Thông tin tài liệu
ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab7 Solutions: Multicast II
IP PIM Sparse Mode with Auto RP
Task 7.1:
Configuring Auto RP involves configuring candidate RPs to
announce their availability. They do it by Multicasting the
information to the 224.0.1.39 group. There can be more than one.
This configuration is performed using the ip pim send-rpannounce command. You have to specify the interface of which IP
address will be used as RP. You should always use a Loopback
interface. This interface should be reachable in IGP. You have to
have the ip pim sparse-mode or ip pim sparse-dense-mode
command configured on that Loopback interface.
Next, you configure Auto-RP mapping agents.
1. They listen for Auto-RP messages on 224.0.1.39.
2. They elect one RP for each group. They elect the one with
the highest IP address. The only way you can control the
priority is to configure appropriate IP addresses on Loopback
interfaces. The higher the IP the more preferred the RP is.
3. They Multicast the elected RP information to the 224.0.1.40
group. This is called the “discovery” message.
There can be more than one mapping agent. This configuration is
performed using the ip pim send-rp-discovery command.
In this task you are asked to configure the first part of Auto-RP, the
announcing RP. First, turn on debug ip pim auto-rp on PE2 and
one of the neighboring routers, let’s say PE1. Next, configure the
following on PE2:
PE1-RACK1#debug ip pim auto-rp
PIM Auto-RP debugging is on
PE2-RACK1#debug ip pim auto-rp
PIM Auto-RP debugging is on
1
This product is individually licensed.
Copyright® 2005 ieMentor http://www.iementor.com.
�ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab7 Solutions: Multicast II
PE2-RACK1(config)#ip access-list standard PE2-Groups
PE2-RACK1(config-std-nacl)#permit 225.8.8.8
PE2-RACK1(config-std-nacl)#permit 229.0.0.1
PE2-RACK1(config-std-nacl)#permit 229.0.0.2
PE2-RACK1(config)#interface Loopback0
PE2-RACK1(config-if)#ip pim sparse-dense-mode
PE2-RACK1(config)#ip pim send-rp-announce Loopback 0 scope 16 group-list
PE2-Groups
The following debug output is seen on PE2:
02:01:24:
02:01:24:
02:01:24:
02:01:24:
02:01:24:
02:01:24:
02:01:24:
02:01:24:
Auto-RP(0):
Auto-RP(0):
Auto-RP(0):
Auto-RP(0):
Auto-RP(0):
Auto-RP(0):
Auto-RP(0):
Auto-RP(0):
Build RP-Announce for 10.1.1.2, PIMv2/v1, ttl 16, ht 181
Build announce entry for (229.0.0.1/32)
Build announce entry for (229.0.0.2/32)
Build announce entry for (225.8.8.8/32)
Send RP-Announce packet on Ethernet0/0.82
Send RP-Announce packet on Ethernet0/0.21
Send RP-Announce packet on Ethernet0/0.123
Send RP-Announce packet on Loopback0(*)
So far PE1 has no debug output. The reason is because it doesn’t
care about the received Auto-RP information. It’s not an Auto-RP
Mapping Agent. In fact, we don’t have any routers configured as
Auto-RP mapping agents yet. Auto-RP is not yet fully configured.
PE2-RACK1#sh ip pim rp
Group: 235.235.235.235, RP: 10.1.1.1, v2, uptime 00:46:27, expires never
Group: 235.5.5.5, RP: 10.1.1.1, v2, uptime 00:46:28, expires never
Group: 239.255.255.255, RP: 10.1.1.1, v2, uptime 00:46:28, expires never
Group: 224.2.127.254, RP: 10.1.1.1, v2, uptime 00:46:27, expires never
Group: 224.8.8.8, RP: 10.1.1.2, next RP-reachable in 00:00:49
Group: 225.8.8.8, RP: 10.1.1.1, v2, uptime 00:46:28, expires never
Group: 229.0.0.1, RP: 10.1.1.1, v2, uptime 00:46:28, expires never
Group: 229.0.0.2, RP: 10.1.1.1, v2, uptime 00:46:28, expires never
Groups 225.8.8.8, 229.0.0.1, and 229.0.0.2 still have 10.1.1.1 as
their static RP. Auto-RP is not working yet.
Task 7.2:
Similarly to the previous lab, configure the following on PE3:
PE3-RACK1(config)#ip access-list standard PE3-Groups
PE3-RACK1(config-std-nacl)#permit 225.2.2.2
PE3-RACK1(config)#int Loopback0
PE3-RACK1(config-if)#ip pim sparse-dense-mode
PE3-RACK1(config)#ip pim send-rp-announce Loopback 0 scope 16 group-list
PE3-Groups
2
This product is individually licensed.
Copyright® 2005 ieMentor http://www.iementor.com.
�ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab7 Solutions: Multicast II
Task 7.3:.
Similarly to the previous task, configure Auto-RP announcements
not just on one router, but on three routers. Later, the mapping
agent will elect one of them to be the RP for this group range. It
will use the highest IP address. It will elect 10.1.1.3, PE3, to be the
RP.
When configuring this, don’t create a new access-list and new ip
pim send-rp-announce statements. You have to add 235.0.0.0/8
group range to the existing access-list if there is one.
PE2-RACK1(config)#ip access-list standard PE2-Groups
PE2-RACK1(config-std-nacl)#permit 235.0.0.0 0.255.255.255
PE1-RACK1(config)#ip access-list standard PE1-Groups
PE1-RACK1(config-std-nacl)#permit 235.0.0.0 0.255.255.255
PE1-RACK1(config)#int Loopback0
PE1-RACK1(config-if)#ip pim sparse-dense-mode
PE1-RACK1(config)#ip pim send-rp-announce Loopback 0 scope 16 group-list
PE1-Groups
PE3-RACK1(config)#ip access-list standard PE3-Groups
PE3-RACK1(config-std-nacl)#permit 235.0.0.0 0.255.255.255
You should now see PE1, PE2 and PE3 announcing themselves as
RPs to the 224.0.1.39 Multicast group. But since there are no
mapping agents configured, Auto-RP is not fully configured yet.
Task 7.4:
Now you are asked to configure PE1 as an RP Mapping Agent.
PE1-RACK1(config)#ip pim send-rp-discovery scope 15
Now watch the debug ip pim auto-rp on PE2. It should now be
receiving Auto-RP discovery messages from PE1.
3
This product is individually licensed.
Copyright® 2005 ieMentor http://www.iementor.com.
�ieMentor CCIE™ Service Provider Workbook v1.0
PE2-RACK#
02:23:06:
ht 180
02:23:06:
02:23:06:
ht 180
02:23:06:
|
Lab7 Solutions: Multicast II
Auto-RP(0): Received RP-discovery, from 172.16.12.1, RP_cnt 1,
Auto-RP(0): Added with (235.0.0.0/8, RP:10.1.1.2), PIMv2 v1
Auto-RP(0): Received RP-discovery, from 172.16.13.1, RP_cnt 1,
Auto-RP(0): Update (235.0.0.0/8, RP:10.1.1.2), PIMv2 v1
PE1 has two IP PIM interfaces; it sent out Auto-RP discovery
messages on both interfaces.
Now you can see the results of Auto-RP configuration. Look at PE3:
PE3-RACK1#sh ip pim rp mapping
PIM Group-to-RP Mappings
This system is an RP (Auto-RP)
Group(s) 225.2.2.2/32
RP 10.1.1.3 (?), v2v1
Info source: 172.16.12.1 (?), elected via
Uptime: 00:00:59, expires: 00:02:52
Group(s) 225.8.8.8/32
RP 10.1.1.2 (?), v2v1
Info source: 172.16.12.1 (?), elected via
Uptime: 00:02:52, expires: 00:02:50
Group(s) 229.0.0.1/32
RP 10.1.1.2 (?), v2v1
Info source: 172.16.12.1 (?), elected via
Uptime: 00:02:52, expires: 00:02:51
Group(s) 229.0.0.2/32
RP 10.1.1.2 (?), v2v1
Info source: 172.16.12.1 (?), elected via
Uptime: 00:02:52, expires: 00:02:52
Group(s) 235.0.0.0/8
RP 10.1.1.3 (?), v2v1
Info source: 172.16.12.1 (?), elected via
Uptime: 00:18:36, expires: 00:02:28
Acl: RP-10.1.1.2-Groups, Static
RP: 10.1.1.2 (?)
Acl: RP-Sink-Groups, Static
RP: 10.1.1.1 (?)
Acl: RP-10.1.1.3-Groups, Static-Override
RP: 10.1.1.3 (?)
Auto-RP
Auto-RP
Auto-RP
Auto-RP
Auto-RP
The above five mappings are from Auto-RP, the last three are
static. Notice that PE3 thinks that there’s only one RP for
235.0.0.0/8. This was a result of mapping agent election on PE1.
Let’s look on PE1:
4
This product is individually licensed.
Copyright® 2005 ieMentor http://www.iementor.com.
�ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab7 Solutions: Multicast II
PE1-RACK1#sh ip pim rp mapping 235.0.0.0
PIM Group-to-RP Mappings
This system is an RP (Auto-RP)
This system is an RP-mapping agent
Group(s) 235.0.0.0/8
RP 10.1.1.3 (?), v2v1
Info source: 10.1.1.3 (?), elected via Auto-RP
Uptime: 00:03:31, expires: 00:02:28
RP 10.1.1.2 (?), v2v1
Info source: 10.1.1.2 (?), via Auto-RP
Uptime: 00:03:01, expires: 00:02:21
RP 10.1.1.1 (?), v2v1
Info source: 10.1.1.1 (?), via Auto-RP
Uptime: 00:03:17, expires: 00:02:38
PE1 knows of three RP candidates for this 235.0.0.0/8 Multicast
group range. PE1 mapping agent elected the one with the highest
IP address (10.1.1.3) and advertised it in a discovery 224.0.1.40
message. Let’s look on PE2:
PE2-RACK1#sh ip pim rp mapping 235.0.0.0
PIM Group-to-RP Mappings
This system is an RP (Auto-RP)
Group(s) 235.0.0.0/8
RP 10.1.1.3 (?), v2v1
Info source: 172.16.13.1 (?), elected via Auto-RP
Uptime: 00:04:47, expires: 00:02:36
PE2 also thinks PE3 is the RP for this Multicast group range. The
behavior is as expected.
PE3-RACK1#sh ip pim rp
Group: 235.235.235.235, RP: 10.1.1.3, v2, v1, next RP-reachable in
00:00:38
Group: 224.2.2.2, RP: 10.1.1.3, next RP-reachable in 00:00:53
Group: 225.2.2.2, RP: 10.1.1.3, v2, v1, next RP-reachable in 00:00:38
Group: 225.1.1.1, RP: 10.1.1.1, v2, uptime 00:02:01, expires never
Group: 224.1.1.1, RP: 10.1.1.1, v2, uptime 00:02:01, expires never
5
This product is individually licensed.
Copyright® 2005 ieMentor http://www.iementor.com.
�ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab7 Solutions: Multicast II
PE1-RACK1#sh ip pim rp
Group: 235.235.235.235, RP: 10.1.1.3, v2, v1, uptime 00:01:13, expires
00:02:45
Group: 239.255.255.255, RP: 10.1.1.1, next RP-reachable in 00:01:09
Group: 224.2.127.254, RP: 10.1.1.1, next RP-reachable in 00:01:09
Group: 225.8.8.8, RP: 10.1.1.2, v2, v1, uptime 00:00:56, expires 00:02:03
Group: 229.0.0.1, RP: 10.1.1.2, v2, v1, uptime 00:00:56, expires 00:02:01
Group: 229.0.0.2, RP: 10.1.1.2, v2, v1, uptime 00:00:56, expires 00:02:01
Group: 225.1.1.1, RP: 10.1.1.1, next RP-reachable in 00:01:09
Group: 224.1.1.1, RP: 10.1.1.1, next RP-reachable in 00:01:09
PE2-RACK1#sh ip pim rp
Group: 235.235.235.235, RP: 10.1.1.3, v2, v1, uptime 00:01:49, expires
00:02:25
Group: 239.255.255.255, RP: 10.1.1.1, v2, uptime 00:02:49, expires never
Group: 224.2.127.254, RP: 10.1.1.1, v2, uptime 00:02:49, expires never
Group: 224.8.8.8, RP: 10.1.1.2, next RP-reachable in 00:00:50
Group: 225.8.8.8, RP: 10.1.1.2, v2, v1, next RP-reachable in 00:00:12
Group: 229.0.0.1, RP: 10.1.1.2, v2, v1, next RP-reachable in 00:00:12
Group: 229.0.0.2, RP: 10.1.1.2, v2, v1, next RP-reachable in 00:00:12
Group: 225.1.1.1, RP: 10.1.1.1, v2, uptime 00:02:49, expires never
Group: 224.1.1.1, RP: 10.1.1.1, v2, uptime 00:02:49, expires never
In the above three show ip pim rp outputs:
1. The entries that say “v2, v1” are from Auto-RP and the
router is not the RP.
2. The entries that say “v2” are static and the router is not the
RP.
3. The entries that say “next RP-reachable,” the router is the
RP, but you can’t tell if it’s static or Auto-RP, unless you do
show ip pim rp mapping.
Task 7.5:
You are being asked to configure a Multicast stub network. First,
let’s block CE8 PIM neighbor messages coming to PE2.
PE2-RACK1(config)#ip access-list standard Block-CE8-PIM
PE2-RACK1(config-std-nacl)#deny 10.82.1.1
PE2-RACK1(config-std-nacl)#permit any PE3->CE1.
PE2-RACK1#ping 225.1.1.1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 225.1.1.1, timeout is 2 seconds:
Reply
Reply
Reply
Reply
to
to
to
to
request
request
request
request
0
0
0
0
from
from
from
from
10.13.1.1,
10.13.1.1,
10.13.1.1,
10.13.1.1,
12
20
20
20
ms
ms
ms
ms
Let’s look at the Multicast routing table on PE2 for this 225.1.1.1
group. We should expect to see both PE2->PE1 and PE2->PE3 as
outgoing interfaces, depending on the source:
PE2-RACK1#sh ip mroute 225.1.1.1
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP
Advertisement,
U - URD, I - Received Source Specific Host Report, Z - Multicast
Tunnel,
Y - Joined MDT-data group, y - Sending to MDT-data group
V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 225.1.1.1), 00:04:54/stopped, RP 10.1.1.1, flags: SPF
Incoming interface: Ethernet0/0.21, RPF nbr 172.16.12.1
Outgoing interface list: Null
(10.1.1.2, 225.1.1.1), 00:04:54/00:02:50, flags: FT
Incoming interface: Loopback0, RPF nbr 0.0.0.0
Outgoing interface list:
Ethernet0/0.123, Forward/Sparse-Dense, 00:03:53/00:02:38
(10.82.1.2, 225.1.1.1), 00:04:54/00:03:02, flags: FT
Incoming interface: Ethernet0/0.82, RPF nbr 0.0.0.0, Registering
Outgoing interface list:
Ethernet0/0.123, Forward/Sparse-Dense, 00:03:53/00:02:38
9
This product is individually licensed.
Copyright® 2005 ieMentor http://www.iementor.com.
�ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab7 Solutions: Multicast II
Ethernet0/0.21, Forward/Sparse-Dense, 00:04:54/00:02:56
(172.16.12.2, 225.1.1.1), 00:04:54/00:03:08, flags: FT
Incoming interface: Ethernet0/0.21, RPF nbr 0.0.0.0
Outgoing interface list:
Ethernet0/0.123, Forward/Sparse-Dense, 00:03:53/00:02:38
Let’s look at the Multicast routing table on PE3 for this 225.1.1.1
group. We should expect to see both PE2->PE3 and PE1->PE3 as
incoming interfaces, depending on the source:
PE3-RACK1#sh ip mroute 225.1.1.1
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP
Advertisement,
U - URD, I - Received Source Specific Host Report, Z - Multicast
Tunnel,
Y - Joined MDT-data group, y - Sending to MDT-data group
V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 225.1.1.1), 02:29:11/stopped, RP 10.1.1.1, flags: SJCF
Incoming interface: Ethernet0/0.31, RPF nbr 172.16.13.1
Outgoing interface list:
Ethernet0/0.13, Forward/Sparse-Dense, 02:29:11/00:02:23
(10.1.1.2, 225.1.1.1), 00:05:51/00:02:26, flags: JT
Incoming interface: Ethernet0/0.123, RPF nbr 172.16.123.2
Outgoing interface list:
Ethernet0/0.13, Forward/Sparse-Dense, 00:05:51/00:02:23
(10.82.1.2, 225.1.1.1), 00:00:45/00:02:22, flags: J
Incoming interface: Ethernet0/0.123, RPF nbr 172.16.123.2
Outgoing interface list:
Ethernet0/0.13, Forward/Sparse-Dense, 00:00:45/00:02:23
(172.16.12.2, 225.1.1.1), 00:05:51/00:01:01, flags: JT
Incoming interface: Ethernet0/0.123, RPF nbr 172.16.123.2
Outgoing interface list:
Ethernet0/0.13, Forward/Sparse-Dense, 00:05:51/00:02:23
(172.16.123.2, 225.1.1.1), 00:06:54/00:02:24, flags: FT
Incoming interface: Ethernet0/0.123, RPF nbr 0.0.0.0
Outgoing interface list:
Ethernet0/0.13, Forward/Sparse-Dense, 00:06:54/00:02:21
10
This product is individually licensed.
Copyright® 2005 ieMentor http://www.iementor.com.
�ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab7 Solutions: Multicast II
Notice the flag on the entries has the letter J – Join SPT, and that
all incoming interfaces are Ethernet0/0.123, which is PE2-PE3
interface, not PE1-PE3. Therefore, PE1, the RP, is completely
bypassed.
Let’s avoid this SPT switchover by configuring spt-threshold.
CE8-RACK1(config)#ip
CE2-RACK1(config)#ip
PE2-RACK1(config)#ip
PE1-RACK1(config)#ip
PE3-RACK1(config)#ip
pim
pim
pim
pim
pim
spt-threshold
spt-threshold
spt-threshold
spt-threshold
spt-threshold
infinity
infinity
infinity
infinity
infinity
Let’s ping 225.1.1.1 from PE2 one more time.
PE2-RACK1#ping 225.1.1.1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 225.1.1.1, timeout is 2 seconds:
Reply
Reply
Reply
Reply
to
to
to
to
request
request
request
request
0
0
0
0
from
from
from
from
10.13.1.1,
10.13.1.1,
10.13.1.1,
10.13.1.1,
28
48
48
28
ms
ms
ms
ms
Let’s look at the Multicast routing table on PE2 for this 225.1.1.1
group. We should only see traffic flowing up to PE1.
PE2-RACK1#sh ip mroute 225.1.1.1
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP
Advertisement,
U - URD, I - Received Source Specific Host Report, Z - Multicast
Tunnel,
Y - Joined MDT-data group, y - Sending to MDT-data group
V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 225.1.1.1), 00:12:13/stopped, RP 10.1.1.1, flags: SPF
Incoming interface: Ethernet0/0.21, RPF nbr 172.16.12.1
Outgoing interface list: Null
(10.1.1.2, 225.1.1.1), 00:00:56/00:02:51, flags: FT
Incoming interface: Loopback0, RPF nbr 0.0.0.0, Registering
Outgoing interface list:
11
This product is individually licensed.
Copyright® 2005 ieMentor http://www.iementor.com.
�ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab7 Solutions: Multicast II
Ethernet0/0.21, Forward/Sparse-Dense, 00:00:56/00:02:47
(10.82.1.2, 225.1.1.1), 00:00:56/00:02:51, flags: FT
Incoming interface: Ethernet0/0.82, RPF nbr 0.0.0.0, Registering
Outgoing interface list:
Ethernet0/0.21, Forward/Sparse-Dense, 00:00:56/00:02:47
(172.16.12.2, 225.1.1.1), 00:00:56/00:02:21, flags: PFT
Incoming interface: Ethernet0/0.21, RPF nbr 0.0.0.0
Outgoing interface list: Null
Ethernet0/0.21 is the interface leading up to PE1, the RP for the
225.1.1.1 Multicast group. SPT switchover did not occur.
Task 7.8:
Right now you can ping 229.0.0.1 and 229.0.0.2 groups on CE8
from CE2. PE2 is the RP for this group. The shared tree is created
from CE8 up to the RP PE2. If CE2 tries to be the source, its next
hop router PE3 will have to send PIM Unicast Register message to
PE2 to create SPT tree from PE3 to PE2.
To complete this task, on PE2 you have to block the PIM Register
messages coming from PE3. Enable debug ip pim on PE2 and PE3.
You will see how PE3 will try to send PIM Register message to PE2
when you ping 229.0.0.1 from CE8, but PE2 will reject it, and the
ping will fail. It will work when you ping 229.0.0.2, though.
PE2-RACK1(config)#ip access-list extended SSM
PE2-RACK1(config-ext-nacl)#deny ip host 10.23.1.1 229.0.0.1
0.255.255.254
PE2-RACK1(config-ext-nacl)#permit ip host 10.23.1.1 229.0.0.0
0.255.255.254
PE2-RACK1(config-ext-nacl)#permit ip any any
PE2-RACK1(config)#ip pim accept-register list SSM
12
This product is individually licensed.
Copyright® 2005 ieMentor http://www.iementor.com.
�ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab7 Solutions: Multicast II
This is also called source specific Multicast, SSM. The access-list
will reject PIM Register messages coming from PE3 on behalf of
source 10.23.1.1 (CE2) for Multicast traffic going to the 229.0.0.x
odd groups. The access-list will also permit PIM Register messages
coming from PE3 on behalf of source 10.23.1.1 and other sources
for Multicast traffic going to the 229.0.0.x even groups.
Let’s try to ping 229.0.0.2 and watch the debugs. The ping will
work. PIM Register will be permitted on PE2.
CE2-RACK1#ping 229.0.0.2
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 229.0.0.2, timeout is 2 seconds:
Reply to request 0 from 10.82.1.1, 52 ms
PE3 debug: PE3 is sending PIM Register message to PE2.
PE3-RACK1#
04:23:11: PIM(0): Check RP 10.1.1.2 into the (*, 229.0.0.2) entry
04:23:11: PIM(0): Send v2 Register to 10.1.1.2 for 10.23.1.1, group
229.0.0.2
04:23:11: PIM(0): Received v2 Join/Prune on Ethernet0/0.123 from
172.16.123.2, to us
04:23:11: PIM(0): Join-list: (10.23.1.1/32, 229.0.0.2), S-bit set
04:23:11: PIM(0): Add Ethernet0/0.123/172.16.123.2 to (10.23.1.1,
229.0.0.2), Forward state, by PIM SG Join
PE2 debug: PE2 receives PIM Register message from PE3, accepts
it, and builds SPT tree to PE3.
PE2-RACK1#
04:23:14: PIM(0): Received v2 Register on Ethernet0/0.123 from
172.16.123.3
04:23:14:
for 10.23.1.1, group 229.0.0.2
04:23:14: PIM(0): Insert (10.23.1.1,229.0.0.2) join in nbr 172.16.123.3's
queue
04:23:14: PIM(0): Forward decapsulated data packet for 229.0.0.2 on
Ethernet0/0.82
04:23:14: PIM(0): Building Join/Prune packet for nbr 172.16.123.3
04:23:14: PIM(0): Adding v2 (10.23.1.1/32, 229.0.0.2), S-bit Join
04:23:14: PIM(0): Send v2 join/prune to 172.16.123.3 (Ethernet0/0.123)
Now let’s try to ping 229.0.0.1 and watch the debugs. The ping will
fail. PIM Register will be on PE2 and Register-Stop message will be
sent back to PE3.
13
This product is individually licensed.
Copyright® 2005 ieMentor http://www.iementor.com.
�ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab7 Solutions: Multicast II
CE2-RACK1#ping 229.0.0.1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 229.0.0.1, timeout is 2 seconds:
.
PE3 debug, PE3 is sending PIM Register message to PE2.
PE3-RACK1#
04:25:42: PIM(0):
04:25:42: PIM(0):
229.0.0.1
04:25:42: PIM(0):
10.1.1.2
04:25:42: PIM(0):
04:25:42: PIM(0):
229.0.0.1)
Check RP 10.1.1.2 into the (*, 229.0.0.1) entry
Send v2 Register to 10.1.1.2 for 10.23.1.1, group
Received v2 Register-Stop on Ethernet0/0.123 from
for source 10.23.1.1, group 229.0.0.1
Clear register flag to 10.1.1.2 for (10.23.1.1/32,
PE2 debug. PE2 receives PIM Register message, rejects it, and
sends Register-Stop message back.
PE2-RACK1#
04:25:45: PIM(0): Received v2 Register on Ethernet0/0.123 from
172.16.123.3
04:25:45:
for 10.23.1.1, group 229.0.0.1
04:25:45: %PIM-4-INVALID_SRC_REG: Received Register from 172.16.123.3 for
(10.23.1.1, 229.0.0.1), not willing to be RP
04:25:45: PIM(0): Register for 10.23.1.1, group 229.0.0.1 rejected
04:25:45: PIM(0): Send v2 Register-Stop to 172.16.123.3 for 10.23.1.1,
group 229.0.0.1
Task 7.9:
If you do show ip pim rp 235.235.235.235, the output will say
“v2, v1”. This means that this group is running in PIM v1 and v2.
PE2-RACK1#show ip pim rp 235.235.235.235
Group: 235.235.235.235, RP: 10.1.1.3, v2, v1, uptime 00:55:55, expires
00:02:15
To force this group into version 2 only mode, you have to override
Auto-RP configuration with BSR configuration. BSR is the newer
way to automatically elect RPs. BSR has been introduced with PIM
v2 and, therefore, it can only be used with PIM v2.
14
This product is individually licensed.
Copyright® 2005 ieMentor http://www.iementor.com.
�ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab7 Solutions: Multicast II
First of all, you should remove 235.0.0.0/8 from Auto-RP. You
currently have 235.0.0.0/8 being announced from PE1, PE2, and
PE3. Excluding 235.235.235.235 won’t work. It will be denied by
the Auto-RP, and BSR will never pick it up.
PE2-RACK1(config)#no ip access-list standard PE2-Groups
PE2-RACK1(config)#ip access-list standard PE2-Groups
PE2-RACK1(config-std-nacl)#permit 229.0.0.1
PE2-RACK1(config-std-nacl)#permit 229.0.0.2
PE2-RACK1(config-std-nacl)#permit 225.8.8.8
PE1-RACK1(config)#no ip access-list standard PE1-Groups
PE1-RACK1(config)#ip access-list standard PE1-Groups
PE1-RACK1(config-std-nacl)#deny any
PE3-RACK1(config)#no ip access-list standard PE3-Groups
PE3-RACK1(config)#ip access-list standard PE3-Groups
PE3-RACK1(config-std-nacl)#permit 225.2.2.2
By the way, you should always clear ip pim rp whenever you
make this kind of change. When you remove the access-list, the
default 224.0.0.0/4 is automatically advertised until you create the
new access-list. So, do clear ip pim rp on PE1, PE2, and PE3 after
making this change. Otherwise, you’ll see 224.0.0.0/4 auto-rp
mapping.
PE1-RACK1#clear ip pim rp
PE2-RACK1#clear ip pim rp
PE3-RACK1#clear ip pim rp
Now, let’s configure BSR. Auto-RP had all three PEs participate in
the RP election. We should configure BSR the same way.
Configure this on PE1, PE2 and PE3.
PE1-RACK1(config)#ip access-list standard BSR
PE1-RACK1(config-std-nacl)#permit 235.235.235.235
PE1-RACK1(config)#ip pim rp-candidate Loopback 0 group-list BSR
PE2-RACK1(config)#ip access-list standard BSR
PE2-RACK1(config-std-nacl)#permit 235.235.235.235
PE2-RACK1(config)#ip pim rp-candidate Loopback 0 group-list BSR
PE3-RACK1(config)#ip access-list standard BSR
PE3-RACK1(config-std-nacl)#permit 235.235.235.235
PE3-RACK1(config)#ip pim rp-candidate Loopback 0 group-list BSR
15
This product is individually licensed.
Copyright® 2005 ieMentor http://www.iementor.com.
�ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab7 Solutions: Multicast II
Now configure PE1 as the BSR candidate. It’s similar to the Auto-RP
mapping agent.
PE1-RACK1(config)#ip pim bsr-candidate Loopback0 10 10
Let’s verify which RP the BSR has elected on PE2:
PE2-RACK1#sh ip pim rp 235.235.235.235
Group: 235.235.235.235, RP: 10.1.1.2, v2, next RP-reachable in 00:01:10
Notice the “v2.” This group is using RP 10.1.1.2 thanks to the
PIMv2 BSR election. BSR uses a different algorithm to elect the RP
when there’s more than one candidate. Check CCO documentation
for more detail.
IP PIM Advanced and DVMRP
Task 7.10:
PE1-RACK1(config)#int fastethernet0/0
PE1-RACK1(config-if)#ip multicast rate-limit out 200
PE1-RACK1(config)#int fastethernet0/1
PE1-RACK1(config-if)#ip multicast rate-limit out 200
Task 7.11:
You have to use admin scoping.
PE3-RACK1(config)#access-list 80 deny 236.0.0.0 0.0.127.255
PE3-RACK1(config)#access-list 80 permit any
PE3-RACK1(config)#int ethernet0/0.13
PE3-RACK1(config-if)#ip multicast boundary 80
16
This product is individually licensed.
Copyright® 2005 ieMentor http://www.iementor.com.
�ieMentor CCIE™ Service Provider Workbook v1.0
|
Lab7 Solutions: Multicast II
Task 7.12:
It’s a trick question. You have to configure TTL of 9, not 10. This
command stops the router from forwarding Multicast packets
unless the TTL is above a specific value.
PE3-RACK1(config)#int ethernet0/0.13
PE3-RACK1(config-if)#ip multicast ttl-threshold 9
Task 7.13:
PE1-RACK1(config)#access-list 10 permit 172.16.12.0 0.0.0.255
PE1-RACK1(config)#int tunnel 500
PE1-RACK1(config-if)#ip unnumbered FastEthernet0/1
PE1-RACK1(config-if)#tunnel source Loopback0
PE1-RACK1(config-if)#tunnel destination 199.199.199.199
PE1-RACK1(config-if)#tunnel mode dvmrp
PE1-RACK1(config-if)#ip pim sparse-dense-mode
PE1-RACK1(config-if)#ip dvmrp metric 2 list 10
17
This product is individually licensed.
Copyright® 2005 ieMentor http://www.iementor.com.
�[...]... PE2-RACK1(config-std-nacl)#permit 229.0.0.1 PE2-RACK1(config-std-nacl)#permit 229.0.0.2 PE2-RACK1(config-std-nacl)#permit 225.8.8.8 PE1-RACK1(config)#no ip access-list standard PE1-Groups PE1-RACK1(config)#ip access-list standard PE1-Groups PE1-RACK1(config-std-nacl)#deny any PE3-RACK1(config)#no ip access-list standard PE3-Groups PE3-RACK1(config)#ip access-list standard PE3-Groups PE3-RACK1(config-std-nacl)#permit 225.2.2.2... and PE3 PE1-RACK1(config)#ip access-list standard BSR PE1-RACK1(config-std-nacl)#permit 235.235.235.235 PE1-RACK1(config)#ip pim rp-candidate Loopback 0 group-list BSR PE2-RACK1(config)#ip access-list standard BSR PE2-RACK1(config-std-nacl)#permit 235.235.235.235 PE2-RACK1(config)#ip pim rp-candidate Loopback 0 group-list BSR PE3-RACK1(config)#ip access-list standard BSR PE3-RACK1(config-std-nacl)#permit... look at the Multicast routing table on PE2 for this 225.1.1.1 group We should only see traffic flowing up to PE1 PE2-RACK1#sh ip mroute 225.1.1.1 IP Multicast Routing Table Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, M - MSDP created entry, X - Proxy Join Timer Running, A - Candidate... PE1-RACK1(config)#int fastethernet0/0 PE1-RACK1(config-if)#ip multicast rate-limit out 200 PE1-RACK1(config)#int fastethernet0/1 PE1-RACK1(config-if)#ip multicast rate-limit out 200 Task 7.11: You have to use admin scoping PE3-RACK1(config)#access-list 80 deny 236.0.0.0 0.0.127.255 PE3-RACK1(config)#access-list 80 permit any PE3-RACK1(config)#int ethernet0/0.13 PE3-RACK1(config-if)#ip multicast boundary 80 16 This product... v1.0 | Lab7 Solutions: Multicast II First of all, you should remove 235.0.0.0/8 from Auto-RP You currently have 235.0.0.0/8 being announced from PE1, PE2, and PE3 Excluding 235.235.235.235 won’t work It will be denied by the Auto-RP, and BSR will never pick it up PE2-RACK1(config)#no ip access-list standard PE2-Groups PE2-RACK1(config)#ip access-list standard PE2-Groups PE2-RACK1(config-std-nacl)#permit... PE1-RACK1(config)#access-list 10 permit 172.16.12.0 0.0.0.255 PE1-RACK1(config)#int tunnel 500 PE1-RACK1(config-if)#ip unnumbered FastEthernet0/1 PE1-RACK1(config-if)#tunnel source Loopback0 PE1-RACK1(config-if)#tunnel destination 199.199.199.199 PE1-RACK1(config-if)#tunnel mode dvmrp PE1-RACK1(config-if)#ip pim sparse-dense-mode PE1-RACK1(config-if)#ip dvmrp metric 2 list 10 17 This product is individually licensed Copyright®... the ping will fail It will work when you ping 229.0.0.2, though PE2-RACK1(config)#ip access-list extended SSM PE2-RACK1(config-ext-nacl)#deny ip host 10.23.1.1 229.0.0.1 0.255.255.254 PE2-RACK1(config-ext-nacl)#permit ip host 10.23.1.1 229.0.0.0 0.255.255.254 PE2-RACK1(config-ext-nacl)#permit ip any any PE2-RACK1(config)#ip pim accept-register list SSM 12 This product is individually licensed Copyright®... Workbook v1.0 | Lab7 Solutions: Multicast II Task 7.12: It’s a trick question You have to configure TTL of 9, not 10 This command stops the router from forwarding Multicast packets unless the TTL is above a specific value PE3-RACK1(config)#int ethernet0/0.13 PE3-RACK1(config-if)#ip multicast ttl-threshold 9 Task 7.13: PE1-RACK1(config)#access-list 10 permit 172.16.12.0 0.0.0.255 PE1-RACK1(config)#int... Proxy Join Timer Running, A - Candidate for MSDP Advertisement, U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel, Y - Joined MDT-data group, y - Sending to MDT-data group V - RD & Vector, v - Vector Outgoing interface flags: H - Hardware switched, A - Assert winner Timers: Uptime/Expires Interface state: Interface, Next-Hop or VCD, State/Mode (*, 225.1.1.1), 00:12:13/stopped, RP 10.1.1.1,... Workbook v1.0 | Lab7 Solutions: Multicast II Notice the flag on the entries has the letter J – Join SPT, and that all incoming interfaces are Ethernet0/0.123, which is PE2-PE3 interface, not PE1-PE3 Therefore, PE1, the RP, is completely bypassed Let’s avoid this SPT switchover by configuring spt-threshold CE8-RACK1(config)#ip CE2-RACK1(config)#ip PE2-RACK1(config)#ip PE1-RACK1(config)#ip PE3-RACK1(config)#ip ...ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II PE2-RACK1(config)#ip access-list standard PE2-Groups PE2-RACK1(config-std-nacl)#permit 225.8.8.8... http://www.iementor.com �ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II Task 7.3: Similarly to the previous task, configure Auto-RP announcements not just on one router,... v1.0 PE2-RACK# 02:23:06: ht 180 02:23:06: 02:23:06: ht 180 02:23:06: | Lab7 Solutions: Multicast II Auto-RP(0): Received RP-discovery, from 172.16.12.1, RP_cnt 1, Auto-RP(0): Added with (235.0.0.0/8,
Ngày đăng: 23/10/2015, 18:08
Xem thêm: CCNA Lab - Solution Rev1.0 Multicast II
