Solved: Multicast Question

tunderx_cisco · ‎04-14-2016

Hello

I have a question about Multicast from a customer request, but I only know a little and I dont have experience about that technology and I hope someone can help me.

First take a look to this picture:

What I would like to explain with this draw is that a video stream would be received on the antenna using multicast to some devices in the DMZ zone and it goes through a Switch, a Nexus and a Video Encoder.

The question is: is there a way to ensure that the video stream will be received only on the devices in DMZ?.

Because of security manners I dont want that the video stream goes to the "other network" or gets back to the antenna, so I think about creating some ACL (lock icons) towards the other network.

As far as I know multicast will never get back unless the devices in the DMZ or the video encoder are configured to do that, also multicast can be enable only on specific interfaces that can be part of the multicast group, so maybe the ACL would not be needed.

As you can see is just a general question about the behavior of Multicast, I think our customer will want to use Multicast L2 and maybe in the future will try to implement it but as a first step they would like to clear up this question. Also if you have documentation or labs that I can use to better understand multicast I would really appreciate it

Best Regards

Tunderx

chrihussey · ‎04-14-2016

The simplest answer to your question is that if you do not enable multicast on the other network interfaces to the cores, (the ones with the locks) it will not pass.

Secondly, it would be highly unusual for multicast streams to loop back to the antenna from the DMZ. So you should be OK there.

It's tough to tell from your drawing, but if the antenna multicast network is a single Layer 2 domain with the multicast source, and routing is not involved, then you really don't have to enable multicast routing at all since it would be all occurring and remain on the same subnet.

If you need to route through the 3000, then a simple sparse-mode configuration with a designated rendezvous point and ACL specifying the multicast groups that apply may be the cleanest way to go.

As with anything else it is probably more complicated that this, but hopefully this will provide a good start.

View solution in original post

chrihussey · ‎04-14-2016

The simplest answer to your question is that if you do not enable multicast on the other network interfaces to the cores, (the ones with the locks) it will not pass.

Secondly, it would be highly unusual for multicast streams to loop back to the antenna from the DMZ. So you should be OK there.

It's tough to tell from your drawing, but if the antenna multicast network is a single Layer 2 domain with the multicast source, and routing is not involved, then you really don't have to enable multicast routing at all since it would be all occurring and remain on the same subnet.

If you need to route through the 3000, then a simple sparse-mode configuration with a designated rendezvous point and ACL specifying the multicast groups that apply may be the cleanest way to go.

As with anything else it is probably more complicated that this, but hopefully this will provide a good start.