ipv6 pim RP

Unanswered Question
Dec 29th, 2009
User Badges:

Hi


How do i configure a router to act as IPV6 RP for a specific multicast group.

Registration shld not be allowwed if any device / host try sending registration request for any other group.


i have seen some examples where acl is applied with "ip pim rp-address acl name" on all the routers in that domain , can't i control it on single router which is acting as RP?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (1 ratings)
Loading.
Peter Paluch Tue, 12/29/2009 - 11:41
User Badges:
  • Cisco Employee,

Hello Lokesh,


The IPv6 RP configuration is similar to the IPv4 style of configuration. You will need to create a named IPv6 access list that contains the list of permitted IPv6 multicast groups for which this particular IPv6 address shall serve as the RP.


For example:


ipv6 unicast-routing

ipv6 multicast-routing


ipv6 access-list MGroups
permit ipv6 any FF04::/64


ipv6 pim rp-address 2001::10:10 MGroups


In this example, the IPv6 address 2001::10:10 is assigned as the RP address for all multicast groups within the address space FF04::/64. These commands must be present on the RP and on all other routers. Note that the static configuration is inconvenient if the network is large. In larger networks, using the BSR mechanism to advertise the RP address for selected groups may be more appropriate.


Best regards,

Peter

Lokesh.Khanna Wed, 12/30/2009 - 04:42
User Badges:

Thanks Peter


I am trying to control Multicast for a specific multicast group address - FF08::10/128


And i get following error

ipv6 pim rp-address AB01:AB8:74:E:CE05:DFF:FE50:1 TST
%Error: Group prefix must be less than 128, skipping FF08::10/128


Am i missing some thing here?


Regards

Lokesh

Marwan ALshawi Wed, 12/30/2009 - 06:01
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

you are usin host prefix use smaller prefix

make your ACL with prefix /64

in your example FF08::/64


good luck

if helpful Rate

Lokesh.Khanna Wed, 12/30/2009 - 06:16
User Badges:

Hi


Will i not have ::/128 in my host prefix list


i tried following list and it didn't work for me.



IPv6 access list TST

permit ipv6 any host FF08::10


Regards

Lokesh

Marwan ALshawi Wed, 12/30/2009 - 06:32
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

IPv6 access list TST

permit ipv6 any host FF08::10


this is host /128


like with ipv4 when you put host in ACL it will be /32


change to


IPv6 access list TST

permit ipv6 any host FF08::/64


then try it


good luck

if helpful Rate

Lokesh.Khanna Wed, 12/30/2009 - 09:50
User Badges:

HI


Thanks again for your quick response.

I am trying to understand concept here -


Objective is that RP should only work for multicast group FF08::10.


If i change ACL to permit ipv6 any host FF08::/64, will it not accept registration for all the hosts under FF08::/64 subnet?

Marwan ALshawi Thu, 12/31/2009 - 17:57
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

see the ACLs


ipv6 access-list ACL
permit ipv6 any FF08::/64
!
ipv6 access-list ACL1
permit ipv6 any host FF08::10


i noticed that when i have the ACL with /64 for a grou range then i apply acl /128 for a group with the other ACL range i got the same error you have but if you try to apply again take it normally  see bellow




Router(config)#ipv6 pim rp-address 2001::1 ACL
Router(config)#ipv6 pim rp-address 2001::1 ACL1
%Error: Group prefix must be less than 128, skipping FF08::10/128
Router(config)#ipv6 pim rp-address 2001::1 ACL1
Router(config)#


good luck

if helpful Rate

Lokesh.Khanna Thu, 12/31/2009 - 20:06
User Badges:

Hi


I also noticed same but it actually doesn't block other hosts.


I applied this ACL on RP router, and on other router i issues ipv6 mld join-group FF08::25

And i was able to ping that grp from other router in network.


Regards

Lokesh

Giuseppe Larosa Sat, 01/02/2010 - 02:49
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Lokesh,

you can try to use an ACL as an MLD access-group and to apply it on interfaces of routers.

This should give you control on what multicast addresses the receivers can join.


see


http://www.cisco.com/en/US/docs/ios/ipv6/configuration/guide/ip6-multicast_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1054034


MLD Access Group

The MLD access group provides receiver access control in Cisco IOS IPv6 multicast routers. This feature limits the list of groups a receiver can join, and it allows or denies sources used to join SSM channels.


Hope to help

Giuseppe


Lokesh.Khanna Sat, 01/02/2010 - 23:43
User Badges:

Thanks


I tried this also and didn't work.

I think this is supposed to put restriction at receiver level on Access port.

It will not limit RP to allow registration for a particullar group.

So MLD will work but then i will have to apply it on each access port which i think is not scalable, Control should be on the router which is acting as RP.

enoualh100 Fri, 02/05/2010 - 10:56
User Badges:

hello,


i am getting the same error.

i tried the "ipv6 multicast group-range" but it didn't work as well.

omarmontes Fri, 02/05/2010 - 14:09
User Badges:

Same thing here.. exactly the same problem, and documentation for Multicast using IPv6 is kind of rare to find. Anyone got lucky on this?

Khaled Abuelenain Sun, 10/03/2010 - 13:21
User Badges:

Two solutions - both theoritically correct, but I could get neither to work :-)


ip pim accept-register list


or


ipv6 multicast group-range


If anyone can actually get either commands to work as expected, please post your full configs.

moitani Thu, 10/14/2010 - 16:00
User Badges:

I'm getting furious trying to make it work!!


when I match a host multicast will not flow....when I match a group multicast will flow!! Why?

Is this a bug??

Actions

This Discussion