09-27-2019 02:58 AM
Hello dears
I have a doubt in the effect of the access list between the following commands:
access-list 1 permit 224.0.0.0 0.255.255.255
!
ip pim rp-address x.x.x.x 1
ip pim accept-rp x.x.x.x 1
Solved! Go to Solution.
09-27-2019 04:35 AM
Hello Ayman,
>> Can we say both have the same effect?
Absolutely no.
Again let's make an example :
a multicast stream is described as (S,G) = (10.110.240.5, 224.255.225.4)
lets say that x.x.x.x = 10.255.255.1 is the loop0 of R1 advertised in OSPF
access-list 1 permit 224.0.0.0 0.255.255.255
on all routers R1 - RN we put
ip pim rp address 10.255.255.1 1
The meaning is for Groups G with first byte 224 please send traffic to the RP 10.255.255.1
The flow above is checked and it matches ACL 1 :
Source Group
(10.110.240.5, 224.255.225.4)
^ ^
ACL 12 ACL 1
on R1
we can put the command
access-list 12 permit 10.110.0.0 0.0.255.255
ip pim rp-accept 12
When the first packet is sent to RP R1 the source is checked this time against ACL 12
Source Group
(10.110.240.5, 224.255.225.4)
^ ^
ACL 12 ACL 1
if the source was 10.224.240.5 the RP would reject the registration even if the group 224.255.225.4 matches ACL 1.
I hope it is more clear now
Hope to help
Giuseppe
09-27-2019 03:47 AM - edited 09-27-2019 03:50 AM
Hello Ayman,
your ACL 1 is currently matching all multicast addresses with first byte = 224.
The first command
ip pim rp-address x.x.x.x 1
configure a static RP for the groups matching ACL 1 with IP address x.x.x.x and needs to be configured on ALL PIM routers including the RP device (the one that owns the x.x.x.x address).
The meaning is that RP x.x.x.x will not be an RP for group 225.250.120.4 and will be for group 224.255.255.251.
The second command
ip pim accept-rp x.x.x.x 1
it is command that can be used on the RP node only, to decide what sources can register with the RP, so in you case it should use a different ACL describing a range of unicast IP addresses like
access-list 12 remark allowed sources
access-list 12 permit 10.101.0.0 0.0..255.255
ip pim accept-rp x.x.x.x 12
As you can see the commands have different meanings and what is most important the first one is needed in all nodes and the optional ACL refers to multicast addresses.
The second command is only useful on the RP acting node and allows to decide what are the acceptable sources that can register to the RP = send the initial packet inside a GRE packet with destination x.x.x.x.
Registering is performed by the PIM router near the source called the source PIM DR.
Hope to help
Giuseppe
Hope to help
Giuseppe
09-27-2019 04:18 AM
I is really helpful description of both commands, although, I am still stuck with the final effect of both commands. As you mentioned sir
command 1
The RP is allowed for group access-list x
command 2
The RP is allowed for sources of access-list x
Can we say both have the same effect?
09-27-2019 04:35 AM
Hello Ayman,
>> Can we say both have the same effect?
Absolutely no.
Again let's make an example :
a multicast stream is described as (S,G) = (10.110.240.5, 224.255.225.4)
lets say that x.x.x.x = 10.255.255.1 is the loop0 of R1 advertised in OSPF
access-list 1 permit 224.0.0.0 0.255.255.255
on all routers R1 - RN we put
ip pim rp address 10.255.255.1 1
The meaning is for Groups G with first byte 224 please send traffic to the RP 10.255.255.1
The flow above is checked and it matches ACL 1 :
Source Group
(10.110.240.5, 224.255.225.4)
^ ^
ACL 12 ACL 1
on R1
we can put the command
access-list 12 permit 10.110.0.0 0.0.255.255
ip pim rp-accept 12
When the first packet is sent to RP R1 the source is checked this time against ACL 12
Source Group
(10.110.240.5, 224.255.225.4)
^ ^
ACL 12 ACL 1
if the source was 10.224.240.5 the RP would reject the registration even if the group 224.255.225.4 matches ACL 1.
I hope it is more clear now
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide