Multicast over IRB - strange failure

fsebera · ‎09-28-2012

Looking for assistance with multicast over IRB interfaces. My full config below, works as expected on a Cisco 1760 router (IOS 12-4) but fails strangely on our Cisco 2800 (IOS 15-1) and Cisco 1941 G2 routers.

I use Windows 7 Enterprise and VLC 2.0.0 Two Flower as the multicast video receiver. On the 1760 router, I open VLC, request the video (rtp://@239.255.0.1:5004) and it plays flawlessly.

We have to upgrade the older outdated unsupported Cisco 1760 routers. We replace the Cisco 1760 router with a Cisco 1941 router. Configuration differs ONLY in the interface speeds; F0/0 to G0/0 and that is just bout it. Using the same Windows 7 Enterprise PC, I open VLC again and request the video -same as before; No video and no voice. We swap the 1941 out and put in the 1760 again, multicast works flawlessly. If we put the 1941 router back in, multicast fails again. We put the Cisco 2800 series router in and it also fails the same as the 1941 router.

Troubleshooting, I open VLC and request the same multicast video. On the same PC, I open Wireshark and start capturing packets, - and instantly the VLC video starts playing. I close Wireshark and the video stops. I open Wireshark and start capturing packets again and the VLC video starts playing again.

Wireshark shows the video packets are being received from the source when VLC is requesting the video. If I close VLC while Wireshark is capturing packets, Wireshark shows the video stream stops.

Shows the correct multicast sources, incoming and outgoing interface details

Incoming interface is Serial

Outgoing interface is BVI

Show ip pim rp

Reveals the correct RP details

show ip pim rp mapping

Display the correct details also.

Debug ip pim 239.255.0.1

Output matches the other peer stub; other stub does not use bridging.

TOPOLOGY:
This router is a single stub router with a single 2960 switch.

Source---2960_switch---WAN1----MPLS_Cloud---WAN3---2960_switch----PC_VLC_Receiver

WAN3 CONFIGURATION : - I included the entire config hoping to speed the resolution.

WAN3#sh run

configuration mode exclusive auto

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime

service timestamps log datetime

service password-encryption

service sequence-numbers

!

hostname WAN3

!

boot-start-marker

boot system flash:c1700-adventerprisek9-mz.124-25d.bin

boot-end-marker

!

security passwords min-length 14

logging buffered 51200 debugging

logging rate-limit console 10

enable secret --removed--

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

no ip source-route

no ip gratuitous-arps

ip cef

!

ip nbar pdlm flash:bittorrent.pdlm

ip nbar pdlm flash:citrix.pdlm

ip nbar pdlm flash:edonkey.pdlm

ip nbar pdlm flash:sap-app.pdlm

ip nbar pdlm flash:sap-msg.pdlm

ip nbar pdlm flash:winmx.pdlm

!

no ip dhcp use vrf connected

ip dhcp excluded-address 172.16.3.1 172.16.3.5

!

ip dhcp pool DHCP

network 172.16.3.0 255.255.255.0

domain-name IPKET

default-router 172.16.3.1

dns-server 172.16.1.2

lease 2

!

ip flow-cache timeout active 5

no ip bootp server

no ip domain lookup

ip domain name IPKET

ip multicast-routing

ip multicast netflow output-counters

ip multicast netflow rpf-failure

ip multicast auto-enable

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

login block-for 65535 attempts 3 within 1800

login quiet-mode access-class LOGIN

login on-failure log

login on-success log

!

ipv6 unicast-routing

ipv6 cef

!

password encryption aes

!

ip tcp selective-ack

ip tcp synwait-time 10

ip ssh time-out 30

ip ssh source-interface Loopback0

ip ssh version 2

!

class-map match-all COPP_DEFAULT

match access-group name DEFAULT

class-map match-all VIDEO

match dscp default

class-map match-all COPP_2

match access-group name CRITICAL

class-map match-all COPP_7

match access-group name UNDESIRABLE

class-map match-all COPP_6

match access-group name NORMAL

class-map match-any COPP_4

match access-group name IMPORTANT

match protocol arp

!

policy-map DROP

class VIDEO

drop

policy-map CONTROL-PLANE-POLICY

class COPP_2

police 512000 8000 conform-action transmit exceed-action transmit

class COPP_4

police 256000 4000 conform-action transmit exceed-action drop

class COPP_6

police 128000 2000 conform-action transmit exceed-action drop

class COPP_7

police 8000 1000 conform-action drop exceed-action drop

class class-default

police 64000 1000 conform-action transmit exceed-action drop

!

no crypto isakmp enable

!

bridge irb

!

interface Loopback0

description MGT

ip address 172.16.30.2 255.255.255.255

ip pim sparse-mode

ipv6 address --removed--

!

interface Loopback1

description 6to4

ip address 172.16.30.3 255.255.255.255

!

interface Loopback3

description 6TO4

no ip address

ipv6 address --removed--

!

interface Loopback64

description 6TO4

no ip address

ipv6 address --removed--

!

interface Tunnel2002

description Dynamic 6to4 Tunnel

no ip address

no ip redirects

ipv6 address 2002:AC10:1E03::1/128

tunnel source Loopback1

tunnel mode ipv6ip 6to4

!

interface FastEthernet0/0

description DO NOT SHUT

bandwidth 100000

no ip address

load-interval 30

speed auto

!

interface FastEthernet0/0.6

description MGT

encapsulation dot1Q 6 native

ip address 192.168.1.7 255.255.255.0

ip flow ingress

ip flow egress

!

interface FastEthernet0/0.31

encapsulation dot1Q 31

bridge-group 6

!

interface FastEthernet0/0.32

encapsulation dot1q 32

bridge-group 6

!

interface Serial1/0

bandwidth 1544

no ip address

encapsulation frame-relay IETF

load-interval 30

clock rate 2000000

frame-relay lmi-type ansi

frame-relay intf-type dce

!

interface Serial1/0.1 point-to-point

description To MPLS cloud

ip address 172.17.30.1 255.255.255.252

ip flow ingress

ip flow egress

ip pim sparse-mode

ipv6 address 172:17:30::1/126

frame-relay interface-dlci 300 IETF

!

interface BVI6

ip address 172.16.3.1 255.255.255.0

no ip redirects

ip flow ingress

ip flow egress

ip pim sparse-mode

ip igmp version 3

ipv6 address --removed--

!

router bgp 30

bgp router-id 172.16.30.2

no bgp default ipv4-unicast

bgp log-neighbor-changes

neighbor 172:17:30::2 remote-as 65535

neighbor 2002:AC10:A03::1 remote-as 10

neighbor 2002:AC10:A03::1 description 6to4 Tunnel, WAN1

neighbor 2002:AC10:A03::1 ebgp-multihop 3

neighbor 2002:AC10:A03::1 password --removed--

neighbor 172.17.30.2 remote-as 65535

!

address-family ipv4

redistribute connected route-map LOCALS

neighbor 172.17.30.2 activate

no auto-summary

no synchronization

exit-address-family

!

address-family ipv6

neighbor 172:17:30::2 activate

neighbor 172:17:30::2 prefix-list SITESUM out

neighbor 172:17:30::2 filter-list 1 in

neighbor 2002:AC10:A03::1 activate

neighbor 2002:AC10:A03::1 prefix-list 6TO4 out

aggregate-address --removed--::/58 summary-only

redistribute connected

no synchronization

exit-address-family

!

no ip forward-protocol nd

no ip forward-protocol udp bootps

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

no ip forward-protocol udp tacacs

ip route 172.16.0.0 255.255.0.0 Null0

!

ip as-path access-list 1 permit ^65535_

ip flow-export source FastEthernet0/0.6

ip flow-export version 9

ip flow-export template refresh-rate 15

ip flow-export destination 192.168.1.246 9996

ip flow-export destination 192.168.1.100 9996

!

no ip http server

no ip http secure-server

ip pim bidir-enable

no ip pim dm-fallback

ip pim autorp listener

!

ip access-list standard ADMIN

permit 192.168.1.0 0.0.0.255

deny any log

ip access-list standard LOCALS

remark Loop0

permit 172.16.30.2

remark Loop1

permit 172.16.30.3

remark Local NETS

permit 172.16.3.0 0.0.0.255

ip access-list standard LOGIN

permit 192.168.1.1

deny any log

!

ip access-list extended CRITICAL

remark _____________________________

permit tcp host 172.17.30.1 host 172.17.30.2 eq bgp

permit tcp host 172.17.30.2 host 172.17.30.1 eq bgp

remark Include MFR packets

deny ip any any

ip access-list extended DEFAULT

permit ip any any

ip access-list extended IMPORTANT

remark _____________________________

permit udp host 192.168.1.248 172.16.0.0 0.0.255.255 eq snmp

permit ip host 192.168.1.248 192.168.0.0 0.0.255.255

permit udp host 192.168.1.249 172.16.0.0 0.0.255.255 eq snmp

permit ip host 192.168.1.249 192.168.0.0 0.0.255.255

permit udp host 192.168.1.250 172.16.0.0 0.0.255.255 eq snmp

permit ip host 192.168.1.250 192.168.0.0 0.0.255.255

permit udp host 192.168.1.251 192.168.1.0 0.0.0.255 eq snmp

permit udp host 192.168.1.252 192.168.1.0 0.0.0.255 eq snmp

permit icmp host 192.168.1.251 192.168.1.0 0.0.0.255

permit icmp host 192.168.1.252 192.168.1.0 0.0.0.255

permit udp host 192.168.1.12 192.168.1.0 0.0.0.255 eq ntp

permit pim any any

deny ip any any

ip access-list extended NET-WK-MGT

permit tcp 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255 eq 8008

permit tcp 192.168.1.0 0.0.0.255 172.16.0.0 0.0.255.255 range 48000 48020

permit ip 192.168.1.0 0.0.0.255 172.16.1.0 0.0.0.255

permit ip 192.168.1.0 0.0.0.255 172.16.2.0 0.0.0.255

permit ip 192.168.1.0 0.0.0.255 172.16.3.0 0.0.0.255

permit ip 192.168.1.0 0.0.0.255 172.16.4.0 0.0.0.255

permit icmp host 192.168.1.252 any echo

permit icmp host 192.168.1.251 any echo

permit icmp 192.168.1.0 0.0.0.255 any echo

permit icmp 192.168.1.0 0.0.0.255 any echo-reply

permit udp host 192.168.1.252 any eq snmp log

permit udp host 192.168.1.252 any eq snmptrap log

permit udp host 192.168.1.251 any eq snmp log

permit udp host 192.168.1.251 any eq snmptrap log

permit udp host 192.168.1.248 any eq snmp log

permit udp host 192.168.1.248 any eq snmptrap log

permit udp 192.168.1.0 0.0.0.255 any eq ntp

permit udp any any eq domain

deny udp any any eq 5355 log

deny ip any any log

ip access-list extended NORMAL

remark _____________________________

permit icmp any any echo

permit icmp any any echo-reply

deny ip any any

ip access-list extended UNDESIRABLE

remark _____________________________

permit udp any any eq ntp

permit udp any any eq snmptrap

permit tcp any any eq 22

permit tcp any any eq telnet

permit eigrp any any

permit ospf any any

permit udp any any eq rip

deny ip any any

!

logging history debugging

logging facility syslog

logging source-interface FastEthernet0/0.6

logging 192.168.1.220

access-list 1 permit 172.16.1.0 0.0.0.255

access-list 1 permit 172.16.2.0 0.0.0.255

access-list 1 permit 172.16.3.0 0.0.0.255

access-list 1 permit 172.16.4.0 0.0.0.255

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 deny any log

snmp-server group RO v3 priv match exact read READVIEW access ADMIN

snmp-server view READVIEW internet included

snmp-server ifindex persist

snmp-server enable traps tty

ipv6 route 2002:AC10:A03::1/128 Tunnel2002

ipv6 route --removed--::/58 Null0

!

ipv6 prefix-list 6TO4 seq 20 permit 2002:AC10:1E03::1/128

ipv6 prefix-list 6TO4 seq 30 permit --removed--::/60

!

ipv6 prefix-list SITESUM seq 20 permit --removed--::/58

route-map LOCALS permit 10

match ip address LOCALS

!

control-plane

service-policy input CONTROL-PLANE-POLICY

!

bridge 6 protocol ieee

bridge 6 route ip

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

login

line aux 0

access-class 1 in

exec-timeout 0 1

no exec

speed 300

line vty 0 4

session-timeout 5 output

exec-timeout 0 0

password --removed--

logging synchronous

login

transport input telnet

transport output telnet

line vty 5 15

session-timeout 5 output

exec-timeout 0 0

password --removed--

logging synchronous

login

transport input telnet

transport output telnet

!

ntp logging

ntp authentication-key --removed-- md5 --removed-

ntp authenticate

ntp trusted-key --removed--

ntp clock-period 17207749

ntp source FastEthernet0/0.6

ntp server 192.168.1.12

end

!

interface FastEthernet0/0.32

encapsulation dot1Q 32

bridge-group 6

fsebera · ‎10-02-2012

Still looking for assistance.

Anyone . . . ?????

fsebera · ‎10-12-2012

Problem resolved; IOS BUG.

Now works just as expected!!!