp unlike autorp it does not elect the rp for a router it sends out the multiple rp to each router. The router decides which rp to use for which group. A hashing procedure is done by the pim routers to ensure that the rp are decided deterministectly this to ensure we do not have say the source picking one rp and the receiver selecting another.


Ip pim bsr-border - this is used on interface to stop flooding of pim messages. Used at network boundaries.


R1

Int fa0/1

ip igmp helper-address <1550.1.0.5> - stub router with little memory

r2

access-list 22 deny 155.1.0.3

access-list 22 permit any

int s0/0

ip pim sparse-mode

ip pim neighbor-filter 33

The above config is used for setting up stub router first part of sub router used igmp helper-address to forward the mcast igmp joins. On r2 the router that is processing igmp for the stub we need to ensure that it does not form pim adj with r1 so we do a ip pim neighbor filter. R1 is configure with pim dense mode to ensure it flood all mcast traffic received to the segment.


Ip igmp limit “number” – can be applied globally or interface level. Interface level limits number of igmp groups joined on the interface. Applied globally it will limit the number of groups joined by directly connected recievers.

ip access-list standard IGMP_Filter

permit 239.1.1.0 0.0.0.255

int fa0/1

ip igmp access-group "acl" – used to filter igmp join to group in this case on int fa0/1

sh ip igmp int

ip igmp query-interval “seconds” - used on multiaccess segments one router is elect designated querier by lowest ip other router on the segement listen for queries set by the query-interval. Also used to query for group membership

ip igmp querier-timeout <seconds> - this sets the timeout before the other router on segment will take over the querier role

ip igmp query-max-response-time <seconds>– this is the maximum time we will wait for a reciever to express interest in group before we close it off.

Ip igmp last-member-query-count & ip igmp last-member-query-interval “milliseconds” - In igmpv2 we had the intro of leave message when host leave a group. The querier on receiving will generate a last-member query to check if anyone is still interested in the group. The query count is how many queries it will send without response before closing off the group.

Ip igmp immediate-leave group-list “access-list” – this covers a situation whereby you know you only have 1 source on the interface so if you receive a leave you want to close the group off rather than doing last member queries.

Below is an example converting a bcast to mcast then receiving on another remote segement converting back to bcast


Router On Segmenet recieving initial broacast converting to mcast address


ip forward-protocol udp 5000

ip access-list extended Traffic

permit udp any any eq 5000

int fa0/0

ip multicast helper-map broadcast 239.1.1.100 Traffic



Router on Remote Segement converting Mcast back to Bcast



ip forward-protocol udp 5000

ip access-list extended Traffic

permit udp any any eq 5000

int fa0/0

ip directed-broadcast

ip broadcast-address 155.1.37.255

int s1/0.1

ip mutlicast helper-map 239.1.1.100 155.1.37.255 Traffic


Notable things done with the multicast helper broadcast we convert broadcast which restricted down to bcase on port 5000 via the access list traffic and we convert them to 239.1.1.100

On router 2 we receive mcast 239.1.1.100 convert it to 155.1.37.255 we limit down to port 5000 with access-list traffic then to specify the bcast address as 155.1.37.255 we use ip broadcast-address 155.1.37.255 otherwise it assume bcast of 255.255.255.255. We could customise other address rather than 155.1.37.255


Debug ip mroute – to debug mcast traffic

No ip mroute cache – on interfaces similar to changing to fast switching to view debug traffic of transit traffic

Ip multicast rate-limite {in|out} [group-list <acl>] [source-list “acl”] [limit in kbps] – used to rate limit multicast you could by using group list limit particular groups or you could limit by source list particular sources. So you could have one rate limit for a group a and another different one for group b

Ip pim bidir-enable- enables bidirectional pim only (*,G) no (S,G) traffic always flows through RP no switchover to SPT traffic can go bidirectionally for many sources to many recievers enviorment

ip pim rp-address <ip><acl> bidir - statically configuring an rp address for bidir


ip pim send-rp-announce <interface> scope <ttl> group-list <Acl> bidir - using autorp for rp candidate bidir


ip pim rp-candidate <interface>group-list <ACL> bidir - using bsr for rp candidate bidir

ip pim ssm range {default|range "acl"}- global command. enable source specfic multicast on a router if you say default it use the defaultrange for ssm of 232.0.0.0/8 while if you say range you specify an acl for the ssm addresses. SSM do not create (*,G) only (S,G)and do not need rp + need igmp version 3 to be running

ip igmp version 3- enable igmp v3 on interface

ip igmp join “group address “ source “source address” – specify an interface to join a igmp multicast address

ip msdp peer 150.1.1.1 connect-source lo0 - used when multiple rps to keep them in synch as regards registers from sources and joins from recievers

ip msdp mesh-group GROUP1 150.1.1.1- used when rps are meshed and we get into scenerio where rp advertises group for example other rp recieves advertise to other rp who sends it back to original rp this will be ok as rpf check will eventually get rid but to optimize we can use mesh groups

sh ip msdp sa-cache- to view mulitcast group cache on rp running msdp

access-list 150 deny ip any 239.0.0.0 0.255.255.255

access-list 150 permit ip any any

ip msdp sa-filter out 150.1.1.1 list 150 – so this filters any private admin scope sa advertisement been sent out

when running multicast across AS we can run into rpf check issues to get around it was brought in multicast bgp when we enable mcast bgp when doing the rpf check we first check the static mrouter then bgp table then unicast table. So we get around rpf issues with using bgp routing. We can inflience paths taking using typical bgp mechanism weight/local pref/ med/as path

router bgp 1

address-family ipv4 multicast

neighbor 155.1.3.2 activate

network 150.1.29.1 mask 255.255.255.0

anycast rp is two or more rp advertising the same int address so say 1.1.1.1 on loopback been advertised

anycast run msdp between each other clients register with closest rp and we have redudancy

ip igmp snooping – typically switches flood all mcast traffic to all ports treats as unknown bcast with igmp snooping the switch keeps track of all igmp joins it reads the mcast packets and creates a mcast cam so we can send just to interested reciever rather than all ports. It is on by default

we can be specfic and turn it off generally and on for particular vlan

ip igmp snooping vlan “xx”

ip igm snooping vlan “xx” static “group address” interface “int” - enabling static join for a port

ip igmp snooping tcn flood query count “ count” - if it host changes port generates a tcn this will flood mcast traffic for the period of the count

no ip igmp snooping tcn flood – to disable this flooding behaviour

ip igmp profile 1

permit/deny

range 239.0.0.0

int fa0/1

ip igmp profile – used for filtering igmp at layer 2 port they are either permit or deny permit allows the group but only that group deny disallows the specfied group but allows all others

ip igmp max-group “nn” - limits the number of groups allowed to join on interface

ip igmp max-groups action deny | replace – so new groups either the denied if reach max or replaced if reaches max

mvr

mvr vlan “xx”

mvr group “group address”

mvr query time 15 - so mcast floods to specfic vlan then when joins are sent from ports on different ports on different vlans they intercepted and get access to mvr traffic vlan and recieve mcast flow Multicast does not have enabled on switch used alot in metro ethernet enviorment

for source ports we

mvr type source for reciever ports in other vlans mvr type reciever

Ipv6 multicast uses reserved range Ffxy::/8

where x = flags y = scope

scope are 1=node 2= link 5=site 8=organisation E= global



sample address are ff02::1 – all nodes ff02::2 – all routers

ff05::2 all routers ff05::1:3 all dhcp servers



ipv6 multicast-routing – enables pim on all interfaces by default to turn off go to interface and do

no ipv6 pim

sh ipv6 mld interface- replaces igmp mld mldv1 copies igmp v2 mld v2 copies igmpv3

ipv6 mld limit “number” - limit number groups on interface that can be joined

ipv6 mld query-interval- mld query interval fro groups

ipv6 mld querier timeout

ipv6 mld query-max-response-time

ipv6 mld access-group - all same functions as igmp equivlant

ipv6 pim rp-address “ipv6”- manually specify rp address on pim rrouters

ipv6 pim bsr candidate rp <ipv6> - candidate rp for bsr no autorp in ipv6

ipv6 pim bsr candidate bsr <ipv6> - candidate bsr

ipv6 pim bsr announced rp “ipv6” - statically configure a rp address on bsr for distribution

show ipv6 pim range-list – replacement for sh ip pim rp-mapping

sh ipv6 pim neighbors – instead of sh ip pim neighbors

int fa0/1

ipv6 mld join ff0e::1 – manually join an interfaces

sh ipv6 bsr election – view the multiple candidate rp on bsr



ff7Y:0ill <64bit rp prefix>:<32 bit group id> - embedded rp address

Y = scope ll= 8 bit rp address prefix lenght i = 4 interface id

e.g

rp address 2001:150:1:4::4/64 becomes



ff7E:0440:2001:150:1:4::1

so to break it up



ff 7 E is the scope 04 – 4 is interface id 40 is /64 is in hex 2001:150:1:4:: is the ipv6 address















1 comment: