Re: 3750X and 4948-10GE Multicast Video

swilsonnc · ‎11-27-2022

Hi, I am in need of a little guidance here. I currently have a working 3750x and 4948-10GE multicast routing setup that works just fine. The 3750 and 4948 both have Vlan10 and a subnet of 10.100.1.0/24 for the multicast network. They are connected together using switchport access and a port-channel for ports 45-48 on each switch. They each have a mixture of multicast servers and hosts on them. They have been working with with pim sparse-mode enabled (no flooding) no issues for several years now.

I also have a separate network in another location of a single 4948-10GE running Vlan10 and a subnet of 10.100.10.0/24. This one is a multicast network as well with several servers and hosts. It has been working fine for a couple years now.

Here is where the problems start. I have a 1Gig link setup between the 2 networks and want to share each networks multicast streams with the other (not all, selected streams). I can bring the link up with no issues with switchport access vlan 10 on each side and I can see all of the streams on ech network but it is flooding the link. I have PIM sparse-mode working in each network successfully but it is not working over the link it seems. I can ping between the 2 subnets on Vlan10.

Can someone please help me figure out why PIM sparse-mode is not working correctly over the link so the flooding will stop?

Network 1
3750 (G1/0/45 - 48) ------> 4948-10GE-SW2 (G1/45-48) using Port-channel1

Network 2 is a single 4948-10GE (SW1)

Goal
3750 (G1/0/45 - 48) ------> 4948-10GE-SW2 (G1/45-48) using Port-channel1 - Vlan10 subnet 10.100.1.0/24
3750 (G1/0/41) ----------> 4948-10GE-SW1 (G1/1) - Vlan10 subnet 10.100.10.0/24

mlund · ‎11-30-2022

Hi

This is normal behavior in this setup. Becuase you have vlan 10 shared on both switches, so igmp querier is seen on other side of link, and therefore mcast is sending over the link.

I would suggest you have different vlan on each side, and a new vlan between them and do routing between the sites over this new vlan. This way 10.100.1.0 network is only on sw1 side, and 10.100.10.0 network is only on sw2 site. You also have to configure RP to get mcast to work in the new scenario.

/Mikael

swilsonnc · ‎11-30-2022

Thank you for the reply. It was setup with 2 different Vlan's before and I have tried it that way a few different ways. It seems I just cannot keep the 1Gig link from flooding (maybe that is by design and there is nothing I can do). I have tried configuring RP and such. I was really only trying to get a handfull of streams over the connection and not all of them. I ended up connecting the source and receiver to another interface on the switches and in their own vlan. That's the only way I could get them to not flood the link with data I didn't want. I would be willing to try other things to figure out why this wasn't working if you have any other ideas.

mlund · ‎11-30-2022

The important thing is that the vlan 10 on each side should not be allowed on the link between the 2 switches. Only the new vlan be allowed. (vlan 5 for management can also be allowe as long no mcast is configured on that) For example, create vl 99 on both sides, asigne an ip in each side (192.168.1.1 and 192.168.1.2 for example), change the static routes on both sides to point to next side via this 192.168.1.1 or 2. Enable mcast with ip pim sparse-mode, not ip pim sparse-dense. Configure the rp, eventuallly with an access-list that controlls what mcast groups should be allowed. After that mcast should only be sent over the link if someone want to listen for a group.

swilsonnc · ‎12-01-2022

Thanks, that makes sense and Ii will try that. Would the 3750X or the 4948-10GE be able to run as the RP (would I have to enable ip routing)? If not I am guessing I would have to configure a router-on-a-stick as the RP?

Lets say I tried this. Would you have any example code for the access-list that can be used to let 1 group through from the 3750X to 4948-SW1? Thanks

mlund · ‎12-06-2022

For this to work you have to enable ip routing, if you use router-on-a-stick it will still flood the gigport because all traffic will go to the router.

Chose one of the ip addresses for the rp, and a access-list where you specify the allowed mcast. Configure this in both switches. for example

ip pim rp-address 192.168.1.1 30

access-list 30 permit host 239.1.2.3

swilsonnc · ‎12-06-2022

Thank you, I will give this a try and see what happens.

swilsonnc · ‎12-09-2022

So the attempt at the access-list on the group did not work. It has no affect to set the access-list to permit a MC group. If I permit the source ip that the group originates from then it works but allows all of the MC groups from that IP. If there are 8 groups it allows all 8 to go out the interface. It works but still isn't what I am needing.

Here is a twist on the story. I have setup a test switch to mimic the connection and it floods the interface on it as well. I have tried many things to mitigate it but so far no luck with a 4948 and a 4948. I acquired a Juniper EX3400-48T and hooked it up to mimic the connection as well. I reset it to factory default and set it up minimal (totally different vlan with an ip, default multicast igmp and pim snooping etc). It works beautifully. It only streams what I need over the link. I have a host setup off of the juniper and am requesting the stream from it. It only sends the stream I want over the link. If I am not requesting a stream it sends nothing over the link. That is exactly what I need the cisco 4948 to do. I can send any config's you might need to figure this out.

Attached are the 2 4948 and the juniper config.

swilsonnc · ‎12-09-2022

Actually, I may have found a work-around sort of. Apparanetely the Juniper did not have pim enabled on the vlan or interface and that is why it wasn't being flooded. I used my test 4948 and disabled pim on the vlan and it seems to be working fine that way (no flooding, but can stream any group that I want). Since the remote system is only a single switch I should be able to turn PIM off on the Vlan in that switch and everything should work fine. The local switches need PIM but the remote switch shouldn't by itself. Does anyone see any reason this won't work?