cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
727
Views
5
Helpful
3
Replies

Multicast Sparse-mode

AymanMunassar
Level 1
Level 1

Hello dears

       I have a doubt in the effect of the access list between the following commands:

 

access-list 1 permit 224.0.0.0 0.255.255.255

!

ip pim rp-address x.x.x.x 1

ip pim accept-rp x.x.x.x 1

1 Accepted Solution

Accepted Solutions

Hello Ayman,

>> Can we say both have the same effect?

Absolutely no.

Again let's make an example :

a multicast stream is described as (S,G) = (10.110.240.5, 224.255.225.4)

 

lets say that x.x.x.x = 10.255.255.1 is the loop0 of R1 advertised in OSPF

 

access-list 1 permit 224.0.0.0 0.255.255.255

 

on all routers R1 - RN we put

 

ip pim rp address 10.255.255.1 1

 

The meaning is for Groups G with first byte 224 please send traffic to the RP 10.255.255.1

 

The flow above is checked and it matches ACL 1 :

Source                Group

(10.110.240.5, 224.255.225.4)

   ^                             ^

ACL 12                 ACL 1

 

 

 

 

 

on R1

we can put the command

access-list 12 permit 10.110.0.0 0.0.255.255

 

 

ip pim rp-accept 12

 

When the first packet is sent to RP R1 the source is checked this time against ACL 12

 

Source                Group

(10.110.240.5, 224.255.225.4)

^                               ^

ACL 12                ACL 1

 

 

if the source was 10.224.240.5 the RP would reject the registration even if the group 224.255.225.4 matches ACL 1.

 

I hope it is more clear now

 

Hope to help

Giuseppe

 

View solution in original post

3 Replies 3

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Ayman,

your ACL 1 is currently matching all multicast addresses with first byte = 224.

 

The first command

ip pim rp-address x.x.x.x 1

 

configure a static RP for the groups matching ACL 1 with IP address x.x.x.x and needs to be configured on ALL PIM routers including the RP device (the one that owns the x.x.x.x address).

The meaning is that RP x.x.x.x will not be an RP for group 225.250.120.4 and will be for group 224.255.255.251.

 

The second command

ip pim accept-rp x.x.x.x 1

 

it is command that can be used on the RP node only, to decide what sources can register with the RP, so in you case it should use a different ACL describing a range of unicast IP addresses like

access-list 12 remark allowed sources

access-list 12 permit 10.101.0.0 0.0..255.255

 

ip pim accept-rp x.x.x.x 12

 

As you can see the commands have different meanings and what is most important the first one is needed in all nodes and the optional ACL refers to multicast addresses.

The second command is only useful on the RP acting node and allows to decide what are the acceptable sources that can register to the RP = send the initial packet inside a GRE packet with destination x.x.x.x.

Registering is performed by the PIM router near the source called the source PIM DR.

 

Hope to help

Giuseppe

 

 

Hope to help

Giuseppe

 

I is really helpful description of both commands, although, I am still stuck with the final effect of both commands. As you mentioned sir 

command 1 

The RP is allowed for group access-list x

command 2

The RP is allowed for sources of access-list x

 

Can we say both have the same effect?

Hello Ayman,

>> Can we say both have the same effect?

Absolutely no.

Again let's make an example :

a multicast stream is described as (S,G) = (10.110.240.5, 224.255.225.4)

 

lets say that x.x.x.x = 10.255.255.1 is the loop0 of R1 advertised in OSPF

 

access-list 1 permit 224.0.0.0 0.255.255.255

 

on all routers R1 - RN we put

 

ip pim rp address 10.255.255.1 1

 

The meaning is for Groups G with first byte 224 please send traffic to the RP 10.255.255.1

 

The flow above is checked and it matches ACL 1 :

Source                Group

(10.110.240.5, 224.255.225.4)

   ^                             ^

ACL 12                 ACL 1

 

 

 

 

 

on R1

we can put the command

access-list 12 permit 10.110.0.0 0.0.255.255

 

 

ip pim rp-accept 12

 

When the first packet is sent to RP R1 the source is checked this time against ACL 12

 

Source                Group

(10.110.240.5, 224.255.225.4)

^                               ^

ACL 12                ACL 1

 

 

if the source was 10.224.240.5 the RP would reject the registration even if the group 224.255.225.4 matches ACL 1.

 

I hope it is more clear now

 

Hope to help

Giuseppe

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco