Wednesday, May 20, 2009

Configuring IPv4 Multicast on Campus Lan

Hi all, this week I have to configure IPv4 multicast on my campus lan, first as usual I read this cisco doc:
Cisco IOS IP Multicast Configuration Guide, Release 12.4

Then I made a lab to understand how to configure sparse-mode pim:



The goal here is use multicast "private" groups (239.0.0.0/8) inside the campus lan and use the Isp's RP for global groups (224...)

Here the most relevant configuration parts:

CORE:
Pod2-R5#
ip multicast-routing
!
interface Loopback0
desc Used as Rendezvous Point
ip address 172.17.0.1 255.255.255.255
!
interface FastEthernet0/13
description 2R5 <-> 2R2
no switchport
ip address 172.16.16.5 255.255.255.252
ip pim sparse-mode
ip sap listen
!
interface FastEthernet0/17
description 2R5 <-> 2R4
no switchport
ip address 172.16.16.1 255.255.255.252
ip pim sparse-mode
ip sap listen
end
!
interface FastEthernet0/24
description 2R5 <-> 1R6 (Provider with SM-RP)
no switchport
ip address 192.168.25.2 255.255.255.252
ip pim bsr-border
ip pim sparse-mode
ip multicast boundary 90
end
!
ip pim rp-address 172.17.0.2 99 !-- (Provider's RP)
ip pim rp-address 172.17.0.1 98 !-- (My lo0, Core Campus RP)
!
access-list 90 deny 239.0.0.0 0.255.255.255
access-list 90 permit any
access-list 98 permit 239.0.0.0 0.255.255.255
access-list 98 deny any
access-list 99 deny 239.0.0.0 0.255.255.255
access-list 99 permit any
!
router ospf 1
log-adjacency-changes
network 172.16.16.0 0.0.0.3 area 0
network 172.16.16.4 0.0.0.3 area 0
network 172.17.0.1 0.0.0.0 area 0
default-information originate always


Distribution:
Pod2-R2#

ip multicast-routing
!
interface FastEthernet0/13
no switchport
ip address 172.16.16.6 255.255.255.252
ip pim sparse-mode
ip sap listen
!
interface Vlan2
ip address 192.168.0.1 255.255.255.0
ip pim sparse-mode
ip sap listen
!
router ospf 1
log-adjacency-changes
network 172.16.16.4 0.0.0.3 area 0
network 192.168.0.1 0.0.0.0 area 0
!
ip pim rp-address 172.17.0.2 99
ip pim rp-address 172.17.0.1 98
!
access-list 98 permit 239.0.0.0 0.255.255.255
access-list 98 deny any
access-list 99 deny 239.0.0.0 0.255.255.255
access-list 99 permit any


Access:

On access switches, let's enable IGMP snooping to avoid switches flood multicast traffic through all ports:


Pod2-R3#conf t
Pod2-R3(config)#ip igmp snooping


Clients:
in this lab I used 4 routers as multicast clients, mainly to verify IGMP snooping:

Pod1-R4#sh run int fa 0/0
!
interface FastEthernet0/0
ip address 192.168.0.2 255.255.255.0
ip igmp join-group 239.1.1.1 !-- joined 2 groups to see 2 RP's working
ip igmp join-group 224.10.15.10
duplex auto
speed auto
end

Let's check:
Pod2-R3#sh ip igmp snooping groups
Vlan Group Version Port List
------------------------------------------------------------
2 239.1.1.1 v2 Fa0/2
2 224.2.127.254 v2 Fa0/11
2 224.10.15.10 v2 Fa0/1, Fa0/2 !-- both clients have joined..
2 239.255.255.255 v2 Fa0/11

Pod2-R3#sh ip igmp snooping querier
Vlan IP Address IGMP Version Port
----------------------------------------------------------------
2 192.168.0.1 v2 Fa0/11

Pod2-R3#sh ip igmp snooping vlan 2
Global IGMP Snooping configuration:
-----------------------------------
IGMP snooping : Enabled
IGMPv3 snooping (minimal) : Enabled
Report suppression : Enabled
TCN solicit query : Disabled
TCN flood query count : 2
Last Member Query Interval : 1000

Vlan 2:
--------
IGMP snooping : Enabled
IGMPv2 immediate leave : Disabled
Explicit host tracking : Enabled
Multicast router learning mode : pim-dvmrp
Last Member Query Interval : 1000
Source only learning age timer : 10
CGMP interoperability mode : IGMP_ONLY

Pod2-R3#



Ok, let's take a look to the multicast routing table on Core after an extended ping to 224.10.15.10 and 239.1.1.1:
Pod2-R5# sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 239.1.1.1), 05:11:34/00:03:28, RP 172.17.0.1, flags: S
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet0/13, Forward/Sparse, 05:11:34/00:03:28

(192.168.1.3, 239.1.1.1), 00:00:16/00:03:29, flags: T
Incoming interface: FastEthernet0/17, RPF nbr 172.16.16.2
Outgoing interface list:
FastEthernet0/13, Forward/Sparse, 00:00:16/00:03:28, H

(*, 224.10.15.10), 01:24:38/00:03:06, RP 172.17.0.2, flags: S
Incoming interface: FastEthernet0/24, RPF nbr 192.168.25.1
Outgoing interface list:
FastEthernet0/13, Forward/Sparse, 01:14:57/00:02:59, H

(192.168.1.2, 224.10.15.10), 00:00:27/00:03:29, flags: T
Incoming interface: FastEthernet0/17, RPF nbr 172.16.16.2
Outgoing interface list:
FastEthernet0/13, Forward/Sparse, 00:00:27/00:03:02, H

Pod2-R5#

As you can see, RP addresses are correctly configured for both groups.


Next step will be Pim configuration of all campus Lan L3 (something about 33 distribution L3 switches and routers).

Stay tuned to see tips and tricks about the configuration of IGMP snooping [and hopefully not CGMP] on various access layer platforms (we have something like two thousands 2900xl/2950/2960/3500xl/3550/3560 and suddently 500 series ;-) )



TIP #1:
on 3750 L3 switches, due to stack capabilities, "ip multicast-routing distributed" is required to enable multicast routing globally.

TIP #2:
if you have a 3524XL (cgmp only) connected to a igmp capable switch as follows:


-First of all, ensure that your 3560 supports CGMP using Cisco Feature Navigator (feature name: CGMP - Cisco Group Management Protocol )
-then look at 3524:
L2-P0-3#sh version 
Cisco Internetwork Operating System Software
IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC3b, RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Fri 15-Feb-02 10:51 by antonino
Image text-base: 0x00003000, data-base: 0x00337600

ROM: Bootstrap program is C3500XL boot loader

L2-P0-3 uptime is 9 weeks, 3 days, 16 hours, 41 minutes
System returned to ROM by power-on
System restarted at 17:49:03 MET Mon Mar 30 2009
System image file is "flash:c3500XL-c3h2s-mz.120-5.WC3b.bin"

....

L2-P0-3#sh cgmp state
CGMP is running.
CGMP Fast Leave is not running.
CGMP Allow reserved address to join GDA .
Default router timeout is 300 sec.
L2-P0-3#

L2-P0-3#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
...
11 p0 active Fa0/2, Fa0/3, Fa0/4, Fa0/5,
Fa0/6, Fa0/7, Fa0/8, Fa0/9,
Fa0/10, Fa0/11, Fa0/12, Fa0/13,
Fa0/14, Fa0/15, Fa0/16, Fa0/17,
Fa0/18, Fa0/19, Fa0/20, Fa0/21,
Fa0/22, Fa0/23, Fa0/24
....

Here I have all ports on the same Vlan, so I have to configure the interface Vlan11 only on the L3.

-On the 3560 let's take a look on the igmp snooping status for vlan11:
L2-P0-2#sh ip igmp snooping vlan 11
Global IGMP Snooping configuration:
-------------------------------------------
IGMP snooping : Enabled
IGMPv3 snooping (minimal) : Enabled
Report suppression : Enabled
TCN solicit query : Disabled
TCN flood query count : 2
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000

Vlan 11:
--------
IGMP snooping : Enabled
IGMPv2 immediate leave : Disabled
Multicast router learning mode : pim-dvmrp
CGMP interoperability mode : IGMP_ONLY
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000


-then enable CGMP on the L3's interface vlan 11:
L3#sh ip igmp snooping vlan 11
Global IGMP Snooping configuration:
-----------------------------------
IGMP snooping : Enabled
IGMPv3 snooping (minimal) : Enabled
Report suppression : Enabled
TCN solicit query : Disabled
TCN flood query count : 2
Last Member Query Interval : 1000

Vlan 11:
--------
IGMP snooping : Enabled
IGMPv2 immediate leave : Disabled
Explicit host tracking : Enabled
Multicast router learning mode : pim-dvmrp
Last Member Query Interval : 1000
CGMP interoperability mode : IGMP_ONLY

L3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
L3(config)#int vlan 11
L3(config-if)#ip cgmp
L3(config-if)#exit
L3(config)#exit

L3#sh ip igmp snooping vlan 11
Global IGMP Snooping configuration:
-----------------------------------
IGMP snooping : Enabled
IGMPv3 snooping (minimal) : Enabled
Report suppression : Enabled
TCN solicit query : Disabled
TCN flood query count : 2
Last Member Query Interval : 1000

Vlan 11:
--------
IGMP snooping : Enabled
IGMPv2 immediate leave : Disabled
Explicit host tracking : Enabled
Multicast router learning mode : pim-dvmrp
Last Member Query Interval : 1000
CGMP interoperability mode : IGMP_CGMP

-If your 3560 Ios supports CGMP, it will automatically detect CGMP and turn it on for vlan11 (otherwise it still in IGMP_ONLY mode):
L2-P0-2#sh ip igmp snooping vlan 11
Global IGMP Snooping configuration:
-------------------------------------------
IGMP snooping : Enabled
IGMPv3 snooping (minimal) : Enabled
Report suppression : Enabled
TCN solicit query : Disabled
TCN flood query count : 2
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000

Vlan 11:
--------
IGMP snooping : Enabled
IGMPv2 immediate leave : Disabled
Multicast router learning mode : pim-dvmrp
CGMP interoperability mode : IGMP_CGMP
Robustness variable : 2
Last member query count : 2
Last member query interval : 1000