Solved: Multicast Local LAN - RP configuration

ryandutton · ‎10-20-2011

Hello all.

I am trying to determine the best solution for containing a particular multicast within a local LAN. Our network consist of approximately 50 remote sites with three core locations. Currently our multicast configuration involves using ip pim sparse-mode. Our RP addresses are configured on loopback interfaces on each 6509 at the three core locations:

interface Loopback1

description --- Anycast RP Address ---

ip address 10.255.255.1 255.255.255.255

ip pim sparse-mode

At each of the remote locations on our various core switches, we are running the following multicast ACL:

ip access-list standard mcast-boundary-acl

remark *** Forward Link Local groups ***

permit 224.0.0.0 0.0.0.255

remark *** Forward Enterprise Scope groups ***

permit 239.195.0.0 0.0.255.255

remark *** Block all other groups

deny 224.0.0.0 15.255.255.255 ip access-list standard mcast-boundary-acl
remark *** Forward Link Local groups ***
permit 224.0.0.0 0.0.0.255
remark *** Forward Enterprise Scope groups ***
permit 239.195.0.0 0.0.255.255
remark *** Block all other groups
deny 224.0.0.0 15.255.255.255

This ACL is applied to the uplink interface to the WAN on each remote core switch. There is no RP address configured on the remote site core switches.

I want to be able to contain one of our multicast streams within the local LAN at each remote location. I tried using a multicast IP of 239.194.80.254 at one of these sites and the multicast stream was not working. I have determined this is because this multicast range is being blocked by the ACL and there is no RP address on the local core.

What is the best solution to resolve my situation? I have thought of creating a RP address on the core at the facility of 10.255.255.2 because multicast will use RP with the lowest IP first. Would this create problems with other multicasts?

Thanks :-)

Vaibhava Varma · ‎10-20-2011

Hi ryandutton

Can you please explain in more detail what do you mean by ---Containing Multicast Streams with the Local LAN

I want to be able to contain one of our multicast streams within the local LAN at each remote location. I tried using a multicast IP of 239.194.80.254 at one of these sites and the multicast stream was not working.

From your description it seems you are using Anycast RP Solution with MSDP peering betweent the 3 Core Locations and the Local LAN of a Remote Location will be served by the nearest IGP based on the best metric.

Why do you want to create a separate RP Address when we are already using Anycast Solution ?

Regards

Varma

View solution in original post

Vaibhava Varma · ‎10-27-2011

Hiryandutton

Unfortunately I can not access the document

MSDP is good when we need mcast traffic between two different mcast domains who have their own RPs such as in Inter-AS scenario. Even MSDP is used to achive Anycast RP solution to sync the RPs to each other. Now here using MSDP is only meant for achieving mcast communication from Local Site to Remote-Sites via Core-Sites Anycast RP.

If we do not have intersted mcast receivers at the remote locations then there would be no harm except for the RPs knowing about the local mcast groups. But in my personal opinion this would be more easy to implement as we will not need any ACL here except onr for the multicast boundary on the external interfaces from the local sites to restric RP-mcast addresses 224.0.1.39 and 224.0.1.40.

Again in the above solution if we are allowing 224.x.x.x range we need to make sure that the above two addresses are blocked otherwise else there would be conflict in RP-Mappings. Also the above solution will not only need ACL but some kind of Policy based routing which can look at the mcast group addresses and set the RP..Really I am not aware of yet as never thought for and seems to me will be some challenge there.

Hope this answers your query.

Regards

Varma

View solution in original post

Vaibhava Varma · ‎10-20-2011

Hi ryandutton

Can you please explain in more detail what do you mean by ---Containing Multicast Streams with the Local LAN

I want to be able to contain one of our multicast streams within the local LAN at each remote location. I tried using a multicast IP of 239.194.80.254 at one of these sites and the multicast stream was not working.

From your description it seems you are using Anycast RP Solution with MSDP peering betweent the 3 Core Locations and the Local LAN of a Remote Location will be served by the nearest IGP based on the best metric.

Why do you want to create a separate RP Address when we are already using Anycast Solution ?

Regards

Varma

ryandutton · ‎10-25-2011

Can you please explain in more detail what do you mean by ---Containing Multicast Streams with the Local LAN

I want to be able to contain one of our multicast streams within the local LAN at each remote location. I tried using a multicast IP of 239.194.80.254 at one of these sites and the multicast stream was not working.

With the multicast ACL we have configured on every one of our core switches, we are only allowing multicast streams in the 224.X.X.X & 239.195.X.X ranges to cross over our WAN connections. This allows the source of a multicast stream to be located at one location and provide the multicast stream to any other location ACROSS the WAN connection to receive the stream (i.e. ccm music on hold). Each location has a MetroEthernet WAN connections of 10Mbps. In each local LAN at every one of these sites, I want to enable multicast in which the source and the receivers are in the same LAN. I want to prevent this particular multicast stream from being accessible across the WAN connections. Since we only have RP addresses set up on the three core sites (accessible only across the WAN connections), the multicast ACL is preventing any other multicast range from accessing the RP. I'm not sure how to configure multicast to run only inside the local LAN using pim sparse-mode without an accessible RP. My thought is that I create a RP at each location with a higher IP than the RPs currently on the core switches.

From your description it seems you are using Anycast RP Solution with MSDP peering betweent the 3 Core Locations and the Local LAN of a Remote Location will be served by the nearest IGP based on the best metric.

Why do you want to create a separate RP Address when we are already using Anycast Solution ?

Because pim sparse-mode does not work unless an RP address is accessible and any multicast range other than 239.195.X.X can not access the RP address because of the multicast ACL.

Vaibhava Varma · ‎10-25-2011

Hi ryandutton

So as I understand by reading the above requirement we want to ahve here Multicast within the Local LAN at each remote site and only selected multicast traffic needs to cross-over the WAN. Is that correct ?

Below is a very helpful document for using Multicast Traffic on the local lan within same VLAN spanning multiple L2 Switches. We don't need RP for that. We just need to make sure the Local LAN Multicast groups fall outside the Multicast ACL range.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008059a9df.shtml

Now regarding the rest of multicast traffic which has to cross over WAN we can still keep the Anycast RP Model and make sure to allow the RP Address 224.0.1.39 and 224.0.1.40 in the Multicast ACL. which I think is already allowed.

Hope this brings some insight in the traffic flow requirement.

Regards

Varma

ryandutton · ‎10-25-2011

So as I understand by reading the above requirement we want to ahve here Multicast within the Local LAN at each remote site and only selected multicast traffic needs to cross-over the WAN. Is that correct ?

That is correct.

Below is a very helpful document for using Multicast Traffic on the local lan within same VLAN spanning multiple L2 Switches. We don't need RP for that. We just need to make sure the Local LAN Multicast groups fall outside the Multicast ACL range.

The document you referenced only discusses requirements for multicast on a single VLAN. My local LAN at each site consists of the source device and destination devices being on separate VLANs. Would "ip pim-sparse-dense mode" be the best approach to address my situation or should I create a second RP on each core at every remote site with a higher IP address than the RPs on the three main core switches?

Vaibhava Varma · ‎10-25-2011

Hi ryandutton

If we need selective mcast traffic at the Local LAN among different VLANs and selective mcast traffic to cross the WAN using Anycast RP then I would suggest we can go for a local RP at each such remote site and run MSDP between the across the WAN RPs and Local RP and filter the 224.0.1.39 and 224.0.1.39 across WAN too.. This will be a typical Inter-AS Mcast scenario using MSDP.

I hope you are getting my point.

Coming back to the PIM-SM DM concept since we would not be filtering the 224.0.1.39 & 224.0.0.40 addresses and hence there would be conflict in the RP-Mappings and also across the WAN mcast traffic would not go fine. SO in my perosnal thinking Option 1 to do MSDP peering would be the best while blocking the RP-Related mcast addresses.

Hope this clarifies my viewpoint on the requirement. Do let me know for any more clarifications.

Regards

Varma

ryandutton · ‎10-27-2011

If we need selective mcast traffic at the Local LAN among different VLANs and selective mcast traffic to cross the WAN using Anycast RP then I would suggest we can go for a local RP at each such remote site and run MSDP between the across the WAN RPs and Local RP and filter the 224.0.1.39 and 224.0.1.39 across WAN too.. This will be a typical Inter-AS Mcast scenario using MSDP.

I hope you are getting my point.

I found a good Cisco document that may be able to help me achieve what I am trying to do:

http://www.cisco.com/en/US/customer/tech/tk828/technologies_tech_note09186a0080094821.shtml#autowithmult

If I am correct, I will leave the RP configurations at the three core sites and the multicast ACL alone. At each remote location, I will create a RP address on the core switch with a higher IP address of 10.255.255.2. I will create an ACL on the core switch to direct multicast traffice in the 224.X.X.X and 239.195.X.X ranges to use RP ath the three core sites. I will create another ACL to direct the internally-contained multicast traffic in the 239.194.X.X range to use RP that I configured on the remote core.

I'm confused as to why I need to configure MSDP on the remote cores. The RPs configure on each remote core are only for local LAN multicast traffic. Why does the rest of the network need to be aware of theses RPs at each site?

Please reply on your thoughts, concers, etc...

Vaibhava Varma · ‎10-27-2011

Hiryandutton

Unfortunately I can not access the document

MSDP is good when we need mcast traffic between two different mcast domains who have their own RPs such as in Inter-AS scenario. Even MSDP is used to achive Anycast RP solution to sync the RPs to each other. Now here using MSDP is only meant for achieving mcast communication from Local Site to Remote-Sites via Core-Sites Anycast RP.

If we do not have intersted mcast receivers at the remote locations then there would be no harm except for the RPs knowing about the local mcast groups. But in my personal opinion this would be more easy to implement as we will not need any ACL here except onr for the multicast boundary on the external interfaces from the local sites to restric RP-mcast addresses 224.0.1.39 and 224.0.1.40.

Again in the above solution if we are allowing 224.x.x.x range we need to make sure that the above two addresses are blocked otherwise else there would be conflict in RP-Mappings. Also the above solution will not only need ACL but some kind of Policy based routing which can look at the mcast group addresses and set the RP..Really I am not aware of yet as never thought for and seems to me will be some challenge there.

Hope this answers your query.

Regards

Varma