Solved: Tale of two (multicast) routers

mkaften · ‎05-06-2011

I've posted this situation before, but have never gotten an adequate answer or explanation. Here's hoping it will be different this time:

I have two routers, both multicast-enabled, on a single Lan. In this case, they are 2801s, but they could be any model. They are both connected to a 3650G switch. Each router is connected to a different upstream multicast publisher, via their WAN ports. Completely different multicast streams and different group addresses. Both run PIM sparse-mode. There are host machines on the same Lan, connected to the same 3560 switch, and these hosts join various multicast groups from each router, and receive data from both routers. All available groups are being requested by the host machines, so each router is forwarding all of the upstream multicast data it has access to.

The problem: each multicast router is receiving all the multicast data packets from the OTHER multicast router on the switch, to the point where each router is being crippled by the other.

Reasons this should not be happening:

1. the 3560G switch runs IGMP snooping, and neither router has joined any multicast groups belonging to the other router.

2. the two router ports on the 3560 switch are in Protected mode, so each router should not be receiving ANY multicast data from the other.

3. despite #2 above, Protected mode seems to be working, because each router thinks it's the only MC router on the Lan ("show ip PIM neighbor" shows no other local router).

And yet, each router gets all the data from the other router.

I understand that certain multicast packets, such as all join messages, will be heard by both routers. But router A should not care about Join messages for groups that router B delivers. But the routers are hammering each other with regular multicast data, which should ONLY be forwarded by the switch if the router was joining that group.

I've spoken to other people who have noticed the same problem. To date, the only viable solution that people seem to use is buying bigger and more powerful routers to withstand the onslaught of data from the other guy. That's ridiculous IMO...unless there is really no answer. But shouldn't there be?

Forget giving me a REAL solution to this problem (although if you can do that, you have my gratitude). Can ANYONE please explain to me why this is happening?

mlund · ‎05-09-2011

Hi

As a result of receiving a igmp query from the router a switch will always start to forward all multicast to the router.

Try to implement rgmp " http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008011c11b.shtml"

to avoid this. Or let the two routers talk pim to each other and start pim-snooping.

/Mikael

View solution in original post

Mohamed Sobair · ‎05-06-2011

Hi,

This shouldnt happen, since you have totally different Groups for multicast streams, Only the respective ROuter will be the IGMP Querior and DR on the the LAN segment for its particular Group.

Would you please describe, how you both routers learn about each other's multicast Data, what steps has been done to check this out?

Regards,

Mohamed

mkaften · ‎05-06-2011

Hi Mohamed,

You say "this shouldn't happen" and you are so right! That's why I've posted here, and this isn't the first time.

Each router shows itself as the only multicast router on the Lan. "show ip pim neighbor" shows only the upstream router, not the routers on the local Lan.

Each router "learns about each others' multicast data" because the switch is forwarding it to them. That's it!! The routers have not joined these groups, and yet they get the data. Why??

Regards,

Mitch

mkaften · ‎05-06-2011

OK, here's an additional piece of info I just got. The 3560 switch seems to show the routers as belonging to every multicast group! ("show ip igmp snoop groups"). And yet the routers have not joined these groups (to my knowledge). How can I prevent the switch from thinking the router is a member of every group?

mkaften · ‎05-06-2011

I did a debug on one of the routers to see if it was issuing IGMP Join messages. Nothing. I noticed that on the 3560 switch you can set up an IGMP filter on a switchport, but all it does is restrict the Join messages to certain multicast addresses. Since the routers are not issuing any Join messages, it wouldn't help. Help!

mlund · ‎05-09-2011

Hi

As a result of receiving a igmp query from the router a switch will always start to forward all multicast to the router.

Try to implement rgmp " http://www.cisco.com/en/US/products/hw/switches/ps700/products_tech_note09186a008011c11b.shtml"

to avoid this. Or let the two routers talk pim to each other and start pim-snooping.

/Mikael

mkaften · ‎05-09-2011

Thanks Mikael, very interesting!

I can't quite believe the statement that Cisco makes: "the switch floods IP multicast packets on all multicast router ports by default, even if there are no multicast receivers downstream". Why would they want such a design? It goes against everything that multicasting is supposed to be about. Packets should only be forwarded when there is a downstream request. Am I wrong? Am I missing something? What other purpose could possibly be served for having the default behavior?

Unfortunately for me, it seems that neither RGMP or PIM snooping exist on my switch. I guess I'll have to upgrade my switch or maybe my IOS feature pack, in order to have a network where multicasting does what it should be doing all along.

Regards,

Mitch

mkaften · ‎05-09-2011

I believe this feature is only available on the high-end 6500 series switch--a device that least needs it. The weaker switches are where it is necessary. Thank you, Cisco!!

mkaften · ‎05-16-2011

Pim snooping is only available on very high-end switches, so I'm stuck, but I'm thinking of a workaround:

Let's say there were several multicast routers on this Lan instead of just 2. What if I reconfigured the switch to use "CGMP" as the mrouter learning method, instead of the default "PIM-DVMRP"? Since no routers on the switch use CGMP, it might not recognize any of these ports as mrouter ports, and therefore would not flood all multicast packets to those ports. I could then manually configure an mrouter port on one of the router ports where the router is a powerful one, or use the VLan interface as a querier...do you see where I'm going? Does this make any sense? I'm trying to get the switch to stop recognizing some router ports as mrouter ports.