10-05-2020 12:07 PM
Hello all,
I have an issue that has got a lot of us stumped regarding multicast and need some support. Specific multicast configs from the equipment (includes 'show ip route' & 'show ip mroute') and a topology of the network are attached.
We have a multicast client connected to Core Switch 01 (192.168.227.116) which needs to join multicast group 239.192.0.22. The RP is 192.168.1.74 which is a subnet on the Core Switch 02 LAN.
We have PIM SM running on all connecting L3 interfaces, configured the RP on Core Switch 01 and can confirm all network devices can route to 192.168.1.74. However when we test multicast from the 192.168.227.226 client, we cannot see anything onwards from Routers 01 and 02 so the issue looks to be between Core Switch 01 and the aforementioned Routers
Does anybody have any ideas of what is misisng on the attached configs or what else we could try please? We have had a number of engineers review this and nothing is obvious. One thing that to note: Routers 01 & 02 are partaking i HSRP: there is a staic route from Core Switch 01 to the HSRP VIP so I don't know if that is causing anything.
Thanks in advance!
Solved! Go to Solution.
10-06-2020 08:32 AM - edited 10-06-2020 08:40 AM
Hello @conor.maton ,
Paul Driver is right if you decided to go with manual RP configuration you need to configure this on all PIM routers not only on the RP device itself and also the firewalls as they act as PIM SM multicast routers.
Let's compare the output from R1:
>>(*, 239.192.0.22), 00:05:36/00:02:18, RP 0.0.0.0, flags: SP
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null
incoming interface Null, outgoing interface null and RP 0.0.0.0 means that this device does not know what RP address to use and this prevents PIM SM processes to happen.
you could use bootstrap protocol but you need explicit configuraton to have candidate BSR and candidate RPs on different nodes.
You see the difference with
(*, 239.192.0.22), 00:03:18/00:02:35, RP 192.168.1.74, flags: SJCL
Incoming interface: Vlan500, RPF nbr 192.168.227.158
Outgoing interface list:
Vlan350, Forward/Sparse, 00:03:18/00:02:22
on Core switch 1 here the RP is known there is an incoming interface and there is an outgoing interface.
Also Georg's notes about unicast routing possible issues can apply
Hope to help
Giuseppe
10-05-2020 01:45 PM
Hello
Looks like you are performing static RP assignment (ip pim rp-address 192.168.1.74), but you don't have these static mapping to the RP specified on any other PIm active's rtrs apart from the core switch.
10-05-2020 02:04 PM
Hi thanks for your reply.
Do I need these on every L3 device partaking in PIM? I thought as long as I'm running PIM SM the protocol will learn about the RP automatically via BSR
10-06-2020 01:30 AM
Hello,
post the config of Switch Stack 02 and the other firewall as well, so we can lab this.
10-06-2020 06:54 AM
Hi,
Thanks for your reply.
Unfortunately I don't have the config for Switch Stack 02 as this belongs to someone else.
If possible, would you be able to lab the equipment s per the toplogy excluding Firewall 02 (this is just the standby Firewall) and Switch Stack 02 please? Switch Stack 02 is where the RP resides in the 192.168.0.0/22 subnet.
At the moment we are fault finding why multicast traffic doesn't reach Switch Stack 02 from Core Switch 01. Having looked at the mcast counters, there seems to be an issue with mcast traffic routing from Core Switch 01 VLAN 350, to VLAN 500 to Router 02 (active HSRP router).
See attached updated topology, we are team 01 whereas the interfacing party is team 02 and it's their LAN where the RP resites. All unicat routing is correct, it's just the multicast.
10-06-2020 01:47 AM - edited 10-06-2020 01:48 AM
Hello
It needs to be applied on the rtrs where the MC source resides (First Hop Router =FHR) and on the rtrs (Last hop Router -LHR) where the MC receivers reside downstream.
10-06-2020 05:59 AM
Hi,
At the moment we are fault finding why multicast traffic doesn't reach Switch Stack 02 from Core Switch 01. Having looked at the mcast counters, there seems to be an issue with mcast traffic routing from Core Switch 01 VLAN 350, to VLAN 500 to Router 02 (active HSRP router).
See attached updated topology, we are team 01 whereas the interfacing party is team 02 and it's their LAN where the RP resites. All unicat routing is correct, it's just the multicast.
10-06-2020 06:56 AM
Hello,
the problem might be the HSRP. Try and add PIM redundancy to your HSRP configurations:
Router 1
interface GigabitEthernet0/1
ip address 192.168.227.153 255.255.255.248
ip pim sparse-mode
standby version 2
standby 500 ip 192.168.227.158
standby 500 timers 1 3
--> standby 1 name HSRP1
--> ip pim redundancy HSRP1 dr-priority 50
standby 500 priority 50
standby 500 preempt
Router 2
interface GigabitEthernet0/1
ip address 192.168.227.154 255.255.255.248
ip pim sparse-mode
standby version 2
standby 500 ip 192.168.227.158
standby 500 timers 1 3
--> standby 1 name HSRP1
--> ip pim redundancy HSRP1 dr-priority 150
standby 500 priority 150
standby 500 preempt
10-06-2020 07:29 AM
Hi,
Please see output below for ip mroute, doesn't looks like the route to 239.192.0.22 is installed properly on Router 01 & 02:
Core Switch 01
sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route,
x - VxLAN group
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.192.0.22), 00:03:18/00:02:35, RP 192.168.1.74, flags: SJCL
Incoming interface: Vlan500, RPF nbr 192.168.227.158
Outgoing interface list:
Vlan350, Forward/Sparse, 00:03:18/00:02:22
Router 02 (Active HSRP Router)
interface GigabitEthernet0/1
ip address 192.168.227.154 255.255.255.248
ip pim redundancy HSRP1 hsrp dr-priority 150
ip pim sparse-mode
standby version 2
standby 1 name HSRP1
standby 500 ip 192.168.227.158
standby 500 timers 1 3
standby 500 priority 150
standby 500 preempt
standby 500 track 500 decrement 150
sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route,
x - VxLAN group
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.192.0.22), 00:05:36/00:02:18, RP 0.0.0.0, flags: SP
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null
Router 01 (Standby HSRP Router)
interface GigabitEthernet0/1
ip address 192.168.227.154 255.255.255.248
ip pim redundancy HSRP1 hsrp dr-priority 150
ip pim sparse-mode
standby version 2
standby 1 name HSRP1
standby 500 ip 192.168.227.158
standby 500 timers 1 3
standby 500 priority 150
standby 500 preempt
standby 500 track 500 decrement 150
sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route,
x - VxLAN group
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.192.0.22), 00:05:36/00:02:18, RP 0.0.0.0, flags: SP
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null
10-06-2020 08:32 AM - edited 10-06-2020 08:40 AM
Hello @conor.maton ,
Paul Driver is right if you decided to go with manual RP configuration you need to configure this on all PIM routers not only on the RP device itself and also the firewalls as they act as PIM SM multicast routers.
Let's compare the output from R1:
>>(*, 239.192.0.22), 00:05:36/00:02:18, RP 0.0.0.0, flags: SP
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list: Null
incoming interface Null, outgoing interface null and RP 0.0.0.0 means that this device does not know what RP address to use and this prevents PIM SM processes to happen.
you could use bootstrap protocol but you need explicit configuraton to have candidate BSR and candidate RPs on different nodes.
You see the difference with
(*, 239.192.0.22), 00:03:18/00:02:35, RP 192.168.1.74, flags: SJCL
Incoming interface: Vlan500, RPF nbr 192.168.227.158
Outgoing interface list:
Vlan350, Forward/Sparse, 00:03:18/00:02:22
on Core switch 1 here the RP is known there is an incoming interface and there is an outgoing interface.
Also Georg's notes about unicast routing possible issues can apply
Hope to help
Giuseppe
10-06-2020 08:47 AM
Hi Giuseppe,
Thanks for your reply.
Ok so we are getting somewhere with this which is good. My thooughts below:
you could use bootstrap protocol but you need explicit configuraton to have candidate BSR and candidate RPs on different nodes.
How could this be implemented onto my topology?
10-06-2020 08:58 AM
Hello @conor.maton ,
1) All routers and firewalls must know RP address because they first join the shared tree rooted at the RP and then they switch to the source based tree rooted at the source PIM DR. The easiest way is to configure ip pim rp on all of them
Please notice that you need to ensure that the router that is active on HSRP is also the PIM DR on the LAN segment where the source or receiver is connected (these are the kind of issues that HSRP can create).
2) It is not clear what the firewall vendor is . bootstrap protocol is standard in PIM version 2. If the network is not much bigger then this I would try with manual RP option.
Hope to help
Giuseppe
10-06-2020 09:10 AM
1) All routers and firewalls must know RP address because they first join the shared tree rooted at the RP and then they switch to the source based tree rooted at the source PIM DR. The easiest way is to configure ip pim rp on all of them
Ok thank you for the clarification. See my response to point 2.
Please notice that you need to ensure that the router that is active on HSRP is also the PIM DR on the LAN segment where the source or receiver is connected (these are the kind of issues that HSRP can create).
I am guessing you mean HSRP Aware PIM? See output from Core Switch 01:
ABW-SISS-LAN-CSW001#sh ip pim neighbor
PIM Neighbor Table
Mode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority,
P - Proxy Capable, S - State Refresh Capable, G - GenID Capable,
L - DR Load-balancing Capable
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
192.168.227.153 Vlan500 1w0d/00:01:23 v2 1 / S P G
192.168.227.154 Vlan500 1w0d/00:01:43 v2 1 / S P G
2) It is not clear what the firewall vendor is . bootstrap protocol is standard in PIM version 2. If the network is not much bigger then this I would try with manual RP option.
All devices are Cisco and running PIM SM (the Firewall is a CIsco ASA 5515-X and I don't believe you explicitly configure the mcast protocol type). That's why I was surpised that I may have to configure the RP on all devices. How can I activate Boostrap protocol?
10-06-2020 01:37 PM
Hello @conor.maton ,
see the following thread
You can have the bsr candidate and the RP candidate to be on th same device
You need to use a Loopback interface as the address referenced for both the RP and bsr.
The loopback has to be advertised in IGP or via static routes all devices must be able to send traffic to the loopback address
global config
ip pim bsr Loopback0 100
ip pim rp-candidate Loopback0
check on all devices
show ip pim rp mapping
If you have ASA firewall I would try to use manual RP first as I am not sure it is able to support bootstrap.
Hope to help
Giuseppe
10-06-2020 01:59 PM - edited 10-06-2020 02:01 PM
As a test I have tried adding the PIM RP address manually on all devices. Does the output from show IP mroute look better to you on Core Switch 01 and Routers 01 & 02?
Core Switch 01
sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route,
x - VxLAN group
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.192.0.22), 06:47:59/00:02:56, RP 192.168.1.74, flags: SJCL
Incoming interface: Vlan500, RPF nbr 192.168.227.158
Outgoing interface list:
Vlan350, Forward/Sparse, 06:47:59/00:02:39
Router 01
sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route,
x - VxLAN group
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.192.0.22), 06:37:07/00:02:50, RP 192.168.1.74, flags: SP
Incoming interface: GigabitEthernet0/0/0, RPF nbr 192.168.232.69
Outgoing interface list: Null
Router 02
sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route,
x - VxLAN group
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 239.192.0.22), 06:38:07/00:02:45, RP 192.168.1.74, flags: SP
Incoming interface: GigabitEthernet0/0/0, RPF nbr 192.168.232.69, Mroute
Outgoing interface list: Null
I cannot see a route to 239.192.0.22 in Switch Stack 01 despite addig the RP config to 192.168.1.74...
Switch Stack 01
sh ip mroute 239.192.0.22
Group 239.192.0.22 not found
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide