cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4244
Views
0
Helpful
4
Replies
Highlighted
Beginner

Multicast and ip pim accept-register

I have a test network configured with a mix of Cisco and Juniper routers. Multicast traffic (PIM-SSM with ASM) properly flows through the entire network. I have a Cisco 3845 configured as the RP, and I am trying to use the "ip pim accept-register" command to deny certain groups from being registered with the RP.

No matter how I have configured the ACL used the by "ip pim accept-register" command, every group is still allowed to register with the RP. I am using the SSM 232.0.0.0/8 range, and I first configured the ACL to block 232.0.0.100, as such:

RP(config)# ip pim accept-register list RP-REGISTER
RP(config)# ip access-list extended RP-REGISTER

RP(config-ext-nacl)# deny ip any host 232.0.0.100
RP(config-ext-nacl)# permit ip any any

Using this configuration still allowed the 232.0.0.100 group to register with the RP. I then tried a much more extreme example, which also did not work:

RP(config)# ip pim accept-register list RP-REGISTER
RP(config)# ip access-list extended RP-REGISTER

RP(config-ext-nacl)# deny ip any any

Please let me know if there is any other configuration you would like to see in order to help out.

Thanks!

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hello Matthew,

the register message is a special message sent from source PIM router ( the one near the source) to the RP and it is used to send first packet before the RP joins the source based tree ( SPT switchover from RPT).

However, blocking this kind of messages have no effects on groups that are treated as SSM because in this case the register phase is simply skipped because in SSM there is no RP concept.

To check this feature you should use a group that is in the PIM ASM range.

for SSM groups this router is just like any other PIM node

Hope to help

Giuseppe

View solution in original post

4 REPLIES 4
Highlighted
Hall of Fame Master

Hello Matthew,

what do you mean exactly with

>> every group is still allowed to register with the RP

do you see entries for the groups in show ip mroute?

Hope to help

Giuseppe

Highlighted

That is correct. I guess I meant that entries are still created in the multicast routing table, and the multicast stream I am sending across the network still reaches the receivers.

Highlighted

Hello Matthew,

the register message is a special message sent from source PIM router ( the one near the source) to the RP and it is used to send first packet before the RP joins the source based tree ( SPT switchover from RPT).

However, blocking this kind of messages have no effects on groups that are treated as SSM because in this case the register phase is simply skipped because in SSM there is no RP concept.

To check this feature you should use a group that is in the PIM ASM range.

for SSM groups this router is just like any other PIM node

Hope to help

Giuseppe

View solution in original post

Highlighted

Giuseppe,

That did the trick! I re-configured some of the routers to use the 239.0.0.0/8 range instead, and I was able to observe the PIM register filter do its thing:

Jan 20 19:59:43.967: %PIM-4-INVALID_SRC_REG: Received Register from 192.168.16.1 for (172.16.3.100, 239.0.0.100), not willing to be RP

I knew that there was no such thing as an RP in PIM-SSM, but it didn't occur to me that simply using a different multicast group would have that effect... it's always something little that seems to be overlooked.

Thank you for your quick help.

Content for Community-Ad