CCIE Pursuit Blog

August 6, 2009

Core Knowledge Question of the Day: 06 August 2009

By default, when does a Cisco router switch over from the root-path-tree to the source-specific SPT?

Highlight for answer: When the first packet is received from the shared tree.  You can change this with the ‘ip pim spt-threshold’ command.

August 17, 2008

Internetwork Expert Volume II: Lab 8 – Section 5

Section 5 – IP Multicast – 11 Points

5.1 PIM

Basic multicast task. We are not told which PIM mode to use, but by reading ahead we can see that we’ll be using Auto-RP so we’ll need sparse-dense mode.

Sparse-Dense Mode for Auto-RP

5.2 Auto-RP

Configure r1 and r2 to use Auto-RP and announce their lo0 interfaces as candidate RP’s.

Configuring Sparse Mode with Auto-RP

“Configure r3 to map all multicast groups with an even numbered first octet to r1 and odd-numbered to r2.”

There’s no “minimal configuration” stipulation so let’s just make so basic access-lists:

r1(config)#ip access-list standard TASK_5_2_EVEN
r1(config-std-nacl)#permit 224.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 226.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 228.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 230.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 232.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 234.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 236.0.0.0 0.255.255.255
r1(config-std-nacl)#permit 238.0.0.0 0.255.255.255

r1(config)#ip pim send-rp-announce lo0 scope 16 group-list TASK_5_2_EVEN

On r3(mapping agent) you will need to apply those same ACLs and then:

r3(config)#ip pim send-rp-discovery lo0 scope 16

Now we need to set up our rp-list ACLs:

r3(config)#ip access-list standard R1_LOOP
r3(config-std-nacl)#permit 150.1.1.1
r3(config-std-nacl)#ip access-list standard R2_LOOP
r3(config-std-nacl)#permit 150.1.2.2

Finally, we set our rp-announce-filters:

r3(config)#ip pim rp-announce-filter rp-list R1_LOOP group-list TASK_5_2_EVEN
r3(config)#ip pim rp-announce-filter rp-list R2_LOOP group-list TASK_5_2_ODD

For some reason I could not get the r2 to map even though my configuration was correct and r2 saw itself elected:

r2#sh ip pim rp map
PIM Group-to-RP Mappings
This system is an RP (Auto-RP)

The problem was that there was no multicast path to r2.  I forgot to configure PIM on the Multilink interfaces on r2 and r3.  DOH!!!

5.3 Multicast Distribution

Multicast traffic should switch to a source based tree once a source is sending 128Kbps or more.

ip pim spt-threshold

r1(config)#ip pim spt-threshold 128

5.4 Multicast Testing

Users in VLAN 4 cannot receive multicast feeds from VLAN 52. 

“Configure…so that r4 responds to ICMP echo requests sent the multicast group 224.4.4.4 from VLAN 52.”

First things first:

r4(config)#int f0/0
r4(config-if)#ip igmp join-group 224.4.4.4

These VLANs are on the spokes.  PIM NBMA mode is needed on the hub.

Before:

r5#p 224.4.4.4 source 174.1.45.5

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 174.1.45.5
.
r5#

r1(config-if)#ip pim nbma-mode
PIM nbma-mode is not recommended for sparse-dense-mode

After:

r5#p 224.4.4.4 source 174.1.45.5

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.4.4.4, timeout is 2 seconds:
Packet sent with a source address of 174.1.45.5

Reply to request 0 from 174.1.145.4, 52 ms

5.5 Broadcast Distribution

This is a common scenario in which we need to map a multicast feed to a broadcast address using the ‘ip multicast helper-map’ command.

August 14, 2008

Internetwork Expert Volume II: Lab 12 – Section 6

Section 6 – IP Multicast – 8 Points

6.1 PIM

I doesn’t get any easier than this.  You’re asked to configure dense mode on specific interfaces.

6.2 Multicast Distribution

Users in VLAN 22 want access to a video feed on 225.25.25.25 (using UDP port 31337) from VLAN 17. For some reason (most likely because PIM is not configured on r3’s s1/3 :-)  ) r3 is not passing this traffic to r2.  Configure the network so that the users can receive traffic from this group.

“Do not enable PIM on any additional interfaces to accomplish this.”

Fuck.  There goes the easy solution.

This has me stumped.  The multicast path from VLAN 17 to VLAN 12 is broken at r3. Is there a way to change this traffic to unicast or broadcast traffic?  Yup.  :-)

ip multicast helper-map

To allow IP multicast routing in a multicast-capable internetwork between two broadcast-only internetworks, use the ip multicast helper-map command in interface configuration mode.

Configuring an Intermediate IP Multicast Helper Between Broadcast-Only Networks

r3:

Rack16R3(config)#ip access-list ex TASK_6_2
Rack16R3(config-ext-nacl)#permit udp any any eq 31337
Rack16R3(config)#ip forward-protocol udp 31337

Rack16R3(config)#int s1/3
Rack16R3(config-if)#ip directed-broadcast

Rack16R3(config)int s1/2
Rack16R3(config-if)ip multicast helper-map 225.25.25.25 129.16.23.255 TASK_6_2

r2:

Rack16R2(config)#ip forward-protocol udp 31337
Rack16R2(config)#ip access-list ex TASK_6_2
Rack16R2(config-ext-nacl)#permit udp any any eq 31337

Rack16R2(config-ext-nacl)#int s0/1
Rack16R2(config-if)#ip multicast helper-map broadcast 225.25.25.25 TASK_6_2

There are a lot of verification commands in the solution guide, but nothing as far a breakdown.

6.3 Static RP

Well you didn’t think that we were going to get away with just running dense-mode on three devices did you?  This task has you set up a pim-spare multicast network in the OSPF half of the network.

The weird bit is that we have to create loopback 1 on r4 and r5 and then give them the same address and advertise them into OSPF.

Then we need to configure r6 to use r4’s loopback 1 as the RP and sw2 to use r5’s loopback 1 as the RP.  If either should fail, then they should switch over to the other loopback 1 as the RP.  Remember, these loopbacks have the same /32 address.

Enter a command I’ve never heard of before”

ip msdp peer

To configure a Multicast Source Discovery Protocol (MSDP) peer, use the ip msdp peer command in global configuration mode.

Rack16R5(config)#ip msdp peer 150.16.4.4 connect-source lo0
Rack16R4(config)#ip msdp peer 150.16.5.5 connect-source lo0

Aug 12 14:05:14.346: %MSDP-5-PEER_UPDOWN: Session to peer 150.16.5.5 going up

After that bit is configured, just statically map your RP’s on r6 and sw2:

Rack16R6(config)#ip pim rp-address 150.16.0.255
Rack16SW2(config)#ip pim rp-address 150.16.0.255

Rack16R4#sh ip msdp peer
MSDP Peer 150.16.5.5 (?), AS 100
  Connection status:
    State: Up, Resets: 0, Connection source: Loopback0 (150.16.4.4)
    Uptime(Downtime): 00:00:37, Messages sent/received: 0/1
    Output messages discarded: 0
    Connection and counters cleared 00:00:37 ago
  SA Filtering:
    Input (S,G) filter: none, route-map: none
    Input RP filter: none, route-map: none
    Output (S,G) filter: none, route-map: none
    Output RP filter: none, route-map: none
  SA-Requests:
    Input filter: none
  Peer ttl threshold: 0
  SAs learned from this peer: 0
  Input queue size: 0, Output queue size: 0

Rack16R4#sh ip msdp summary
MSDP Peer Status Summary
Peer Address     AS    State    Uptime/  Reset SA    Peer Name
                                Downtime Count Count
150.16.5.5       100   Up       00:01:05 0     0     ?

Rack16R6#sh ip pim rp map
PIM Group-to-RP Mappings

Group(s): 224.0.0.0/4, Static
    RP: 150.16.0.255 (?)

Rack16SW2#sh ip pim rp mapp
PIM Group-to-RP Mappings

Group(s): 224.0.0.0/4, Static
    RP: 150.16.0.255 (?)

August 9, 2008

Internetwork Expert Volume II: Lab 5 – Section 6

Section 5 – IP Multicast – 9 Points

5.1 PIM

You are asked to configured IP Multicast on a number of specific interfaces.  You are not told which PIM mode to use, but the last requirement is:

“Multicast groups without an active RP should run in dense mode.”

This statement (and the following tasks) shows that there will be an RP.  We run sparse mode with RPs.  But we need to make sure that if a group finds itself without an active RP it should run in dense mode.  This means we need to run sparse-dense mode.

r1(config)#ip multicast-routing
r1(config)#int fa0/0
r1(config-if)#ip pim sparse-dense-mode

5.2 RP Assignment

Configure a couple of loopbacks as RP candidates via Auto-RP.  You are also asked to have r1 act as the mapping agent and to map 239.0.0.0-239.255.255.255 to r3 and 226.0.0.0-238.255.255.255 to r5.  The final requirement is:

“Use the minimum number of access-lists and access list entries on r1 to accomplish this.”

Let’s set up our RP candidates first

ip pim send-rp-announce

To use Auto-RP to configure groups for which the router will act as a rendezvous point (RP), use the ip pim send-rp-announce command in global configuration mode. To unconfigure this router as an RP, use the no form of this command.

r3:

r3(config)#int lo0
r3(config-if)#ip pim sparse-dense-mode

r3(config)#access-list 31 perm 239.0.0.0 0.255.255.255

r3(config)#ip pim send-rp-announce lo0 scope 16 group-list 31

The last requirement is for the minimal ACL lines on r1, not r5, so I can be as verbose as I like :-)

r5(config)#int lo0
r5(config-if)#ip pim sparse-dense-mode

r5(config)#access-list 51 perm 226.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 227.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 228.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 229.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 230.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 231.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 232.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 233.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 234.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 235.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 236.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 237.0.0.0 0.255.255.255
r5(config)#access-list 51 perm 238.0.0.0 0.255.255.255

Now the mapping agent:

r1(config)#int lo0
r1(config-if)#ip pim sparse-dense-mode

ip pim send-rp-discovery

r1(config)#ip pim send-rp-discovery lo0 scope 16

Okay.  Now to assign the correct RP to the correct groups:

ip pim rp-announce-filter

To filter incoming Auto-RP announcement messages coming from the rendezvous point (RP), use the ip pim rp-announce-filter command in global configuration mode. To remove the filter, use the no form of this command.

ip pim [vrf vrf-name] rp-announce-filter rp-list access-list group-list access-list
no ip pim [vrf vrf-name] rp-announce-filter rp-list access-list group-list access-list

Syntax Description
 vrf
 (Optional) Supports the multicast Virtual Private Network (VPN) routing and forwarding (VRF) instance.
 
vrf-name
 (Optional) Name assigned to the VRF.
 
rp-list access-list
 Specifies the number or name of a standard access list of RP addresses that are allowable for the group ranges

supplied in the group-list access-list combination.

group-list access-list
 Specifies the number or name of a standard access list that describes the multicast groups the RPs serve.

It looks like we’ll need two ACLs for each RP filter – one that matches the RP and another that matches the groups we want assigned that RP.

r1(config)#access-list 3 perm 150.1.3.3 <-r3’s loopback
r1(config)#access-list 5 perm 150.1.5.5 <-r3’s loopback

r1(config)#access-list 31 perm 239.0.0.0 0.255.255.255 <-groups associated with r3’s loopback

Now the hard part, or “How I Lost The Three Points”

I fell for the trap on the “minimal ACL:

226 – 1110|0010
238 – 1110|1110

224.0.0.0 15.255.255.255

r1(config)#access-list 51 perm 224.0.0.0 15.255.255.255

Unfortunately that range overlaps.  IE had the following:

access-list 51 deny 224.0.0.0 1.255.255.255
access-list 51 deny 239.0.0.0 0.255.255.255
access-list 51 permit 224.0.0.0 15.255.255.255

The first 2 lines deny the overlapping space.  There’s a nice breakdown on this in the solution guide.

I did get the rest correct, but I had already lost the 3 points:

r1(config)#ip pim rp-announce-filter rp-list 3 group-list 31
r1(config)#ip pim rp-announce-filter rp-list 5 group-list 51

r1#sh ip pim rp mapping 239.0.0.0
PIM Group-to-RP Mappings
This system is an RP-mapping agent (Loopback0)

Group(s) 239.0.0.0/8
  RP 150.1.3.3 (?), v2v1
    Info source: 150.1.3.3 (?), elected via Auto-RP
         Uptime: 00:18:32, expires: 00:02:23

r1#sh ip pim rp mapping 238.0.0.0
PIM Group-to-RP Mappings
This system is an RP-mapping agent (Loopback0)

Group(s) 238.0.0.0/8
  RP 150.1.5.5 (?), v2v1
    Info source: 150.1.5.5 (?), elected via Auto-RP
         Uptime: 00:01:38, expires: 00:02:21

5.3 Multicast Security

“For security reasons do not allow BB2 to become a PIM neighbor with r1.”

Cool.  Two easy points.

ip pim neighbor-filter

r1(config)#access-list 53 deny 192.10.1.254
r1(config)#access-list 53 permit any
r1(config)#int fa0/0
r1(config-if)#ip pim neighbor-filter 53

5.4 Multicast Filtering

Configure sw2 so that it will not receive any administratively scoped multicast groups.

I pulled this one out of my butt by searching for “administratively scoped” in the IP Multicast command reference.

ip multicast boundary

The configuration example was exactly what I need:

Examples
The following example shows how to set up an IP multicast boundary for all administratively scoped IPv4 multicast addresses by denying the entire administratively scoped IPv4 multicast address space (239.0.0.0/8).

All other Class D addresses are permitted (224.0.0.0/4).

access-list 1 deny 239.0.0.0 0.255.255.255
access-list 1 permit 224.0.0.0 15.255.255.255
interface ethernet 0
 ip multicast boundary 1

r3(config)#access-list 54 deny 239.0.0.0 0.255.255.255
r3(config)#access-list 54 permit 224.0.0.0 15.255.255.255
r3(config)#int fa0/0
r3(config-if)#ip multicast boundary 54

5.5 Multicast Distribution

Configure the network so that the multicast groups that use r3 as their RP must always use a shared tree.

Okay.  I had NO clue on this one.

ip pim spt-threshold

To configure when a Protocol Independent Multicast (PIM) leaf router should join the shortest path source tree for the specified group, use the ip pim spt-threshold command in global configuration mode.

If the infinity keyword is specified, all sources for the specified group will use the shared tree. Specifying a group list access list indicates the groups to which the threshold applies.

r1(config)#access-list 55 permit 239.0.0.0 0.255.255.255
r1(config)#ip pim spt-threshold infinity group-list 52

April 5, 2008

Internetwork Expert Volume II: Lab 6 – Section 5

IP Multicast – 8 Points

5.1  PIM

Easy task.  There is a typo in the task.  You need to configure pim dense-mode on sw1’s fa0/14 interface (not fa0/2).

Task 5.1 – typo error in the task description

5.2  PIM Filtering

Configure r1 so that it does not become a PIM neighbor with r5.  r5 should still allow clients on VLAN 5 to receive multicast traffic.

This is a case of multicast stub routing.  There is a very nice breakdown on this in the solution guide.  I’m still struggling with advanced multicast.  I need to take some time and review multicast.

Before:
r1(config)#do sh ip pim  neig
PIM Neighbor Table
Mode: B – Bidir Capable, DR – Designated Router, N – Default DR Priority,
      S – State Refresh Capable
Neighbor          Interface                Uptime/Expires    Ver   DR
Address                                                            Prio/Mode
191.1.125.5       Serial0/0                00:17:02/00:01:27 v2    1 / DR S
191.1.125.2       Serial0/0                00:18:55/00:01:32 v2    1 / S
191.1.13.3        Serial0/1                00:17:58/00:01:31 v2    1 / S

After:
*Mar  1 20:54:06.241: %PIM-5-NBRCHG: neighbor 191.1.125.5 DOWN on interface Serial0/0 DR
*Mar  1 20:54:06.241: %PIM-5-DRCHG: DR change from neighbor 191.1.125.5 to 191.1.125.2 on interface Serial0/0

r1(config-if)#do sh ip pim nei
PIM Neighbor Table
Mode: B – Bidir Capable, DR – Designated Router, N – Default DR Priority,
      S – State Refresh Capable
Neighbor          Interface                Uptime/Expires    Ver   DR
Address                                                            Prio/Mode
191.1.125.2       Serial0/0                00:20:49/00:01:37 v2    1 / DR S <-No more r5
191.1.13.3        Serial0/1                00:19:52/00:01:35 v2    1 / S

ip pim neighbor-filter

r5#sh ip igmp int fa0/0 | i help
  IGMP helper address is 191.1.125.1

ip igmp helper-address

5.3 IGMP

Configure VLAN 363 on r3 (fa0/0) to support IGMP version 1.

r3(config)#int fa0/0
r3(config-if)#ip igmp version 1

r3#sh ip igmp int fa0/0 | i ver
  Current IGMP host version is 1
  Current IGMP router version is 1

ip igmp version

5.4 Multicast Testing

Configure sw1 to forward traffic for multicast group 225.25.25.25 but do not allow sw1 to process switch this traffic.

ip igmp static-group

sw1(config)#int vlan 7
sw1(config-if)#ip igmp static-group 225.25.25.25

sw1#sh ip igmp group
IGMP Connected Group Membership
Group Address    Interface                Uptime    Expires   Last Reporter
225.25.25.25     Vlan7                00:00:25  stopped   0.0.0.0
224.0.1.40       FastEthernet0/14         00:39:18  00:02:30  191.1.27.2

sw1#sh ip multicast int vlan 7
Vlan7 is up, line protocol is up
  Internet address is 191.1.7.7/24
  Multicast routing: enabled
  Multicast switching: distributed   <-Should say process
  Multicast packets in/out: 0/0
  Multicast boundary: not set
  Multicast TTL threshold: 0
  Multicast Tagswitching: disabled

Hmmmmm…..I never could get my output to show process switching.  :-(

task 5.4 process switching

 

January 13, 2008

Internetwork Expert Volume II: Lab 4 – Section 5

Section 5 – Multicast – 8 Points

IE mixed it up a bit on this lab.  Usually BGP comes directly after IGP, but I get to deal with Multicast instead.  Oh joy!

5.1 PIM

This was about as easy of a task as you could ask for in Multicast.  You are given the PIM mode to configure, the interfaces to configure, and the devices to configure.  Really straight-forward task.

5.2 Auto-RP

Since we’re going to be using auto-rp, we need to configure ‘ip pim autorp listener’ on all Mulitcast devices (even the potential RPs).  Then we can announce our RPs:

ip pim autorp listener(Cisco still hasn’t fixed the 12.4 links)

ip pim send-rp-announce

r2(config)#access-list 10 permit 225.0.0.0 0.255.255.255
r2(config)#ip pim send-rp-announce lo0 scope 16 group-list 10
Must first configure PIM mode on the interface: Loopback0

r2(config)#int lo0
r2(config-if)#ip pim sparse-mode
*Jan 13 21:02:08.192: %PIM-5-DRCHG: DR change from neighbor 0.0.0.0 to 150.1.2.2 on interface Loopback0
r2(config-if)#exit
r2(config)#ip pim send-rp-announce lo0 scope 16 group-list 10

r2#sh ip pim rp mapping
PIM Group-to-RP Mappings
This system is an RP (Auto-RP)

We need to make sw2 “responsible for the group to RP mappings”:

ip pim send-rp-discovery

sw2(config)#ip pim send-rp-discovery lo0 scope 16
Non IP or PIM interface ignored in accepted command.

sw2(config)#int lo0
sw2(config-if)#ip pim sparse-mode
sw2(config-if)#exit
sw2(config)#ip pim send-rp-discovery lo0 scope 16

auto-rp is on the job:
sw2#sh ip pim rp mapping
PIM Group-to-RP Mappings
This system is an RP-mapping agent (Loopback0)

Group(s) 225.0.0.0/8
  RP 150.1.2.2 (?), v2v1
    Info source: 150.1.2.2 (?), elected via Auto-RP
         Uptime: 00:01:25, expires: 00:02:31
Group(s) 239.0.0.0/8
  RP 150.1.5.5 (?), v2v1
    Info source: 150.1.5.5 (?), elected via Auto-RP
         Uptime: 00:02:01, expires: 00:02:55

5.3 Multicast Testing

“Configure r3’s interface fa0/0 as a member of the multicast group 225.25.25.25 and interface fa0/1 as a member of 239.39.39.39.”
“Ensure that r3 responds to pings sent to these multicast groups from VLANs 12 and 43″

ip igmp join-group

r3(config)#int fa0/0
r3(config-if)#ip igmp join-group 225.25.25.25

r3#sh ip igmp groups
IGMP Connected Group Membership
Group Address    Interface                Uptime    Expires   Last Reporter   Gr
oup Accounted
225.25.25.25     FastEthernet0/0          00:00:14  00:02:45  141.1.37.3
224.0.1.40       FastEthernet0/0          00:42:49  00:01:58  141.1.37.7

r1#ping 225.25.25.25 re 1 source 192.10.1.1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 225.25.25.25, timeout is 2 seconds:
Packet sent with a source address of 192.10.1.1

Reply to request 0 from 141.1.123.3, 16 ms

Everything was going great, until: 

r4#ping 225.25.25.25 re 1 source 204.12.1.4

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 225.25.25.25, timeout is 2 seconds:
Packet sent with a source address of 204.12.1.4
.

r4#sh ip mroute 225.25.25.25

(*, 225.25.25.25), 00:00:20/stopped, RP 150.1.2.2, flags: SPF  
  Incoming interface: FastEthernet0/0, RPF nbr 141.1.145.5
  Outgoing interface list: Null

I had to look at the solution guide on this one.  I figured out that I needed ‘ip pim nbma-mode’ on r2, but I completely missed the fact that I needed to configure each end of the tunnel with ‘ip pim spare-mode’

5.4 Multicast Rate Limiting

“configure sw1 so that no more than 1Mbps of multicast traffic is sent out towards r3.”

Okay…this is new.  Time to mine the DOC.

ip multicast rate-limit

To control the rate a sender from the source list can send to a multicast group in the group list, use the ip multicast rate-limit command in interface configuration mode. To remove the control, use the no form of this command.

sw1(config-if)#int vlan7
sw1(config-if)#ip multicast rate-limit ?
  in   Rate limit incoming packets
  out  Rate limit outgoing packets

sw1(config-if)#ip multicast rate-limit out ?
  <0-4294967>  Rate in kilobits per second
  group-list   Rate limit for groups
  source-list  Rate limit for sources
  video        Rate limit video only
  whiteboard   Rate limit whiteboard only
  <cr>

sw1(config-if)#ip multicast rate-limit out 1000 ?
  <cr>

sw1(config-if)#ip multicast rate-limit out 1000

December 24, 2007

Internetwork Expert Volume II: Lab 3 – Section 6

Section 6 – Multicast – 8 Points

6.1 PIM

This was a basic task.  You need to configure IP Multicast on some fo the routers and then PIM on certain interfaces.  Make r5’s loopback 0 the RP for a certain set of multicast groups.  The rest should not use an RP.

So we know that we have a mixture of PIM dense and PIM sparse because certain Multicast groups will require an RP while others will not.  Thus we need to configure “ip pim sparse-dense-mode”.

Good luck looking at the 12.4 command reference though:

ip pim register-source IMC-183

The Page You Have Requested Is Not Available
The page you are trying to access may have been moved to a different location or removed. If you typed the address, please verify that the spelling is correct.

I’m not sure how you would handle this in the lab, but I just jumped to the 12.3 documentation:

To use lo0 (the wrong way):

ip pim register-source

To configure the IP source address of a register message to an interface address other than the outgoing interface address of the designated router (DR) leading toward the rendezvous point (RP), use the ip pim register-source command in global configuration mode. To disable this configuration, use the no form of this command.

ip pim [vrf vrf-name] register-source interface-type interface-number
no ip pim [vrf vrf-name] register-source interface-type interface-number

I had everything that I needed EXCEPT a way to limit the RP to certain Multicast groups.  I was completely lost.  The answer was easy, but I took a wrong turn with “ip pim register-source”.  I really need to review Multicast.

You need an ACL and these two commands:

ip pim send-rp-announce

To use Auto-RP to configure groups for which the router will act as a rendezvous point (RP), use the ip pim send-rp-announce command in global configuration mode. To unconfigure this router as an RP, use the no form of this command.

ip pim [vrf vrf-name] send-rp-announce interface-type interface-number scope ttl-value [group-list access-list] [interval seconds] [bidir]

no ip pim [vrf vrf-name] send-rp-announce interface-type interface-number scope ttl-value [group-list access-list] [interval seconds] [bidir]
ip pim send-rp-discovery

Don’t forget to configure ip pim on the RP interface:

r5(config)#ip pim send-rp-announce lo0 scope 16 group-list 69
Must first configure PIM mode on the interface: Loopback0

The solution guide has a nice write-up on this task.

Nice verification command:

r1#sh ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 225.0.0.0/8
  RP 150.6.5.5 (?), v2v1
    Info source: 150.6.5.5 (?), elected via Auto-RP
         Uptime: 00:02:04, expires: 00:02:51
Group(s) 226.0.0.0/8
  RP 150.6.5.5 (?), v2v1
    Info source: 150.6.5.5 (?), elected via Auto-RP
         Uptime: 00:02:04, expires: 00:02:54
Group(s) 227.0.0.0/8
  RP 150.6.5.5 (?), v2v1
    Info source: 150.6.5.5 (?), elected via Auto-RP
         Uptime: 00:02:04, expires: 00:02:55

6.2 Multicast Forwarding

ip igmp static-group

r2#sh ip igmp mem
Flags: A  – aggregate, T – tracked
       L  – Local, S – static, V – virtual, R – Reported through v3
       I – v3lite, U – Urd, M – SSM (S,G) channel
       1,2,3 – The version of IGMP the group is in
Channel/Group-Flags:
       / – Filtering entry (Exclude mode (S,G), Include mode (*,G))
Reporter:
       <mac-or-ip-address> – last reporter if group is not explicitly tracked
       <n>/<m>      – <n> reporter in include mode, <m> reporter in exclude

 Channel/Group                  Reporter        Uptime   Exp.  Flags  Interface
 *,228.22.22.22                 0.0.0.0         00:00:27 stop  2SA    Fa0/0
 *,224.0.1.39                   136.6.245.5     00:09:01 02:54 2A     Se0/0
 *,224.0.1.40                   136.6.29.2      00:19:26 02:51 2LA    Fa0/0

r2#sh ip mroute | sec 228.
(*, 228.22.22.22), 00:01:32/stopped, RP 0.0.0.0, flags: DC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial0/0, Forward/Sparse-Dense, 00:01:32/00:00:00
    FastEthernet0/0, Forward/Sparse-Dense, 00:01:32/00:00:00
(136.6.245.5, 228.22.22.22), 00:00:35/00:02:30, flags: T
  Incoming interface: Serial0/0, RPF nbr 136.6.245.5
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse-Dense, 00:00:35/00:00:00
(150.6.5.5, 228.22.22.22), 00:00:35/00:02:30, flags: T
  Incoming interface: Serial0/0, RPF nbr 136.6.245.5
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse-Dense, 00:00:35/00:00:00

6.3 Multicast Filtering

It took me a while to understand this question, but I was able get the points for this task (it really helps that the task was called “Multicast Filtering”).  :-)

Pretty simple config using and ACL and “ip igmp access-group”

ip igmp access-group

r4(config-ext-nacl)#int e0/0
r4(config-if)#ip igmp access-group FILTER_MULTI ?
  <cr>

This must be inbound only:

r4#sh ip igmp int e0/0
Ethernet0/0 is up, line protocol is up
  Internet address is 136.6.4.4/24
  IGMP is enabled on interface
  Current IGMP host version is 2
  Current IGMP router version is 2
  IGMP query interval is 60 seconds
  IGMP querier timeout is 120 seconds
  IGMP max query response time is 10 seconds
  Last member query count is 2
  Last member query response interval is 1000 ms
  Inbound IGMP access group is FILTER_MULTI
  IGMP activity: 1 joins, 0 leaves
  Multicast routing is enabled on interface
  Multicast TTL threshold is 0
  Multicast designated router (DR) is 136.6.4.4 (this system)
  IGMP querying router is 136.6.4.4 (this system)
  Multicast groups joined by this system (number of users):
      224.0.1.40(1)

If you look at the documentation for “ip igmp access-group” it has some interesting ACLs:

The following are examples of extended access lists:

The first part of the extended access list clause controls the source (multicast sender), and the second part of the extended access list clause controls the multicast group.

Deny all state for a group G
deny igmp any host G
permit igmp any any

Deny all state for a source S
deny igmp host S any
permit igmp any any

Permit all state for a group G
permit igmp any host G

Permit all state for a source S
permit igmp host S any

Filter a particular source for a group G
deny igmp host S host G
permit igmp any host G

6.4 Multicast Filtering

I had no idea on this one.  I gave it the old college try by going under the interface and looking at the options for “ip igmp” and “ip pim” to see if I could steal some points, but nothing looked promising:

r1(config-if)#ip igmp ?  [output filtered]
  last-member-query-count     IGMP last member query count
  last-member-query-interval  IGMP last member query interval
  querier-timeout             IGMP previous querier timeout
  query-interval              IGMP host query interval
  query-max-response-time     IGMP max query response value

r1(config-if)#ip pim ?
  bidir-neighbor-filter  PIM bidir capable peering filter
  bsr-border             Border of PIM domain
  dense-mode             Enable PIM dense-mode operation
  dr-priority            PIM router DR priority
  nbma-mode              Use Non-Broadcast Multi-Access (NBMA) mode on interface
  neighbor-filter        PIM peering filter
  query-interval         PIM router query interval
  sparse-dense-mode      Enable PIM sparse-dense-mode operation
  sparse-mode            Enable PIM sparse-mode operation
  state-refresh          PIM DM State-Refresh configuration
  version                PIM version
  <cr>

I should have done this:

r1(config-if)#ip multicast ?
  boundary       Boundary for administratively scoped multicast addresses
  helper-map     Broadcast to Multicast map OR Multicast to ip-address map
  rate-limit     Rate limit multicast data packets
  tagswitch      Enable IP Multicast Tagswitching
 ttl-threshold  TTL threshold for multicast packets

ip multicast ttl-threshold

December 2, 2007

Internetwork Expert Volume II: Lab 2 – Section 6

Section 6 – IP Multicast – 6 Points

Multicast is my absolute worst technology.  I had very little hope of getting any of these tasks correct because I really haven’t done a lot of multicast study.  This section turned out to be a pleasant surprise as the first two tasks were very easy. 

6.1 asks you to configure a number of interfaces in pim sparse-mode.  The task is  very straight-forward.  You are then asked to:

Configure r2’s most reliable interface as the RP for all multicast groups.

The most reliable interface must be lo0.  Two things to keep in mind: 1) if you make an interface the RP, you’d better configure it for multicast (pim sparse-mode in this case) even if the task does not explicitly list it (as it did not in this case), and 2) you need to configure the RP address on each device (“ip pim rp-address x.x.x.x”).

6.2 just requires you to use “ip igmp join-group”.

6.3 completely bewildered me.  The task described what would seem to be a complicated issue but it was resolved with “ip pim nbma-mode”.  Oh well, I’m pretty happy with getting the first two sections correct.

The Rubric Theme. Create a free website or blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 113 other followers