Filtering multicast groups

Unanswered Question
Sep 17th, 2008

What is the best way to filter multicast groups on a router between a provider's network and ours? We are using AutoRP between the networks.


I have a set of multicast groups that I would like to permit and filter the rest. I tried using an access-group on the interface and is added too much CPU overhead. Is there a better way to filter the groups?


Thanks.


V/



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vladrac-ccna Wed, 09/17/2008 - 23:32

Hello Vaniello,


I believe the best way would be filtering the groups you dont want to join.


If you control the RP maybe you should use:

ip pim accept-rp {rp-address | auto-rp} [access-list]


Or simply dont allow any host to join the groups you dont want to receive traffic:

ip igmp access-group


To restrict hosts (receivers) on a subnet to joining only multicast groups that are permitted by a standard IP access list or to restrict hosts (receivers) on a subnet to membership to only the (S,G) channels that are permitted by an extended IP access list, use the ip igmp access-group command in interface configuration mode.


ip igmp access-group access-list


Let me know if this helps.


Vlad


vaniello Thu, 09/18/2008 - 12:09


This is a router to router connection where I want to filter the groups I receive from the remote router. Will the IGMP access groups filter multicast groups between two routers, versus hosts on a LAN?


Thanks.


V/

vladrac-ccna Fri, 09/19/2008 - 03:02

Hello


Are you doing multicast sparse-mode using auto RP?


there should be no multicat traffic to your router if no host joins the multicast groups.


Regards,

Vlad

vaniello Fri, 09/19/2008 - 13:03


I am using sparse-dense mode with auto RP. I was under the impression that I had to use sparse-dense mode.


Using the "ip multicast boundary" command I seem to be able to filter the groups on the connection between my router and the providers.


Unfortunately, the blocked multicast groups still seem to show up in the mroute table:


(*, 224.0.5.220), 00:13:32/00:03:02, RP 198.140.33.2, flags: SP

Incoming interface: FastEthernet1/0.10, RPF nbr 10.131.0.38

Outgoing interface list: Null


While hosts can not join this group, it clutters the mroute table.


V/

Actions

This Discussion