cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1742
Views
0
Helpful
14
Replies

SSM configuration Multicast

jdcompman1
Level 1
Level 1

Right now I thought I had everything setup to do SSM but I can't seem to get things working right. I have two multicasts:

10.0.0.50 239.192.111.1

10.0.0.51 239.192.111.1

And whenever I subscribe to 239.192.111.1 with either of the source addresses in my include list I always get both of the multicasts routed to me. I can't seem to figure out the problem. What am I doing wrong? Here is my configuration.

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

!

!

no aaa new-model

clock timezone GMT 0

ip subnet-zero

ip routing

!

ip multicast-routing distributed

ip igmp snooping querier

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

interface Vlan1

ip address 10.10.0.2 255.0.0.0

ip pim sparse-mode

ip igmp version 3

!

ip classless

ip http server

!

ip pim rp-address 10.10.0.2

ip pim ssm range 3

!

access-list 3 permit 224.0.0.0 15.255.255.255

Thanks,

Jason

1 Accepted Solution

Accepted Solutions

Jason,

"show ip rpf" should still tell you that you have no RPF for this source at the moment.

Since vlan14 is for the sources, you should configure an IP address in the same range as the source (192.168.0.101) rather than 11.4.1.2/16. This should solve the issue.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

14 Replies 14

Harold Ritter
Cisco Employee
Cisco Employee

Jason,

Could you attach the output from a "show ip mroute". BTW, you don't need to configure an RP as you have configured the entire multicast range (224.0.0.0 to 239.255.255.255) to be SSM.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,

L - Local, P - Pruned, R - RP-bit set, F - Register flag,

T - SPT-bit set, J - Join SPT, M - MSDP created entry,

X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,

U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel

Y - Joined MDT-data group, y - Sending to MDT-data group

Outgoing interface flags: H - Hardware switched, A - Assert winner

Timers: Uptime/Expires

Interface state: Interface, Next-Hop or VCD, State/Mode

(192.168.0.2, 239.192.1.24), 00:02:09/00:00:51, flags: sPT

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list: Null

(10.0.0.50, 239.192.0.1), 15:15:08/00:02:55, flags: sPT

Incoming interface: Vlan1, RPF nbr 0.0.0.0

Outgoing interface list: Null

(10.0.0.50, 239.192.0.111), 15:15:08/00:02:55, flags: sPT

Incoming interface: Vlan1, RPF nbr 0.0.0.0

Outgoing interface list: Null

(10.0.0.50, 239.192.0.67), 15:15:08/00:02:55, flags: sPT

Incoming interface: Vlan1, RPF nbr 0.0.0.0

Outgoing interface list: Null

(10.1.4.99, 239.192.0.150), 15:15:08/00:02:56, flags: sPT

Incoming interface: Vlan1, RPF nbr 0.0.0.0

Outgoing interface list: Null

(192.168.0.2, 224.20.6.1), 15:15:11/00:02:42, flags: sTI

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

Vlan1, Forward/Sparse, 15:15:10/00:02:42

(192.168.1.2, 224.20.6.1), 15:15:10/00:02:42, flags: sTI

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

Vlan1, Forward/Sparse, 15:15:10/00:02:42

(192.168.0.101, 239.192.111.2), 00:02:05/00:00:54, flags: sPT

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list: Null

(192.168.0.103, 239.192.111.2), 00:01:17/00:02:46, flags: sTI

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

Vlan1, Forward/Sparse, 00:00:13/00:02:46

(192.168.0.1, 224.20.5.1), 00:02:14/00:00:46, flags: sPT

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list: Null

(*, 224.0.1.40), 15:15:41/00:02:13, RP 0.0.0.0, flags: DCL

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

Vlan1, Forward/Sparse, 15:15:41/00:00:00

Thanks for your reply. This configuration has been tripping me up for weeks. I'm not sure where to get rid of that RP configuration.

EDIT: I think I figured out how to get rid of the defined RP. Is this correct now for the RP?

ip classless

ip http server

!

ip pim autorp listener

ip pim ssm range 3

My original post said I was looking at two specific multicasts:

10.0.0.50 239.192.111.1

10.0.0.51 239.192.111.1

But in my fumbling around trying to get this setup, I have since changed my multicasts of interest to:

(192.168.0.101, 239.192.111.2), 00:01:01/00:01:58, flags: sPT

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list: Null

(192.168.0.103, 239.192.111.2), 00:00:13/00:02:46, flags: sPT

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list: Null

Again the same scenario just different addresses.

Jason,

You did remove the "ip pim rp-address", which was the right thing to do. You do not need the "ip pim autorp listener" either by the way.

Concerning the other issue, could you join a "show ip igmp group det".

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Ok I think I got the autorp removed now as well:

interface Vlan1

ip address 10.10.0.2 255.0.0.0

ip pim sparse-mode

ip igmp version 3

!

ip classless

ip http server

!

ip pim ssm range 3

!

access-list 3 permit 224.0.0.0 15.255.255.255

Back the to the real question and answer to your request:

Flags: L - Local, U - User, SG - Static Group, VG - Virtual Group,

SS - Static Source, VS - Virtual Source

Interface: Vlan1

Group: 224.20.6.1

Flags: SSM

Uptime: 16:24:43

Group mode: INCLUDE

Last reporter: 192.168.0.1

Group source list: (C - Cisco Src Report, U - URD, R - Remote, S - Static,

V - Virtual, Ac - Accounted towards access control limit,

M - SSM Mapping)

Source Address Uptime v3 Exp CSR Exp Fwd Flags

192.168.0.2 16:24:43 00:02:43 stopped Yes R

192.168.1.2 16:24:43 00:02:42 stopped Yes R

Interface: Vlan1

Group: 239.192.111.2

Flags: SSM

Uptime: 01:09:45

Group mode: INCLUDE

Last reporter: 10.10.10.50

Group source list: (C - Cisco Src Report, U - URD, R - Remote, S - Static,

V - Virtual, Ac - Accounted towards access control limit,

M - SSM Mapping)

Source Address Uptime v3 Exp CSR Exp Fwd Flags

192.168.0.103 01:09:51 00:02:34 stopped Yes R

Interface: Vlan1

Group: 224.0.1.40

Flags: L U

Uptime: 17:37:15

Group mode: EXCLUDE (Expires: 00:02:41)

Last reporter: 10.10.0.2

Source list is empty

Thanks again! This has really been driving me crazy.

Jason,

It looks like the receiver is joining both sources for group 224.20.6.1. Is that what you wanted?

It looks ok for 239.192.111.2 though. Where is the source located? You only show vlan1 in the partial config you provided. Can you verify that you have an RPF route to 192.168.0.103 with the following command:

show ip rpf 192.168.0.103

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

I have a very simple network right now while I'm working on this. I just have this one 3560 switch and only VLAN 1 on this switch.

Right now I don't really care about 224.20.6.1. I'll look into that later. That receiver may just be configured wrong.

Both of my sources are plugged directly into the switch.

192.168.0.101 and 192.168.0.103

My receiver is:

10.10.10.50

The problem I'm seeing is that my receiver is seeing the traffic from both of the sources even though the switch shows it is only sending the traffic from 192.168.0.103.

I have my receiver setup to include only 192.168.0.103 (just as the switch is showing) but it still gets the traffic from both. I have verified this by snooping the traffic between the switch and the receiver.

RPF information for ? (192.168.0.103) failed, no route exists

RPF information for ? (192.168.0.101) failed, no route exists

I'm assuming these failed because my sources and receivers are are all plugged into this switch and this is the only switch on my network.

I tried one more test that gave me very strange results.

On my receiver (10.10.10.50) if i change the address in the include list from a valid one (192.168.0.101 or 192.168.0.103) to an invalid one that doesn't even exist (192.168.111.101) I still get traffic from both of the valid ones, whereas I shouldn't be getting any traffic.

Interface: Vlan1

Group: 239.192.111.2

Flags: SSM

Uptime: 00:01:01

Group mode: INCLUDE

Last reporter: 10.10.10.50

Group source list: (C - Cisco Src Report, U - URD, R - Remote, S - Static,

V - Virtual, Ac - Accounted towards access control limit,

M - SSM Mapping)

Source Address Uptime v3 Exp CSR Exp Fwd Flags

192.168.111.101 00:00:21 00:02:46 stopped Yes R

Is there other stuff I could be doing wrong?

Jason,

You mean that the sources are also on Vlan1? There is nothing the router can do to prevent the receiver to get both feeds as the receiver and the sources share the same L2. You would need to create another Vlan and put your sources in that new Vlan if you want the router to be able to only send one feed or the other.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Thanks again for all of your help on this. I think maybe I had a skewed idea of how this was supposed to work. This switch is in a lab environment where any port could potentially have a receiver connected or a source. I am trying to get this setup so that I can be flexible and facilitate these scenarios. Right now I'm just trying to prove a proof of concept.

In saying that, how would I be able to test a proof of concept with just a single switch? Should I just put a group of ports on one VLAN (sources) and another group of ports on another VLAN (receivers)?

Is there any way to make this work within the same VLAN, because I have some devices that can send and receive multicasts simultaneously.

Eventually I will be turning this switch into strictly a multicast router with only other 2960 switches connected to it. I have attached what my plan is for our building. Do you see any problems with it?

Hello Jason,

multicast routing implies that you want to foward in a controlled way multicast streams between different IP subnets.

Vlans in your case otherwise you could remove all the multicast configuration and as a L2 switch you could still see both multicast streams on your receiver.

This is the reason why you see both: your sources that are using spoofed (not known) ip addresses are in the same broadcast domain of the receiver.

You should use at least two Vlans, may be three to show the effects of multicast configuration.

Hope to help

Giuseppe

Jason,

As I mentioned before, there is nothing you can do to prevent the receiver from getting both streams if the receiver and the sources are part of the same vlan. SSM only works fine as long as there is a router in the middle to take the source into consideration. Within the scope of a single vlan, only the multicast group is relevant. The last 23 bits of the mcast group are mapped to the last 23 bits of the destination L2 address and all stations receives the associated streams regardless what the source address is.

The best thing would be to create a vlan for the sources and at least one other vlan for the receivers.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Ok this all makes a lot more sense now.

I've gone ahead and put my source on VLAN 14 and my receiver on VLAN 12. I now cannot get the multicast on my receiver. Sorry for being such a pain but I really do appreciate your guys' help on this.

Here is what I have:

(192.168.0.101, 239.192.111.2), 00:01:54/00:02:04, flags: sTI

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

Vlan12, Forward/Sparse, 00:01:09/00:02:59

(192.168.0.103, 239.192.111.2), 00:01:48/00:01:11, flags: sPT

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list: Null

Interface: Vlan12

Group: 239.192.111.2

Flags: SSM

Uptime: 00:05:06

Group mode: INCLUDE

Last reporter: 10.10.10.50

Group source list: (C - Cisco Src Report, U - URD, R - Remote, S - Static,

V - Virtual, Ac - Accounted towards access control limit,

M - SSM Mapping)

Source Address Uptime v3 Exp CSR Exp Fwd Flags

192.168.0.101 00:05:06 00:02:59 stopped Yes R

interface GigabitEthernet0/33

switchport access vlan 10

switchport mode access

!

interface GigabitEthernet0/34

switchport access vlan 11

switchport mode access

!

interface GigabitEthernet0/35

switchport access vlan 12

switchport mode access

!

interface GigabitEthernet0/36

switchport access vlan 13

switchport mode access

!

interface GigabitEthernet0/37

switchport access vlan 14

switchport mode access

interface Vlan11

ip address 11.2.1.2 255.255.0.0

ip pim sparse-mode

ip igmp version 3

!

interface Vlan12

ip address 11.3.1.2 255.255.0.0

ip pim sparse-mode

ip igmp version 3

!

interface Vlan13

ip address 11.4.1.2 255.255.0.0

ip pim sparse-mode

ip igmp version 3

!

interface Vlan14

ip address 11.5.1.2 255.255.0.0

ip pim sparse-mode

ip igmp version 3

!

ip classless

ip http server

!

ip pim ssm range 3

!

access-list 3 permit 224.0.0.0 15.255.255.255

Thanks,

Jason,

"show ip rpf" should still tell you that you have no RPF for this source at the moment.

Since vlan14 is for the sources, you should configure an IP address in the same range as the source (192.168.0.101) rather than 11.4.1.2/16. This should solve the issue.

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Genius!! That did the trick, just as you said it would. :)

I thank you very much for your patients and helping me get this working. Have a wonderful holiday and a happy new year!!

You are very welcome Jason. A great holiday and a happy new year to you too.

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco