Only allow multicast traffic between two specific interfaces

Tom22 · ‎05-27-2021

Is it somehow possible to route the traffic of specific multicast stream between two interfaces and block it on all others, instead of letting the switch discovering the path itself?
Basically we would like to enforce that the traffic can only go via a specific egress interface, so that we can manage the bitrate capacity ourselves.
I think we don't need PIM, NMB etc. (not sure). Just a simple routing for a multicast group and source IP, between ingress and egress interface.

A lot of information can be found on the internet regarding multicast routing on Cisco, but it's hard to figure out the configuration that we need.

This is how we've imlemented it sucessfully on Arista switches
- disable PIM on the interfaces
- create a route between two interfaces using the following commands
- router multicast;ipv4;routing;route {multicastIP} {sourceIP} iif {sourceItf} oif {destinationItf}

Switch model:

Cisco Nexus N9K-C93180YC-FX

balaji.bandi · ‎05-27-2021

how about ACL ? what device is this ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Tom22 · ‎05-27-2021

Cisco Nexus N9K-C93180YC-FX

chrihussey · ‎05-27-2021

I've never had to implement it, but look into defining a static multicast route (ip mroute command).

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/multicast/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Multicast_Routing_Configuration_Guide/b_Cisco_Nexus_9000_Series_NX-OS_Multicast_Routing_Configuration_Guide_chapt...

Looks like you base it on the multicast source and point it to the interface you want it to take. Seems to be no control in specifying which multicast groups it applies to though.

Hope this helps

Harold Ritter · ‎05-27-2021

Hi @Tom22 ,

You should be able to do more or less what you do on the Arista box by configuring the following.

"ip pim sparse-mode" on the ingress and egress interface

and

"ip igmp static-oif <multicast group address> source <source ip address>" on the egress interface.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Elliot Dierksen · ‎05-27-2021

If you only apply the "ip pim sparse-mode" on the interfaces you want to be used, then multicast won't be active on any other interfaces.

Tom22 · ‎05-27-2021

All interfaces will be used for multicast, so we cannot disable it for the whole interface. But we want full control over which multicast goes to which egress interface to be able to manage the capacity of that link.

"ip igmp static-oif <multicast group address> source <source ip address>" on the egress interface.

Will the multicast not automatically switch to another interface when the link goes down for whatever reason? Another big downside of this approach is that other multicasts are not blocked by default and thus potentially interfering with our streams. How can we make sure that only the traffic we want goes through the interface?

paul driver · ‎05-28-2021

Hello

@Tom22 wrote:

Is it somehow possible to route the traffic of specific multicast stream between two interfaces and block it on all others, instead of letting the switch discovering the path itself?

You can negate an interface to join or be denied to join a specific group thus allowig MC through the pim interface but you are controlling what is allowed.

ip access-list standard noMC
deny 224.x.x.x.
permit any

int x/x
ip igmp access-group noMC

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Tom22 · ‎05-28-2021

The following page seems to describe exactly what we want to achieve: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/ip-fabric-for-media/solution/guide/b-cisco-nexus-9000-nx-os-ip-fabric-for-media-solution-guide-93x/b-cisco-nexus-9000-nx-os-ip-fabric-for-media-solution-guide-93x_chapter_011..... Especially the 'Configuring an NBM VRF for Static Flow Provisioning' section.
"You can configure an NBM VRF for static flow provisioning, which allows the NBM fabric to form a multicast flow with assistance from an external controller."
But for some reason we are not able to execute the steps on that page.

First we change the NBM mode to passive:
- configure terminal
- nbm vrf nbm
- nbm mode pim-passive

Then we continue with establishing a flow:
- nbm flow-definition 235.1.1.13 100.1.1.40

After the last command we get the following error: "flow-definition cannot be configured when NBM is in PIM-PASSIVE mode".

Is there something else that needs to be enabled/disabled first? Other required steps?