HSRP AWARE PIM
Address: 224.0.0.0 1110 0000.00000000.00000000.00000000 Netmask: 240.0.0.0 = 4
Multicast range
R2 ve R3 cihazlarımız var . R2 hsrp ipsi active yapmak istiyoruz.
R2(config-if)#ip pim redundancy HSRP1 hsrp dr-priority 100
R3(config-if)#ip pim redundancy HSRP1 hsrp dr-priority 10
R3 e de aynı konfig yapıldığında geçiş hızlanır.
R2:
interface GigabitEthernet1/0
ip address 10.10.10.2 255.255.255.0
ip pim sparse-mode
ip pim redundancy HSRP1 hsrp dr-priority 100
standby 1 ip 10.10.10.51
standby 1 priority 200
standby 1 preempt
standby 1 name HSRP1
no shut
R3:
interface GigabitEthernet1/0
ip address 10.10.10.3 255.255.255.0
ip pim sparse-mode
ip pim redundancy HSRP1 hsrp dr-priority 10
standby 1 ip 10.10.10.51
standby 1 preempt
standby 1 name HSRP1
no shut
R2 is now the PIM DR, R3 will now see two PIM neighbors on interface E0/2:
R3#sh ip pim nei e0/2
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
P - Proxy Capable, S - State Refresh Capable, G - GenID Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.0.0.1 Ethernet0/2 00:00:51/00:01:23 v2 0 / S P G
10.0.0.2 Ethernet0/2 00:07:24/00:01:23 v2 100/ DR S P
R5#sh ip pim nei
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
P - Proxy Capable, S - State Refresh Capable, G - GenID Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.0.0.2 Ethernet0/0 00:03:00/00:01:41 v2 100/ DR S P G
10.0.0.1 Ethernet0/0 00:03:00/00:01:41 v2 0 / S P G
10.0.0.3 Ethernet0/0 00:03:00/00:01:41 v2 1 / S P G
224.0.0.1 'den Membership Query gönderir, 224.0.0.13 hangi gruba üye oldugunu ogrenmek ıcin atılır. Sparse mode kullanılacaksa layer 3 server cihazların hepsinin rp addresine route'ları yazılmıs olmalıdır paketleri rpye tunel uzerinden gonderir. clientler multicast gruplarına join olacakları için herhangi bir ip alabilir.clientler icin ip nin onemi yoktur version 1 ve 2 icin.
he 224.0.0.0 – 224.0.0.255 range has been reserved by IANA to use for network protocols. All multicast IP packets in this range are not forwarded by routers between subnets. Let me give you an overview of reserved link-local multicast addresses, I’m sure you recognize some of the protocols:
[teaser]
[teaser]
| Address | Usage |
| 224.0.0.1 | All Hosts |
| 224.0.0.2 | All Multicast Routers |
| 224.0.0.3 | Unassigned |
| 224.0.0.4 | DVMRP Routers |
| 224.0.0.5 | OSPF Routers |
| 224.0.0.6 | OSPF DR/BDR Router |
| 224.0.0.7 | ST Routers |
| 224.0.0.8 | ST Hosts |
| 224.0.0.9 | RIPv2 Routers |
| 224.0.0.10 | EIGRP Routers |
| 224.0.0.11 | Mobile Agents |
| 224.0.0.12 | DHCP Server / Relay |
| 224.0.0.13 | All PIM Routers |
| 224.0.0.14 | RSVP Encapsulation |
| 224.0.0.15 | All CBT Routers |
| 224.0.0.16 | Designated SBM |
| 224.0.0.17 | All SBMS |
| 224.0.0.18 | VRRP |
| 224.0.0.19 – 255 | Unassigned |
Dense mode butun uc noktalarin multicast trafigi istedigini varsayar ve bir yayin oldugu anda bunu butun noktalara iletir daha sonra asagidaki routerlar eger yayini istemiyorlarsa 'prune' mesaji gondererek yayini keserler, Belli bir sure sonra yayini yapan router yine butun uc noktalara yayin yapmaya calisir. Dense mode ancak bir yayini uc noktalarin buyuk bir cogunlugu kullanacaksa tercih edilebilecek bir metoddur. eger uc noktalar az sayida ve / veya daginik yapida ise tercih edilmez. Ayrica dense mode 'source tree' kullanarak yani source adresinden broadcast yapmaya başlayarak yani öğrendiği interface dısında tum interfacelere yayin yapar sonrasında gereksizlere prune gönderir. yani yayinin ana kaynagi yayin yapan router'dir buradan asagiya dogru soyagaci gibi yayilir.
Dense mode da sender butun routerlardan aldigi interface disinda duyurulur sonrasinda register olan client alir
Sparse mode tam ters olarak davranir eger uc noktalardan biri yayin istiyorsa bana basvursun diye bekler. Ayrica yayini yayin yapan router gerceklestirmez onun yerine sizin belirleyeceginiz bir router 'Randevouz Point' (Randevu Noktasi) gorevini ustlenir. Bu routerin gorevi yayin isteyen ve gonderen routerlari birlestirmektir. Bu durumda topoloji Dense mode daki gibi 'source tree' degil bunun yerine 'shared tree' dir. Shared tree de soyagaci yayin yapan routerdan asagiya dogru ilerlemez bunun yerine Randevouz Point gorevini yapan routerdan asagiya dogru ilerler.Sparse mode daha olceklendirilebilir bir cozumdur yani daginik yapidaki uc noktalar ve yayin yapan routerlar oldugu zaman sparse mode dense mode dan daha iyi calisir. Sparse mode'un dezavantaji kurulumunun dense mode'a gore daha zor olmasidir.
For debugging:
-debug ip pim
debug ip mpacket 224.1.1.1debug ip igmp snooping 239.1.1.1
-show ip pim neig
-show ip pim int
- show ip mroute
show ip pim rp map
show ip igmp group
show ip igmp snooping querier
show ip igmp snooping groups
sh ip mroute 224.4.4.4
clear ip mroute *
Switch multicast gruba ornegin 239.1.1.1 uye olmak isteyen client igmp general query mac adresi ile gruba üye olur ve switch gelen paketi üye olan gruba gonderir.
Gönderilen interface dışında Dense mode yazılı olan tum interfacelerden paket gonderilir. İhtiyacı olmayan interfacelerden prune bana gönderme mesajı gonderilir.
Rp adresi bir süre sonra source ile receiver arasında daha kısa bir yol buldugunda prune mesajı gonderirir ve paket en kısa yoldan hedefe ulasır.
- show ip mroute
show ip pim rp map
show ip igmp group
show ip igmp snooping querier
show ip igmp snooping groups
sh ip mroute 224.4.4.4
clear ip mroute *
Switch multicast gruba ornegin 239.1.1.1 uye olmak isteyen client igmp general query mac adresi ile gruba üye olur ve switch gelen paketi üye olan gruba gonderir.
- IGMP General Query (0100.5e00.0001)
- IGMP LEAVE QUERY (0100.5e00.0002)
For layer 2 we also have a reserved prefix to use for multicast traffic. The 24-bit MAC address prefix 01-00-5E is reserved for layer 2 multicast. Unfortunately only half of the MAC addresses in this 24-bit prefix can be used for multicast, this means we only have 23 bits of MAC address space to use for multicast. Here’s an illustration:
Özet olarak clientler kendi mac'leri haricinde 0100.5e00.0001 mac adresi ile join olurlar.
SW1#
IGMPSN: Received IGMPv2 Report for group 239.1.1.1 received on Vlan 1, port Gi0/2
IGMPSN: group: Received IGMPv2 report for group 239.1.1.1 from Client 192.168.1.1 received on Vlan 1, port Gi0/2
L2MM: Add member: gda:0100.5e01.0101, adding Gi0/1
IGMPSN: mgt: added port Gi0/1 on gce 0100.5e01.0101, Vlan 1
IGMPSN: group: Created group 239.1.1.1
IGMPSN: Add v2 group 239.1.1.1 member port Gi0/2, on Vlan 1
L2MM: Add member: gda:0100.5e01.0101, adding Gi0/2
IGMPSN: mgt: added port Gi0/2 on gce 0100.5e01.0101, Vlan 1
IGMPSN: group: Added port Gi0/2 to group 239.1.1.1
IGMPSN: group: Forwarding 239.1.1.1 report to router portsGönderilen interface dışında Dense mode yazılı olan tum interfacelerden paket gonderilir. İhtiyacı olmayan interfacelerden prune bana gönderme mesajı gonderilir.
Sparse mode
Pim register stop mesajı rp den multicast sender gonderen routera gonderildiğinde kimse senin paketinle ilgilenmiyor bana gonderme dediği zaman rp 60 sn boyunca soylediği routerdan multicast server mesajı almaz.
Rp adresi bir süre sonra source ile receiver arasında daha kısa bir yol buldugunda prune mesajı gonderirir ve paket en kısa yoldan hedefe ulasır.
Ornek Konfigurasyonlar
Serial Multicast aktif fa'de ise değil mroute ile rp2'ye erişeceğiz.
R1
,hostname R1
!
ip cef
!
ip multicast-routing
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
ip pim sparse-mode
!
interface FastEthernet0/1
ip address 192.168.12.1 255.255.255.0
!
interface Serial0/0
ip address 192.168.21.1 255.255.255.0
ip pim sparse-mode
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
!
ip pim rp-address 1.1.1.1hostname R2
!
ip cef
!
ip multicast-routing
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
!
interface Serial0/0/0
ip address 192.168.21.2 255.255.255.0
ip pim sparse-mode
ip igmp join-group 239.1.1.1
!
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
!
ip pim rp-address 1.1.1.1
ip mroute 1.1.1.1 255.255.255.255 Serial0/0/0
R4;
ip multicast-routing
ip pim rp-address 3.3.3.3
interface FastEthernet0/0
ip address 172.16.1.100 255.255.255.0
ip pim dr-priority 20 (You are the Dr and it is major command because if you use hsrp ,vrrp,glbp dr , dr will have big address that can be standby ip address !!!!)
ip igmp join-group 239.39.39.39
ip igmp join-group 230.30.30.30
ip igmp join-group 231.31.31.31
ip route 3.3.3.3 255.255.255.255 172.16.1.1
ip route 192.168.0.0 255.255.0.0 172.16.1.1
RP;
ip multicast-routing
ip pim rp-address 3.3.3.3
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip pim sparse-mode
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
ip pim sparse-mode
!
interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
ip pim sparse-mode
ip route 192.168.0.0 255.255.0.0 1.1.1.2
R2;
ip multicast-routing
ip pim rp-address 3.3.3.3
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.0
ip pim sparse-mode
!
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip pim sparse-mode
!
interface FastEthernet1/0
ip address 192.168.0.1 255.255.255.0
ip pim sparse-mode
ip route 172.16.0.0 255.255.0.0 1.1.1.1
R3;
ip multicast-routing
ip pim rp-address 3.3.3.3
interface FastEthernet0/0
ip address 192.168.0.100 255.255.255.0
ip igmp join-group 239.39.39.39
ip route 3.3.3.3 255.255.255.255 192.168.0.1
ip route 172.16.1.0 255.255.255.0 192.168.0.1
ip route 192.168.0.0 255.255.0.0 192.168.0.1
---
burada statik olarak paket gönderimi yapıyoruz eğer cihazlar statik join olamışlar ise destination adresi 225.1.1.17 ise bu paketleri alttaki interface'lere gönder.
ip igmp snooping querier version 1
ip igmp snooping querier
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi1/0/1
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi1/0/2
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi1/0/3
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi1/0/4
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi2/0/1
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi2/0/2
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi2/0/3
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi2/0/4
switchlerin interfaceleri join etmek icin
ip address 10.51.1.2 255.255.255.0
ip igmp join-group 226.1.1.1
ip igmp join-group 225.1.1.1
---
Multicast Access List
If you configure PIM to operate in sparse mode, you must also choose one or more routers to be rendezvous points (RPs).
ip pim rp-address 2.2.2.2
access-list 10 permit 224.0.0.0 0.255.255.255
ip pim rp-address 2.2.2.2 10
1-1 ciscolara ozel source istekleride izin vermemek icin
2 Pim kosulugundan 1 tanesini ıptal etmek için
interface fastEthernet 0/0
MSDP
Yedeklilik Redundancy Konfigürasyonu
cihazlar üzerinde redundancy sağlamak için bir cok takla atılabılır track ile portun shut up yapılması gibi varyasyonlar bulunmaktadır. musteri tarafında yedeklılık ıcın msdp de bu seceneklerden bir tanesidir.
MSDP birbiri ile PIM dense mode veya sparse mode ile bagli olmayan Randevous Pointlerin birbirlerine multicast yayinlar hakkinda bilgi vermelerini saglar. rp adresleri farklı olabilir msdp ile bu farklı domainler haberleşebilir.
ASA FİREWALL MULTICAST
Asa firewall'ların defaultta bütün portlarında sparse mode acık gelir.
Ancak bazen statik olarak join olmanız gerekebilir, ayrıca istenirse access list te yazılabilir.
pim rp-address 2.2.2.2
access-list outside_multicast standard permit host 226.1.1.1
access-list global_access extended permit ip any any
interface GigabitEthernet0/0
nameif LINK_HAU
security-level 100
ip address 10.53.11.129 255.255.255.248
igmp access-group global_access
igmp join-group 226.1.1.1 ( ıt must write this command at outside interface because sometimes asa firewall not join some ip address.)
interface Port-channel2
lacp max-bundle 8
nameif outside
security-level 1
ip address 10.53.100.22 255.255.255.0
igmp access-group outside_multicast
igmp join-group 226.1.1.1
interface GigabitEthernet1/0
channel-group 2 mode on
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/1
channel-group 2 mode on
no nameif
no security-level
----
AUTO-RP
PIM ASSERT
Eger source adresinden gruplara giden mesaj 2 yoldan da gidebiliyorsa , cihazlar assert mesajı göndererek 1 yol kapatılır. Kapatılma işleminde 3 kurala bakılır
1- AD Administrative distance
2- Hop count metric
3-En yuksek ip adresi
---------------------
ip service reflect states anything coming inbound on Fast1/0 destined for 10.1.1.2 convert it to multicast and publish it on group 239.1.1.1 with a source of 10.1.1.2.
eger paket cihazın inbound bacagından dest. 10.1.1.2 ile gelirse cihaz bunu outbound bacagında source 10.1.1.2 olarak alıp destination 239.1.1.1 olarak yayınlar.
Once the reflection is configured on Vif1, any traffic destined to the multicast group 239.1.1.1 will be translated as unicast to 22.22.22.3 with a source address of 10.1.1.2.
Let's ping 239.1.1.1 from R1 so we can mimic some multicast traffic and watch debug on R2 and wireshark from R2 Fast1/0 perspective.
239.1.1.1 e ping attığımızda 22.22.22.3 unicast ipsine çevirecektir eğer paketin source addresi 10.1.1.2 ise.
burada statik olarak paket gönderimi yapıyoruz eğer cihazlar statik join olamışlar ise destination adresi 225.1.1.17 ise bu paketleri alttaki interface'lere gönder.
ip igmp snooping querier version 1
ip igmp snooping querier
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi1/0/1
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi1/0/2
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi1/0/3
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi1/0/4
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi2/0/1
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi2/0/2
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi2/0/3
ip igmp snooping vlan 1 static 225.1.1.17 interface Gi2/0/4
switchlerin interfaceleri join etmek icin
ip address 10.51.1.2 255.255.255.0
ip igmp join-group 226.1.1.1
ip igmp join-group 225.1.1.1
---
Multicast Access List
If you configure PIM to operate in sparse mode, you must also choose one or more routers to be rendezvous points (RPs).
ip pim rp-address 2.2.2.2
access-list 10 permit 224.0.0.0 0.255.255.255
ip pim rp-address 2.2.2.2 10
1-1 ciscolara ozel source istekleride izin vermemek icin
hostname R1
!
ip cef
!
ip multicast-routing
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
ip pim sparse-mode
!
ip pim rp-address 192.168.12.1
ip pim accept-register list SOURCES
!
ip access-list extended SOURCES
deny ip host 192.168.12.2 host 239.1.1.1
permit ip host 192.168.12.2 any
!
end2 Pim kosulugundan 1 tanesini ıptal etmek için
interface fastEthernet 0/0
ip pim neighbor-filter 1
access-list 1 deny KOMSUNUN IPSI
-----
access-list 1 permit 224.10.10.0 0.0.0.255
interface FastEthernet0/0
3
R1:
access-list 1 permit 224.10.10.0 0.0.0.255
interface FastEthernet0/0
ip address 192.168.123.2 255.255.255.0
ip igmp access-group 1
ip pim sparse-mode
R1:
hostname R1
!
ip cef
!
ip multicast-routing
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
ip pim sparse-mode
!
ip pim rp-address 192.168.12.1
ip pim accept-register list SOURCES
!
ip access-list extended SOURCES
deny ip host 192.168.12.2 host 239.1.1.1
permit ip host 192.168.12.2 any
!
end
R2
DR selection
interface loopback 0
ip pim dr-priority 200
--hostname R2
!
ip cef
!
ip multicast-routing
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
ip pim sparse-mode
!
ip pim rp-address 192.168.12.1
!
endDR selection
interface loopback 0
ip pim dr-priority 200
MSDP
Yedeklilik Redundancy Konfigürasyonu
cihazlar üzerinde redundancy sağlamak için bir cok takla atılabılır track ile portun shut up yapılması gibi varyasyonlar bulunmaktadır. musteri tarafında yedeklılık ıcın msdp de bu seceneklerden bir tanesidir.
MSDP birbiri ile PIM dense mode veya sparse mode ile bagli olmayan Randevous Pointlerin birbirlerine multicast yayinlar hakkinda bilgi vermelerini saglar. rp adresleri farklı olabilir msdp ile bu farklı domainler haberleşebilir.
The idea behind anycast RP is that we configure a single IP address on multiple routers and advertise it in our IGP. When you have multiple RPs with the same IP address, it means that our sources and receivers will always be routed to the closest RP based on the unicast routing table. PIM Join messages from receivers might be sent to one RP, while PIM designated routers register their local sources to another RP.
To make sure that all Rendezvous points know about all the different sources out there we will use MSDP (Multicast Source Discovery Protocol). Normally MSDP is used to allow multicast routing between different autonomous systems but it’s also a great companion for anycast RP.
Configuration
Let’s look at an example how we can configure anycast RP. This is the topology that I will use:
In this scenario R1 will be the source and R4 will be the receiver for a multicast stream. R2 and R3 will be our Rendezvous points. Before we get to the interesting stuff we’ll have to do our homework. I will enable OSPF on all interfaces so that our routing tables are filled:
R1,R2,R3 & R4:
(config)#router ospf 1
(config-router)#network 0.0.0.0 255.255.255.255 area 0
Don’t forget to enable multicast routing on R2 and R3 because they’ll have to forward the multicast packets:
R2 & R3:
(config)#ip multicast-routing
And make sure to enable PIM on the interfaces facing the source (R1), the receiver (R4) and between R2/R3:
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip pim sparse-mode
R2(config-if)#exit
R2(config)#interface fastEthernet 0/1
R2(config-if)#ip pim sparse-modeR3(config)#interface fastEthernet 0/0
R3(config-if)#ip pim sparse-mode
R3(config-if)#exit
R3(config)#interface fastEthernet 0/1
R3(config-if)#ip pim sparse-mode
Now we get to the interesting part. We’ll create a new loopback interface on R2 and R3 where we configure the same IP address as the Rendezvous Point:
R2 & R3:
(config)#interface loopback 0
(config-if)#ip address 23.23.23.23 255.255.255.255
Make sure you advertise this address in your IGP. Because I used the network 0.0.0.0 255.255.255.255 command for OSPF it will be automatically advertised. All routers that need to forward multicast traffic will have to know where the RP is, you can use AutoRP, Bootstrap or static addresses for this. To keep things simple I’ll use the static method:
R2 & R3:
(config)#ip pim rp-address 23.23.23.23
Now we will configure R4 to join a multicast group address (I’ll pick 239.1.1.1) and we’ll take a look which RP it will join:
R4(config)#interface fastEthernet 0/0
R4(config-if)#ip igmp join-group 239.1.1.1
Of course R3 will be the closest RP for R4 so you’ll find a (*,G) entry for 239.1.1.1:
R3#show ip mroute 239.1.1.1
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.1.1.1), 00:06:35/00:02:08, RP 23.23.23.23, flags: SJC
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet0/1, Forward/Sparse, 00:06:35/00:02:08
Right now nobody is sending anything to this multicast group address. Let’s send some pings from R1 to 239.1.1.1 to get the packets flowing…
R1#ping 239.1.1.1 repeat 5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 239.1.1.1, timeout is 2 seconds:
.....
None of our multicast packets make it to the receiver…any idea why? Let’s look at the multicast routing table on R2:
R2#show ip mroute 239.1.1.1
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.1.1.1), 00:01:17/stopped, RP 23.23.23.23, flags: SP
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null
(192.168.12.1, 239.1.1.1), 00:00:51/00:02:50, flags: PT
Incoming interface: FastEthernet0/0, RPF nbr 0.0.0.0
Outgoing interface list: Null
R2 is the closest RP for R1 and you can see the (192.168.12.1, 239.1.1.1) entry. There are no outgoing interfaces however…what about R3, our second RP?
R3#show ip mroute 239.1.1.1
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.1.1.1), 00:07:28/00:02:12, RP 23.23.23.23, flags: SJC
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet0/1, Forward/Sparse, 00:07:28/00:02:12
Nothing has changed on R3. We still see the outgoing interface but there is no incoming traffic! The problem here is that our source has joined one RP (R2) and the receiver has joined another RP (R3). The two Rendezvous Points are not sharing any information so we are stuck here. In order to solve this, R3 somehow needs to learn from R2 that there is an active source. This is exactly what MSDP will do for us!
To configure MSDP between the two RPs we’ll use two new loopback interfaces with unique IP addresses, it will look like this:
Let’s create the loopback interfaces and configure MSDP:
R2(config)#interface loopback1 R2(config-if)#ip address 2.2.2.2 255.255.255.255 R3(config-if)#exitR2(config)#ip msdp originator-id Loopback 1 R2(config)#ip msdp peer 3.3.3.3 connect-source Loopback 1
R3(config)#interface loopback1 R3(config-if)#ip address 3.3.3.3 255.255.255.255 R3(config-if)#exitR3(config)#ip msdp originator-id Loopback 1 R3(config)#ip msdp peer 2.2.2.2 connect-source Loopback 1
The ip msdp originator-id command is used to tell MSDP what IP address to use as an “ID” which is similar to the OSPF or BGP router ID. By default the router will select the highest IP address on the router which means that R2 and R3 both would have selected 23.23.23.23. If I don’t use this command then MSDP will be unable to form a peering between R2 and R3.
The ip msdp peer command is used to configure your MSDP peer, make sure to use the loopback interface as the source.
Verification
After a few seconds you will see the following on your console:
R2#
%MSDP-5-PEER_UPDOWN: Session to peer 3.3.3.3 going upR3#
%MSDP-5-PEER_UPDOWN: Session to peer 2.2.2.2 going up
MSDP appears to be alive, you can also use the following command to verify this:
R2#show ip msdp peer
MSDP Peer 3.3.3.3 (?), AS ?
Connection status:
State: Up, Resets: 0, Connection source: Loopback1 (2.2.2.2)
Uptime(Downtime): 00:01:36, Messages sent/received: 2/2
Output messages discarded: 0
Connection and counters cleared 00:03:06 ago
SA Filtering:
Input (S,G) filter: none, route-map: none
Input RP filter: none, route-map: none
Output (S,G) filter: none, route-map: none
Output RP filter: none, route-map: none
SA-Requests:
Input filter: none
Peer ttl threshold: 0
SAs learned from this peer: 0
Input queue size: 0, Output queue size: 0
MD5 signature protection on MSDP TCP connection: not enabledR3#show ip msdp peer 2.2.2.2
MSDP Peer 2.2.2.2 (?), AS ?
Connection status:
State: Up, Resets: 0, Connection source: Loopback1 (3.3.3.3)
Uptime(Downtime): 00:01:49, Messages sent/received: 2/2
Output messages discarded: 0
Connection and counters cleared 00:02:41 ago
SA Filtering:
Input (S,G) filter: none, route-map: none
Input RP filter: none, route-map: none
Output (S,G) filter: none, route-map: none
Output RP filter: none, route-map: none
SA-Requests:
Input filter: none
Peer ttl threshold: 0
SAs learned from this peer: 0
Input queue size: 0, Output queue size: 0
MD5 signature protection on MSDP TCP connection: not enabled
Now before we start another ping from R1 to see some MSDP magic, I’ll activate a debug so you can see what MSDP does ‘behind the scenes’ :
R2#:
debug ip msdp detail
MSDP Detail debugging is on
Now let’s start that ping from R1 again:
R1#ping 239.1.1.1 repeat 5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 239.1.1.1, timeout is 2 seconds:
Reply to request 0 from 192.168.34.4, 12 ms
Reply to request 1 from 192.168.34.4, 12 ms
Reply to request 2 from 192.168.34.4, 12 ms
Reply to request 3 from 192.168.34.4, 8 ms
Reply to request 4 from 192.168.34.4, 12 ms
Great! it’s working…but why? Take a look at the debug on R3:
R3#
MSDP(0): WAVL Insert SA Source 192.168.12.1 Group 239.1.1.1 RP 2.2.2.2 Successful
MSDP(0): Forward decapsulated SA data for (192.168.12.1, 239.1.1.1) on FastEthernet0/1
R3 has learned about a new active source because of a SA (Source-Active) MSDP message from R2. It will use this information to fill its multicast routing table. You can use the following command to see what sources MSDP has learned:
R3#show ip msdp sa-cache
MSDP Source-Active Cache - 1 entries
(192.168.12.1, 239.1.1.1), RP 2.2.2.2, AS ?,00:03:01/00:05:29, Peer 2.2.2.2
What do our multicast routing tables look like now? Let’s take a look:
R2#show ip mroute 239.1.1.1
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.1.1.1), 00:12:40/stopped, RP 23.23.23.23, flags: SP
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null
(192.168.12.1, 239.1.1.1), 00:03:31/00:03:27, flags: TA
Incoming interface: FastEthernet0/0, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet0/1, Forward/Sparse, 00:03:31/00:02:57
R2 has added the interface towards R3 in its outgoing interface list. What about R3?
R3#show ip mroute 239.1.1.1
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.1.1.1), 00:18:28/stopped, RP 23.23.23.23, flags: SJC
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet0/1, Forward/Sparse, 00:18:28/00:02:11
(192.168.12.1, 239.1.1.1), 00:03:52/00:02:51, flags: MT
Incoming interface: FastEthernet0/0, RPF nbr 192.168.23.2
Outgoing interface list:
FastEthernet0/1, Forward/Sparse, 00:03:52/00:02:11
Here we can now find the incoming interface for the (192.168.12.1, 239.1.1.1) entry. Also take a close look at the flags…there’s an “M” for MSDP created entry here.
ASA FİREWALL MULTICAST
Asa firewall'ların defaultta bütün portlarında sparse mode acık gelir.
Ancak bazen statik olarak join olmanız gerekebilir, ayrıca istenirse access list te yazılabilir.
pim rp-address 2.2.2.2
access-list outside_multicast standard permit host 226.1.1.1
access-list global_access extended permit ip any any
interface GigabitEthernet0/0
nameif LINK_HAU
security-level 100
ip address 10.53.11.129 255.255.255.248
igmp access-group global_access
igmp join-group 226.1.1.1 ( ıt must write this command at outside interface because sometimes asa firewall not join some ip address.)
interface Port-channel2
lacp max-bundle 8
nameif outside
security-level 1
ip address 10.53.100.22 255.255.255.0
igmp access-group outside_multicast
igmp join-group 226.1.1.1
interface GigabitEthernet1/0
channel-group 2 mode on
no nameif
no security-level
no ip address
!
interface GigabitEthernet1/1
channel-group 2 mode on
no nameif
no security-level
----
AUTO-RP
- ip pim send-rp-discovery interface_address scope number
- ip pim send-rp-announce interface_address scope number
hostname R1
!
no ip domain lookup
ip multicast-routing
ip cef
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip pim sparse-dense-mode
!
interface GigabitEthernet0/1
ip address 192.168.12.1 255.255.255.0
ip pim sparse-dense-mode
!
interface GigabitEthernet0/2
ip address 192.168.1.254 255.255.255.0
ip pim sparse-dense-mode
!
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.12.0 0.0.0.255 area 0
!
ip pim send-rp-announce Loopback0 scope 5 group-list MULTICAST_GROUPS
ip pim send-rp-discovery Loopback0 scope 5
!
ip access-list standard MULTICAST_GROUPS
permit 239.1.1.1
!
end
The first command is to establish the mapping agent which is responsible
for listening to the group 224.0.1.39 for rp announcements and caching
the rp to group mappings and sending those rp to group mappings to the
224.0.1.39 group. The second commands is configured on the rp candidate
and is elected based on high ip address.
R2(config)#ip pim send-rp-discovery loopback 0 scope 10
R3(config)#ip pim send-rp-discovery loopback 0 scope 10
R4(config)#ip pim send-rp-announce loopback 0 scope 10 (R4 tüm network icin rp olur )
R4(config)#ip pim send-rp-discovery loopback 0 scope 10
R5:(primary RP – 10.5.5.5)
| ip pim send-rp-announce Loopback0 scope 255 |
R3:(Secondary RP – 10.3.3.3)
| ip pim send-rp-announce Loopback0 scope 255 |
R2:(mapping agent)
| ip pim send-rp-discovery Loopback0 scope 255 |
PIM ASSERT
Eger source adresinden gruplara giden mesaj 2 yoldan da gidebiliyorsa , cihazlar assert mesajı göndererek 1 yol kapatılır. Kapatılma işleminde 3 kurala bakılır
1- AD Administrative distance
2- Hop count metric
3-En yuksek ip adresi
---------------------
Converting Unicast to Multicast
http://ithitman.blogspot.com.tr/2013/02/converting-unicast-to-multicast.html
interface Vif1
ip address 10.1.1.1 255.255.255.0
ip service reflect FastEthernet1/0 destination 10.1.1.2 to 239.1.1.1 mask-len 32 source 10.1.1.2
ip pim sparse-modeip service reflect states anything coming inbound on Fast1/0 destined for 10.1.1.2 convert it to multicast and publish it on group 239.1.1.1 with a source of 10.1.1.2.
eger paket cihazın inbound bacagından dest. 10.1.1.2 ile gelirse cihaz bunu outbound bacagında source 10.1.1.2 olarak alıp destination 239.1.1.1 olarak yayınlar.
Converting Multicast to Unicast
http://ithitman.blogspot.com/2013/03/converting-multicast-to-unicast.html
interface Vif1
ip address 10.1.1.1 255.255.255.0
ip service reflect FastEthernet1/0 destination 239.1.1.1 to 22.22.22.3 mask-len 24 source 10.1.1.2
ip pim sparse-mode
ip igmp static-group 239.1.1.1 Once the reflection is configured on Vif1, any traffic destined to the multicast group 239.1.1.1 will be translated as unicast to 22.22.22.3 with a source address of 10.1.1.2.
Let's ping 239.1.1.1 from R1 so we can mimic some multicast traffic and watch debug on R2 and wireshark from R2 Fast1/0 perspective.
239.1.1.1 e ping attığımızda 22.22.22.3 unicast ipsine çevirecektir eğer paketin source addresi 10.1.1.2 ise.
Hiç yorum yok:
Yorum Gönder