cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1676
Views
5
Helpful
6
Replies

Multicast over NAT not Completing Registration or Translating

joshuar75
Level 1
Level 1

I've implemented NAT on a LAN segment and am trying to get multicast to work over it. The RP is on a globally routable segment in another location.

It appears that NAT is working for standard traffic, but it looks like it is not translating the source address of the multicast traffic: we're translating 10.0.0.0 to 10.41.0.0 in this case.

When I do a sho ip mroute no matter where I am in the network, I see the 10.0.0.0 address as the source. I would think that is should show the 10.41.0.0 address.

 

On the local router, it shows as "Registering". for the local client. The local clients never get the multicasts from the RP. 

My guess is that the RP is trying to send a Register-Stop message to the untranslated 10.0.0.0 address and of course there is no route back to that address.


What should I try to get Multicasts through to this NATed segment of the network?

A simplified version of the configs and output is below:

ip dhcp pool DATA10
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
lease 2
!
ip pim autorp listener
ip pim send-rp-announce Loopback0 scope 10
ip pim send-rp-discovery Loopback0 scope 10
ip nat pool Global-IP-Pool 10.41.0.1 10.41.0.253 netmask 255.255.255.0
ip nat inside source list NAT pool Global-IP-Pool
!
ip access-list standard NAT
permit 10.0.0.0 0.0.0.255
!
ip multicast-routing
interface gigabitethernet 0/0/0
ip address 10.0.0.1 255.255.255.0
ip pim sparse-mode
ip nat inside
exit
interface gigabitethernet 0/0/1
ip address 10.2.2.1 255.255.255.0
ip pim sparse-mode
ip nat outside
end

router# show ip mroute 239.0.0.1
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route,
x - VxLAN group
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(10.0.0.3, 239.0.0.1), 00:31:02/00:01:51, flags: PFT
Incoming interface: gigabitethernet 0/0/0, RPF nbr 0.0.0.0, Registering
Outgoing interface list: Null

(10.55.151.133, 239.0.0.1), 00:39:44/00:01:08, flags: JT
Incoming interface: gigabitethernet 0/0/1, RPF nbr 10.200.255.255
Outgoing interface list:
gigabitethernet 0/0/0, Forward/Sparse, 00:32:05/00:02:56

router#sho ip nat trans
Pro Inside global Inside local Outside local Outside global
udp 10.41.0.1:50186 10.0.0.2:50186 10.55.0.11:53 10.55.0.11:53
udp 10.41.0.1:50186 10.0.0.2:50186 10.55.0.12:53 10.55.0.12:53
udp 10.41.0.1:50191 10.0.0.2:50191 10.55.0.11:53 10.55.0.11:53
udp 10.41.0.1:50191 10.0.0.2:50191 10.55.0.12:53 10.55.0.12:53
udp 10.41.0.1:50195 10.0.0.2:50195 10.55.0.11:53 10.55.0.11:53
--- 10.41.0.1 10.0.0.2 --- ---
tcp 10.41.0.2:49175 10.0.0.3:49175 10.55.0.11:389 10.55.0.11:389
tcp 10.41.0.2:49176 10.0.0.3:49176 10.55.0.11:88 10.55.0.11:88
tcp 10.41.0.2:49177 10.0.0.3:49177 10.55.0.11:389 10.55.0.11:389
tcp 10.41.0.2:49178 10.0.0.3:49178 10.55.0.11:88 10.55.0.11:88
tcp 10.41.0.2:49179 10.0.0.3:49179 10.55.0.11:88 10.55.0.11:88
tcp 10.41.0.2:49180 10.0.0.3:49180 10.55.0.11:88 10.55.0.11:88
udp 10.41.0.2:52470 10.0.0.3:52470 10.55.0.11:53 10.55.0.11:53
udp 10.41.0.2:52693 10.0.0.3:52693 10.55.0.11:53 10.55.0.11:53
udp 10.41.0.2:53768 10.0.0.3:53768 10.55.0.11:53 10.55.0.11:53
udp 10.41.0.2:54302 10.0.0.3:54302 10.55.0.11:53 10.55.0.11:53
udp 10.41.0.2:55650 10.0.0.3:55650 10.55.0.11:53 10.55.0.11:53
udp 10.41.0.2:56118 10.0.0.3:56118 10.55.0.11:53 10.55.0.11:53
udp 10.41.0.2:57144 10.0.0.3:57144 10.55.0.11:53 10.55.0.11:53
udp 10.41.0.2:57145 10.0.0.3:57145 10.55.101.13:389 10.55.101.13:389
udp 10.41.0.2:57146 10.0.0.3:57146 10.55.0.11:389 10.55.0.11:389

1 Accepted Solution

Accepted Solutions

joshuar75
Level 1
Level 1

I had a sales engineer help me with this one and the command below (sourced from the ip nat outside interface) fixed the problem.

 

ip pim register-source gigabitethernet 0/0/1

 

If I do a 'show ip mroute' on the router doing NAT, it still shows the private IP being used as the source. But, if I execute the same command on another router, the multicast coming from the NAT router show with the public IP address as the source, as it should.

 

The multicast began working fine after that, however they would still show up as 'Registering' under mroute

One additional side effect we noticed is that when the private IP address was being put out through out the global network as a source, other routers that were using the same private subnet with NAT translation were taking the source IPs they received from the multicast and translating them to one of their own public IP addresses, potentially depleting the pool of available public IPs (which would be bad). 

View solution in original post

6 Replies 6

Hello,

 

do you have:

 

ip multicast-routing distributed

 

configured globally ?

That is one of the commands that won't take. We do have:
ip multicast-routing
Router model is a C5915 Software (C5915-ADVENTERPRISEK9-M), Version 15.7(3)M3, RELEASE SOFTWARE (fc2)

Hello,

 

the NAT multicast feature was introduced in Cisco IOS XE Release 3.4S. Possibly your router doesn't support it...

 

I'll check what I can find...

Hello,

 

according to the data sheet attached, there is no information that the feature is supported. The highest IOS version currently available is 15.9, no 3.x or 16.x versions exist for this model.

 

 

Would you be able to recommend any work around?

I was thinking about trying to do Multicast reflection (outlined here https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipmulti_serv/configuration/xe-16-7/imc-serv-xe-16-7-book/imc-service-reflect.pdf) or try to setup the local router as an RP and trying to figure out how to trunk or team it up with the other RP, not sure if either of those would work.

As my profile says, I'm kind of a beginner that has been pushed into troubleshooting multicast by necessity.

joshuar75
Level 1
Level 1

I had a sales engineer help me with this one and the command below (sourced from the ip nat outside interface) fixed the problem.

 

ip pim register-source gigabitethernet 0/0/1

 

If I do a 'show ip mroute' on the router doing NAT, it still shows the private IP being used as the source. But, if I execute the same command on another router, the multicast coming from the NAT router show with the public IP address as the source, as it should.

 

The multicast began working fine after that, however they would still show up as 'Registering' under mroute

One additional side effect we noticed is that when the private IP address was being put out through out the global network as a source, other routers that were using the same private subnet with NAT translation were taking the source IPs they received from the multicast and translating them to one of their own public IP addresses, potentially depleting the pool of available public IPs (which would be bad). 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: