01-20-2011 06:48 AM - edited 03-06-2019 03:05 PM
I have a test network configured with a mix of Cisco and Juniper routers. Multicast traffic (PIM-SSM with ASM) properly flows through the entire network. I have a Cisco 3845 configured as the RP, and I am trying to use the "ip pim accept-register" command to deny certain groups from being registered with the RP.
No matter how I have configured the ACL used the by "ip pim accept-register" command, every group is still allowed to register with the RP. I am using the SSM 232.0.0.0/8 range, and I first configured the ACL to block 232.0.0.100, as such:
RP(config)# ip pim accept-register list RP-REGISTER
RP(config)# ip access-list extended RP-REGISTER
RP(config-ext-nacl)# deny ip any host 232.0.0.100
RP(config-ext-nacl)# permit ip any any
Using this configuration still allowed the 232.0.0.100 group to register with the RP. I then tried a much more extreme example, which also did not work:
RP(config)# ip pim accept-register list RP-REGISTER
RP(config)# ip access-list extended RP-REGISTER
RP(config-ext-nacl)# deny ip any any
Please let me know if there is any other configuration you would like to see in order to help out.
Thanks!
Solved! Go to Solution.
01-20-2011 07:07 AM
Hello Matthew,
the register message is a special message sent from source PIM router ( the one near the source) to the RP and it is used to send first packet before the RP joins the source based tree ( SPT switchover from RPT).
However, blocking this kind of messages have no effects on groups that are treated as SSM because in this case the register phase is simply skipped because in SSM there is no RP concept.
To check this feature you should use a group that is in the PIM ASM range.
for SSM groups this router is just like any other PIM node
Hope to help
Giuseppe
01-20-2011 06:58 AM
Hello Matthew,
what do you mean exactly with
>> every group is still allowed to register with the RP
do you see entries for the groups in show ip mroute?
Hope to help
Giuseppe
01-20-2011 07:00 AM
That is correct. I guess I meant that entries are still created in the multicast routing table, and the multicast stream I am sending across the network still reaches the receivers.
01-20-2011 07:07 AM
Hello Matthew,
the register message is a special message sent from source PIM router ( the one near the source) to the RP and it is used to send first packet before the RP joins the source based tree ( SPT switchover from RPT).
However, blocking this kind of messages have no effects on groups that are treated as SSM because in this case the register phase is simply skipped because in SSM there is no RP concept.
To check this feature you should use a group that is in the PIM ASM range.
for SSM groups this router is just like any other PIM node
Hope to help
Giuseppe
01-21-2011 06:01 AM
Giuseppe,
That did the trick! I re-configured some of the routers to use the 239.0.0.0/8 range instead, and I was able to observe the PIM register filter do its thing:
Jan 20 19:59:43.967: %PIM-4-INVALID_SRC_REG: Received Register from 192.168.16.1 for (172.16.3.100, 239.0.0.100), not willing to be RP
I knew that there was no such thing as an RP in PIM-SSM, but it didn't occur to me that simply using a different multicast group would have that effect... it's always something little that seems to be overlooked.
Thank you for your quick help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide