we have to connect Domain A , B and C to obtain Multicast Stream on Domain C from Domain A and B.
As per existent setup on Domain A and B we can't use MDSP default peer to establish the MSDP tunnel, between the domains we have IGP as Routing Protocol but not BGP.
The interconnection between Domain A,B and C is regulated by Firewalls.
We have noticed RPF check failed and checking the feature I've noticed that to avoid that we have to use: mesh group or RFC4611 (If recent (but not currently widely deployed) router code is running that is fully compliant with the latest MSDP document, another option, to work around not having BGP to MSDP RPF peer, is to RPF using an IGP like OSPF, IS-IS, RIP, etc. This new capability will allow for enterprise customers, who are not running BGP and who don't want to run mesh groups, to use their existing IGP to satisfy the MSDP peer-RPF rules.)
How can I enable the RFC4611 support? Is per default enabled or are there specific command?
If I explicitly configure rfp with the command "ip msdp rpf rfc3618" then rfc4611 is disabled?
Thanks a lot for the support
it is unclear what you are asking/wanting to achieve. Your firewalls are blocking MSDP between your three domains ? Which IGP are you running ?
Post a schematic drawing of your topology and indicate what your goal is...
basically we need to ask and receive Multicast streams on Domain C from devices on Domain A and B...some specific information:
- all those Domains are running an IGP protocol (Domain A OSFP, Domain B OSFP and Domain C EIGRP);
- interconnection between them is done via Firewalls and static-routing;
- no BGP is present on those Domains;
- Domain A has already an MSDP Tunnel (without default-peer) to another external Domain for Multicast streams;
- Domain B uses already MSDP for RP Anycast Redundancy internally;
- Domain C has no Multicast nor MSDP configured;
- Firewall configuration is OK - Routing, Policy, Multicast and NAT (since those 3 Domains have some overlapping subnets)
I've setup an MSDP Tunnel between Domain C - A which it's up and running fine... the configuration is based on command "ip msdp vrf test peer XXXXX" ; I've not setup a default peer since in the near future we need another MSDP tunnel Domain C - B.
On Domain C I receive the SA propagated and filtered by Domain A... but as soon a client from Domain C ask for a Multicast stream on Domain A... we've noticed on MDSP peer on Domain A an RPF error (error not present on Domain C).
I've find out that RPF check could be "solved" using one of these methods:
- BGP implementation... it's not possible in our case;
- MDSP Mesh Group;
- RFC4166 support that states
"If recent (but not currently widely deployed) router code is running that is fully compliant with the latest MSDP document, another option, to work around not having BGP to MSDP RPF peer, is to RPF using an IGP like OSPF, IS-IS, RIP, etc. This new capability will allow for enterprise customers, who are not running BGP and who don't want to run mesh groups, to use their existing IGP to satisfy the MSDP peer-RPF rules.
How can I enable RFC4166 support on the L3 switches? Is there a specific command?
At the moment on the MSDP configuration is explicited defined the command "ip msdp vrf test rfc3618" ... does this command superseed the RFC4166 settings?