12-16-2008 02:16 PM - edited 03-06-2019 03:00 AM
Right now I thought I had everything setup to do SSM but I can't seem to get things working right. I have two multicasts:
10.0.0.50 239.192.111.1
10.0.0.51 239.192.111.1
And whenever I subscribe to 239.192.111.1 with either of the source addresses in my include list I always get both of the multicasts routed to me. I can't seem to figure out the problem. What am I doing wrong? Here is my configuration.
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
!
!
no aaa new-model
clock timezone GMT 0
ip subnet-zero
ip routing
!
ip multicast-routing distributed
ip igmp snooping querier
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface Vlan1
ip address 10.10.0.2 255.0.0.0
ip pim sparse-mode
ip igmp version 3
!
ip classless
ip http server
!
ip pim rp-address 10.10.0.2
ip pim ssm range 3
!
access-list 3 permit 224.0.0.0 15.255.255.255
Thanks,
Jason
Solved! Go to Solution.
12-17-2008 02:03 PM
Jason,
"show ip rpf" should still tell you that you have no RPF for this source at the moment.
Since vlan14 is for the sources, you should configure an IP address in the same range as the source (192.168.0.101) rather than 11.4.1.2/16. This should solve the issue.
Regards
12-16-2008 03:25 PM
Jason,
Could you attach the output from a "show ip mroute". BTW, you don't need to configure an RP as you have configured the entire multicast range (224.0.0.0 to 239.255.255.255) to be SSM.
Regards
12-17-2008 05:47 AM
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(192.168.0.2, 239.192.1.24), 00:02:09/00:00:51, flags: sPT
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null
(10.0.0.50, 239.192.0.1), 15:15:08/00:02:55, flags: sPT
Incoming interface: Vlan1, RPF nbr 0.0.0.0
Outgoing interface list: Null
(10.0.0.50, 239.192.0.111), 15:15:08/00:02:55, flags: sPT
Incoming interface: Vlan1, RPF nbr 0.0.0.0
Outgoing interface list: Null
(10.0.0.50, 239.192.0.67), 15:15:08/00:02:55, flags: sPT
Incoming interface: Vlan1, RPF nbr 0.0.0.0
Outgoing interface list: Null
(10.1.4.99, 239.192.0.150), 15:15:08/00:02:56, flags: sPT
Incoming interface: Vlan1, RPF nbr 0.0.0.0
Outgoing interface list: Null
(192.168.0.2, 224.20.6.1), 15:15:11/00:02:42, flags: sTI
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Vlan1, Forward/Sparse, 15:15:10/00:02:42
(192.168.1.2, 224.20.6.1), 15:15:10/00:02:42, flags: sTI
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Vlan1, Forward/Sparse, 15:15:10/00:02:42
(192.168.0.101, 239.192.111.2), 00:02:05/00:00:54, flags: sPT
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null
(192.168.0.103, 239.192.111.2), 00:01:17/00:02:46, flags: sTI
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Vlan1, Forward/Sparse, 00:00:13/00:02:46
(192.168.0.1, 224.20.5.1), 00:02:14/00:00:46, flags: sPT
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null
(*, 224.0.1.40), 15:15:41/00:02:13, RP 0.0.0.0, flags: DCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Vlan1, Forward/Sparse, 15:15:41/00:00:00
Thanks for your reply. This configuration has been tripping me up for weeks. I'm not sure where to get rid of that RP configuration.
EDIT: I think I figured out how to get rid of the defined RP. Is this correct now for the RP?
ip classless
ip http server
!
ip pim autorp listener
ip pim ssm range 3
My original post said I was looking at two specific multicasts:
10.0.0.50 239.192.111.1
10.0.0.51 239.192.111.1
But in my fumbling around trying to get this setup, I have since changed my multicasts of interest to:
(192.168.0.101, 239.192.111.2), 00:01:01/00:01:58, flags: sPT
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null
(192.168.0.103, 239.192.111.2), 00:00:13/00:02:46, flags: sPT
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null
Again the same scenario just different addresses.
12-17-2008 07:04 AM
Jason,
You did remove the "ip pim rp-address", which was the right thing to do. You do not need the "ip pim autorp listener" either by the way.
Concerning the other issue, could you join a "show ip igmp group det".
Regards
12-17-2008 07:09 AM
Ok I think I got the autorp removed now as well:
interface Vlan1
ip address 10.10.0.2 255.0.0.0
ip pim sparse-mode
ip igmp version 3
!
ip classless
ip http server
!
ip pim ssm range 3
!
access-list 3 permit 224.0.0.0 15.255.255.255
Back the to the real question and answer to your request:
Flags: L - Local, U - User, SG - Static Group, VG - Virtual Group,
SS - Static Source, VS - Virtual Source
Interface: Vlan1
Group: 224.20.6.1
Flags: SSM
Uptime: 16:24:43
Group mode: INCLUDE
Last reporter: 192.168.0.1
Group source list: (C - Cisco Src Report, U - URD, R - Remote, S - Static,
V - Virtual, Ac - Accounted towards access control limit,
M - SSM Mapping)
Source Address Uptime v3 Exp CSR Exp Fwd Flags
192.168.0.2 16:24:43 00:02:43 stopped Yes R
192.168.1.2 16:24:43 00:02:42 stopped Yes R
Interface: Vlan1
Group: 239.192.111.2
Flags: SSM
Uptime: 01:09:45
Group mode: INCLUDE
Last reporter: 10.10.10.50
Group source list: (C - Cisco Src Report, U - URD, R - Remote, S - Static,
V - Virtual, Ac - Accounted towards access control limit,
M - SSM Mapping)
Source Address Uptime v3 Exp CSR Exp Fwd Flags
192.168.0.103 01:09:51 00:02:34 stopped Yes R
Interface: Vlan1
Group: 224.0.1.40
Flags: L U
Uptime: 17:37:15
Group mode: EXCLUDE (Expires: 00:02:41)
Last reporter: 10.10.0.2
Source list is empty
Thanks again! This has really been driving me crazy.
12-17-2008 07:44 AM
Jason,
It looks like the receiver is joining both sources for group 224.20.6.1. Is that what you wanted?
It looks ok for 239.192.111.2 though. Where is the source located? You only show vlan1 in the partial config you provided. Can you verify that you have an RPF route to 192.168.0.103 with the following command:
show ip rpf 192.168.0.103
Regards
12-17-2008 08:26 AM
I have a very simple network right now while I'm working on this. I just have this one 3560 switch and only VLAN 1 on this switch.
Right now I don't really care about 224.20.6.1. I'll look into that later. That receiver may just be configured wrong.
Both of my sources are plugged directly into the switch.
192.168.0.101 and 192.168.0.103
My receiver is:
10.10.10.50
The problem I'm seeing is that my receiver is seeing the traffic from both of the sources even though the switch shows it is only sending the traffic from 192.168.0.103.
I have my receiver setup to include only 192.168.0.103 (just as the switch is showing) but it still gets the traffic from both. I have verified this by snooping the traffic between the switch and the receiver.
RPF information for ? (192.168.0.103) failed, no route exists
RPF information for ? (192.168.0.101) failed, no route exists
I'm assuming these failed because my sources and receivers are are all plugged into this switch and this is the only switch on my network.
I tried one more test that gave me very strange results.
On my receiver (10.10.10.50) if i change the address in the include list from a valid one (192.168.0.101 or 192.168.0.103) to an invalid one that doesn't even exist (192.168.111.101) I still get traffic from both of the valid ones, whereas I shouldn't be getting any traffic.
Interface: Vlan1
Group: 239.192.111.2
Flags: SSM
Uptime: 00:01:01
Group mode: INCLUDE
Last reporter: 10.10.10.50
Group source list: (C - Cisco Src Report, U - URD, R - Remote, S - Static,
V - Virtual, Ac - Accounted towards access control limit,
M - SSM Mapping)
Source Address Uptime v3 Exp CSR Exp Fwd Flags
192.168.111.101 00:00:21 00:02:46 stopped Yes R
Is there other stuff I could be doing wrong?
12-17-2008 08:40 AM
Jason,
You mean that the sources are also on Vlan1? There is nothing the router can do to prevent the receiver to get both feeds as the receiver and the sources share the same L2. You would need to create another Vlan and put your sources in that new Vlan if you want the router to be able to only send one feed or the other.
Regards
12-17-2008 12:26 PM
Thanks again for all of your help on this. I think maybe I had a skewed idea of how this was supposed to work. This switch is in a lab environment where any port could potentially have a receiver connected or a source. I am trying to get this setup so that I can be flexible and facilitate these scenarios. Right now I'm just trying to prove a proof of concept.
In saying that, how would I be able to test a proof of concept with just a single switch? Should I just put a group of ports on one VLAN (sources) and another group of ports on another VLAN (receivers)?
Is there any way to make this work within the same VLAN, because I have some devices that can send and receive multicasts simultaneously.
Eventually I will be turning this switch into strictly a multicast router with only other 2960 switches connected to it. I have attached what my plan is for our building. Do you see any problems with it?
12-17-2008 01:00 PM
Hello Jason,
multicast routing implies that you want to foward in a controlled way multicast streams between different IP subnets.
Vlans in your case otherwise you could remove all the multicast configuration and as a L2 switch you could still see both multicast streams on your receiver.
This is the reason why you see both: your sources that are using spoofed (not known) ip addresses are in the same broadcast domain of the receiver.
You should use at least two Vlans, may be three to show the effects of multicast configuration.
Hope to help
Giuseppe
12-17-2008 01:04 PM
Jason,
As I mentioned before, there is nothing you can do to prevent the receiver from getting both streams if the receiver and the sources are part of the same vlan. SSM only works fine as long as there is a router in the middle to take the source into consideration. Within the scope of a single vlan, only the multicast group is relevant. The last 23 bits of the mcast group are mapped to the last 23 bits of the destination L2 address and all stations receives the associated streams regardless what the source address is.
The best thing would be to create a vlan for the sources and at least one other vlan for the receivers.
Regards
12-17-2008 01:50 PM
Ok this all makes a lot more sense now.
I've gone ahead and put my source on VLAN 14 and my receiver on VLAN 12. I now cannot get the multicast on my receiver. Sorry for being such a pain but I really do appreciate your guys' help on this.
Here is what I have:
(192.168.0.101, 239.192.111.2), 00:01:54/00:02:04, flags: sTI
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
Vlan12, Forward/Sparse, 00:01:09/00:02:59
(192.168.0.103, 239.192.111.2), 00:01:48/00:01:11, flags: sPT
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null
Interface: Vlan12
Group: 239.192.111.2
Flags: SSM
Uptime: 00:05:06
Group mode: INCLUDE
Last reporter: 10.10.10.50
Group source list: (C - Cisco Src Report, U - URD, R - Remote, S - Static,
V - Virtual, Ac - Accounted towards access control limit,
M - SSM Mapping)
Source Address Uptime v3 Exp CSR Exp Fwd Flags
192.168.0.101 00:05:06 00:02:59 stopped Yes R
interface GigabitEthernet0/33
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/34
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet0/35
switchport access vlan 12
switchport mode access
!
interface GigabitEthernet0/36
switchport access vlan 13
switchport mode access
!
interface GigabitEthernet0/37
switchport access vlan 14
switchport mode access
interface Vlan11
ip address 11.2.1.2 255.255.0.0
ip pim sparse-mode
ip igmp version 3
!
interface Vlan12
ip address 11.3.1.2 255.255.0.0
ip pim sparse-mode
ip igmp version 3
!
interface Vlan13
ip address 11.4.1.2 255.255.0.0
ip pim sparse-mode
ip igmp version 3
!
interface Vlan14
ip address 11.5.1.2 255.255.0.0
ip pim sparse-mode
ip igmp version 3
!
ip classless
ip http server
!
ip pim ssm range 3
!
access-list 3 permit 224.0.0.0 15.255.255.255
Thanks,
12-17-2008 02:03 PM
Jason,
"show ip rpf" should still tell you that you have no RPF for this source at the moment.
Since vlan14 is for the sources, you should configure an IP address in the same range as the source (192.168.0.101) rather than 11.4.1.2/16. This should solve the issue.
Regards
12-17-2008 02:22 PM
Genius!! That did the trick, just as you said it would. :)
I thank you very much for your patients and helping me get this working. Have a wonderful holiday and a happy new year!!
12-17-2008 05:13 PM
You are very welcome Jason. A great holiday and a happy new year to you too.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide