cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1191
Views
0
Helpful
2
Replies

Block Multicast group RP

rtjensen4
Enthusiast
Enthusiast

Hello,

I am looking for a way to block a specific multicast group on the network that does not entail me touching all my devices to update an ACL or somthing. I was thinking, if the multicast group didnt have an RP, it would keep it off the WAN and limit it to a local segment, which is OK.

I'm trying to block 239.255.255.200, Printers and a few other things are babbling across it and there's no need for it to go across the WAN. I'm using PIM-SM and was using a static Anycast RP (with MSDP between them). So... I fired up GNS3, setup our network and started monkeying with AutoRP. AutoRP would seem to do the trick because it will recognize negative statements in the ACL. I have it setup and running in the "lab". I hae a mapping agent and the candidate RP. Assume PIM is working as expected.

Candidate RP:

R1= Candidate RP:

R1(config-std-nacl)#do sh access-list 1

Standard IP access list 1

    5 deny   239.255.255.200

    10 permit 224.0.0.0, wildcard bits 15.255.255.255

ip pim send-rp-announce 10.10.250.1 scope 25 group-list 1 interval 5

R2= Mapping Agent:

ip pim autorp listener

ip pim send-rp-discovery Loopback0 scope 200

R3= A Branch Router:

R4#sh ip pim rp mapping

PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4

  RP 10.10.250.1 (?), v2v1

    Info source: 192.168.250.37 (?), elected via Auto-RP

         Uptime: 00:16:46, expires: 00:02:33

Group(s) (-)239.255.255.200/32

  RP 10.10.250.1 (?), v2v1

    Info source: 192.168.250.37 (?), elected via Auto-RP

         Uptime: 00:08:33, expires: 00:02:36

So AutoRP seems to be working, my RP mappings are getting to my branch... What does the ( - ) next to the group i want to deny signify? will it not use that RP for that group?

2 Replies 2

Peter Paluch
Hall of Fame Cisco Employee Hall of Fame Cisco Employee
Hall of Fame Cisco Employee

Hello,

This configuration causes the Candidate RP to announce its willingness to be a RP for all multicast groups except 239.255.255.200. The problem with this configuration is that this group basically does not have a RP and if the routers are configured as ip pim sparse-dense-mode they will fall back to PIM-DM operation for this particular group. This would be remedied best by reconfiguring the entire network for ip pim sparse-mode or no ip pim dm-fallback.

A different solution would be to have your Candidate RP become an RP for all groups, and then use the ip pim accept-register list ACL command on this RP to filter out all PIM Register messages that are coming for a particular (S, G), in this case, the (*, 239.255.255.200).

See more about the command here:

http://www.cisco.com/en/US/docs/ios-xml/ios/ipmulti/command/imc_i3.html#GUID-A3887644-DD8D-4621-B6F2-911191337439

Best regards,

Peter

rtjensen4
Enthusiast
Enthusiast

Thanks Peter. I'm not using sparse-dense. Mode. I'm using ip pim autorp listener to avoid that behavior. I haven't had a chance to check the link you included, but I will so later today.

Sent from Cisco Technical Support iPhone App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers