ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II IP PIM Sparse Mode with Auto RP Task 7.1: Configuring Auto RP involves configuring candidate RPs to announce their availability. They do it by Multicasting the information to the 224.0.1.39 group. There can be more than one. This configuration is performed using the ip pim send-rpannounce command. You have to specify the interface of which IP address will be used as RP. You should always use a Loopback interface. This interface should be reachable in IGP. You have to have the ip pim sparse-mode or ip pim sparse-dense-mode command configured on that Loopback interface. Next, you configure Auto-RP mapping agents. 1. They listen for Auto-RP messages on 224.0.1.39. 2. They elect one RP for each group. They elect the one with the highest IP address. The only way you can control the priority is to configure appropriate IP addresses on Loopback interfaces. The higher the IP the more preferred the RP is. 3. They Multicast the elected RP information to the 224.0.1.40 group. This is called the “discovery” message. There can be more than one mapping agent. This configuration is performed using the ip pim send-rp-discovery command. In this task you are asked to configure the first part of Auto-RP, the announcing RP. First, turn on debug ip pim auto-rp on PE2 and one of the neighboring routers, let’s say PE1. Next, configure the following on PE2: PE1-RACK1#debug ip pim auto-rp PIM Auto-RP debugging is on PE2-RACK1#debug ip pim auto-rp PIM Auto-RP debugging is on 1 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II PE2-RACK1(config)#ip access-list standard PE2-Groups PE2-RACK1(config-std-nacl)#permit 225.8.8.8 PE2-RACK1(config-std-nacl)#permit 229.0.0.1 PE2-RACK1(config-std-nacl)#permit 229.0.0.2 PE2-RACK1(config)#interface Loopback0 PE2-RACK1(config-if)#ip pim sparse-dense-mode PE2-RACK1(config)#ip pim send-rp-announce Loopback 0 scope 16 group-list PE2-Groups The following debug output is seen on PE2: 02:01:24: 02:01:24: 02:01:24: 02:01:24: 02:01:24: 02:01:24: 02:01:24: 02:01:24: Auto-RP(0): Auto-RP(0): Auto-RP(0): Auto-RP(0): Auto-RP(0): Auto-RP(0): Auto-RP(0): Auto-RP(0): Build RP-Announce for 10.1.1.2, PIMv2/v1, ttl 16, ht 181 Build announce entry for (229.0.0.1/32) Build announce entry for (229.0.0.2/32) Build announce entry for (225.8.8.8/32) Send RP-Announce packet on Ethernet0/0.82 Send RP-Announce packet on Ethernet0/0.21 Send RP-Announce packet on Ethernet0/0.123 Send RP-Announce packet on Loopback0(*) So far PE1 has no debug output. The reason is because it doesn’t care about the received Auto-RP information. It’s not an Auto-RP Mapping Agent. In fact, we don’t have any routers configured as Auto-RP mapping agents yet. Auto-RP is not yet fully configured. PE2-RACK1#sh ip pim rp Group: 235.235.235.235, RP: 10.1.1.1, v2, uptime 00:46:27, expires never Group: 235.5.5.5, RP: 10.1.1.1, v2, uptime 00:46:28, expires never Group: 239.255.255.255, RP: 10.1.1.1, v2, uptime 00:46:28, expires never Group: 224.2.127.254, RP: 10.1.1.1, v2, uptime 00:46:27, expires never Group: 224.8.8.8, RP: 10.1.1.2, next RP-reachable in 00:00:49 Group: 225.8.8.8, RP: 10.1.1.1, v2, uptime 00:46:28, expires never Group: 229.0.0.1, RP: 10.1.1.1, v2, uptime 00:46:28, expires never Group: 229.0.0.2, RP: 10.1.1.1, v2, uptime 00:46:28, expires never Groups 225.8.8.8, 229.0.0.1, and 229.0.0.2 still have 10.1.1.1 as their static RP. Auto-RP is not working yet. Task 7.2: Similarly to the previous lab, configure the following on PE3: PE3-RACK1(config)#ip access-list standard PE3-Groups PE3-RACK1(config-std-nacl)#permit 225.2.2.2 PE3-RACK1(config)#int Loopback0 PE3-RACK1(config-if)#ip pim sparse-dense-mode PE3-RACK1(config)#ip pim send-rp-announce Loopback 0 scope 16 group-list PE3-Groups 2 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II Task 7.3:. Similarly to the previous task, configure Auto-RP announcements not just on one router, but on three routers. Later, the mapping agent will elect one of them to be the RP for this group range. It will use the highest IP address. It will elect 10.1.1.3, PE3, to be the RP. When configuring this, don’t create a new access-list and new ip pim send-rp-announce statements. You have to add 235.0.0.0/8 group range to the existing access-list if there is one. PE2-RACK1(config)#ip access-list standard PE2-Groups PE2-RACK1(config-std-nacl)#permit 235.0.0.0 0.255.255.255 PE1-RACK1(config)#ip access-list standard PE1-Groups PE1-RACK1(config-std-nacl)#permit 235.0.0.0 0.255.255.255 PE1-RACK1(config)#int Loopback0 PE1-RACK1(config-if)#ip pim sparse-dense-mode PE1-RACK1(config)#ip pim send-rp-announce Loopback 0 scope 16 group-list PE1-Groups PE3-RACK1(config)#ip access-list standard PE3-Groups PE3-RACK1(config-std-nacl)#permit 235.0.0.0 0.255.255.255 You should now see PE1, PE2 and PE3 announcing themselves as RPs to the 224.0.1.39 Multicast group. But since there are no mapping agents configured, Auto-RP is not fully configured yet. Task 7.4: Now you are asked to configure PE1 as an RP Mapping Agent. PE1-RACK1(config)#ip pim send-rp-discovery scope 15 Now watch the debug ip pim auto-rp on PE2. It should now be receiving Auto-RP discovery messages from PE1. 3 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 PE2-RACK# 02:23:06: ht 180 02:23:06: 02:23:06: ht 180 02:23:06: | Lab7 Solutions: Multicast II Auto-RP(0): Received RP-discovery, from 172.16.12.1, RP_cnt 1, Auto-RP(0): Added with (235.0.0.0/8, RP:10.1.1.2), PIMv2 v1 Auto-RP(0): Received RP-discovery, from 172.16.13.1, RP_cnt 1, Auto-RP(0): Update (235.0.0.0/8, RP:10.1.1.2), PIMv2 v1 PE1 has two IP PIM interfaces; it sent out Auto-RP discovery messages on both interfaces. Now you can see the results of Auto-RP configuration. Look at PE3: PE3-RACK1#sh ip pim rp mapping PIM Group-to-RP Mappings This system is an RP (Auto-RP) Group(s) 225.2.2.2/32 RP 10.1.1.3 (?), v2v1 Info source: 172.16.12.1 (?), elected via Uptime: 00:00:59, expires: 00:02:52 Group(s) 225.8.8.8/32 RP 10.1.1.2 (?), v2v1 Info source: 172.16.12.1 (?), elected via Uptime: 00:02:52, expires: 00:02:50 Group(s) 229.0.0.1/32 RP 10.1.1.2 (?), v2v1 Info source: 172.16.12.1 (?), elected via Uptime: 00:02:52, expires: 00:02:51 Group(s) 229.0.0.2/32 RP 10.1.1.2 (?), v2v1 Info source: 172.16.12.1 (?), elected via Uptime: 00:02:52, expires: 00:02:52 Group(s) 235.0.0.0/8 RP 10.1.1.3 (?), v2v1 Info source: 172.16.12.1 (?), elected via Uptime: 00:18:36, expires: 00:02:28 Acl: RP-10.1.1.2-Groups, Static RP: 10.1.1.2 (?) Acl: RP-Sink-Groups, Static RP: 10.1.1.1 (?) Acl: RP-10.1.1.3-Groups, Static-Override RP: 10.1.1.3 (?) Auto-RP Auto-RP Auto-RP Auto-RP Auto-RP The above five mappings are from Auto-RP, the last three are static. Notice that PE3 thinks that there’s only one RP for 235.0.0.0/8. This was a result of mapping agent election on PE1. Let’s look on PE1: 4 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II PE1-RACK1#sh ip pim rp mapping 235.0.0.0 PIM Group-to-RP Mappings This system is an RP (Auto-RP) This system is an RP-mapping agent Group(s) 235.0.0.0/8 RP 10.1.1.3 (?), v2v1 Info source: 10.1.1.3 (?), elected via Auto-RP Uptime: 00:03:31, expires: 00:02:28 RP 10.1.1.2 (?), v2v1 Info source: 10.1.1.2 (?), via Auto-RP Uptime: 00:03:01, expires: 00:02:21 RP 10.1.1.1 (?), v2v1 Info source: 10.1.1.1 (?), via Auto-RP Uptime: 00:03:17, expires: 00:02:38 PE1 knows of three RP candidates for this 235.0.0.0/8 Multicast group range. PE1 mapping agent elected the one with the highest IP address (10.1.1.3) and advertised it in a discovery 224.0.1.40 message. Let’s look on PE2: PE2-RACK1#sh ip pim rp mapping 235.0.0.0 PIM Group-to-RP Mappings This system is an RP (Auto-RP) Group(s) 235.0.0.0/8 RP 10.1.1.3 (?), v2v1 Info source: 172.16.13.1 (?), elected via Auto-RP Uptime: 00:04:47, expires: 00:02:36 PE2 also thinks PE3 is the RP for this Multicast group range. The behavior is as expected. PE3-RACK1#sh ip pim rp Group: 235.235.235.235, RP: 10.1.1.3, v2, v1, next RP-reachable in 00:00:38 Group: 224.2.2.2, RP: 10.1.1.3, next RP-reachable in 00:00:53 Group: 225.2.2.2, RP: 10.1.1.3, v2, v1, next RP-reachable in 00:00:38 Group: 225.1.1.1, RP: 10.1.1.1, v2, uptime 00:02:01, expires never Group: 224.1.1.1, RP: 10.1.1.1, v2, uptime 00:02:01, expires never 5 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II PE1-RACK1#sh ip pim rp Group: 235.235.235.235, RP: 10.1.1.3, v2, v1, uptime 00:01:13, expires 00:02:45 Group: 239.255.255.255, RP: 10.1.1.1, next RP-reachable in 00:01:09 Group: 224.2.127.254, RP: 10.1.1.1, next RP-reachable in 00:01:09 Group: 225.8.8.8, RP: 10.1.1.2, v2, v1, uptime 00:00:56, expires 00:02:03 Group: 229.0.0.1, RP: 10.1.1.2, v2, v1, uptime 00:00:56, expires 00:02:01 Group: 229.0.0.2, RP: 10.1.1.2, v2, v1, uptime 00:00:56, expires 00:02:01 Group: 225.1.1.1, RP: 10.1.1.1, next RP-reachable in 00:01:09 Group: 224.1.1.1, RP: 10.1.1.1, next RP-reachable in 00:01:09 PE2-RACK1#sh ip pim rp Group: 235.235.235.235, RP: 10.1.1.3, v2, v1, uptime 00:01:49, expires 00:02:25 Group: 239.255.255.255, RP: 10.1.1.1, v2, uptime 00:02:49, expires never Group: 224.2.127.254, RP: 10.1.1.1, v2, uptime 00:02:49, expires never Group: 224.8.8.8, RP: 10.1.1.2, next RP-reachable in 00:00:50 Group: 225.8.8.8, RP: 10.1.1.2, v2, v1, next RP-reachable in 00:00:12 Group: 229.0.0.1, RP: 10.1.1.2, v2, v1, next RP-reachable in 00:00:12 Group: 229.0.0.2, RP: 10.1.1.2, v2, v1, next RP-reachable in 00:00:12 Group: 225.1.1.1, RP: 10.1.1.1, v2, uptime 00:02:49, expires never Group: 224.1.1.1, RP: 10.1.1.1, v2, uptime 00:02:49, expires never In the above three show ip pim rp outputs: 1. The entries that say “v2, v1” are from Auto-RP and the router is not the RP. 2. The entries that say “v2” are static and the router is not the RP. 3. The entries that say “next RP-reachable,” the router is the RP, but you can’t tell if it’s static or Auto-RP, unless you do show ip pim rp mapping. Task 7.5: You are being asked to configure a Multicast stub network. First, let’s block CE8 PIM neighbor messages coming to PE2. PE2-RACK1(config)#ip access-list standard Block-CE8-PIM PE2-RACK1(config-std-nacl)#deny 10.82.1.1 PE2-RACK1(config-std-nacl)#permit any PE3->CE1. PE2-RACK1#ping 225.1.1.1 Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 225.1.1.1, timeout is 2 seconds: Reply Reply Reply Reply to to to to request request request request 0 0 0 0 from from from from 10.13.1.1, 10.13.1.1, 10.13.1.1, 10.13.1.1, 12 20 20 20 ms ms ms ms Let’s look at the Multicast routing table on PE2 for this 225.1.1.1 group. We should expect to see both PE2->PE1 and PE2->PE3 as outgoing interfaces, depending on the source: PE2-RACK1#sh ip mroute 225.1.1.1 IP Multicast Routing Table Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, M - MSDP created entry, X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement, U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel, Y - Joined MDT-data group, y - Sending to MDT-data group V - RD & Vector, v - Vector Outgoing interface flags: H - Hardware switched, A - Assert winner Timers: Uptime/Expires Interface state: Interface, Next-Hop or VCD, State/Mode (*, 225.1.1.1), 00:04:54/stopped, RP 10.1.1.1, flags: SPF Incoming interface: Ethernet0/0.21, RPF nbr 172.16.12.1 Outgoing interface list: Null (10.1.1.2, 225.1.1.1), 00:04:54/00:02:50, flags: FT Incoming interface: Loopback0, RPF nbr 0.0.0.0 Outgoing interface list: Ethernet0/0.123, Forward/Sparse-Dense, 00:03:53/00:02:38 (10.82.1.2, 225.1.1.1), 00:04:54/00:03:02, flags: FT Incoming interface: Ethernet0/0.82, RPF nbr 0.0.0.0, Registering Outgoing interface list: Ethernet0/0.123, Forward/Sparse-Dense, 00:03:53/00:02:38 9 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II Ethernet0/0.21, Forward/Sparse-Dense, 00:04:54/00:02:56 (172.16.12.2, 225.1.1.1), 00:04:54/00:03:08, flags: FT Incoming interface: Ethernet0/0.21, RPF nbr 0.0.0.0 Outgoing interface list: Ethernet0/0.123, Forward/Sparse-Dense, 00:03:53/00:02:38 Let’s look at the Multicast routing table on PE3 for this 225.1.1.1 group. We should expect to see both PE2->PE3 and PE1->PE3 as incoming interfaces, depending on the source: PE3-RACK1#sh ip mroute 225.1.1.1 IP Multicast Routing Table Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, M - MSDP created entry, X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement, U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel, Y - Joined MDT-data group, y - Sending to MDT-data group V - RD & Vector, v - Vector Outgoing interface flags: H - Hardware switched, A - Assert winner Timers: Uptime/Expires Interface state: Interface, Next-Hop or VCD, State/Mode (*, 225.1.1.1), 02:29:11/stopped, RP 10.1.1.1, flags: SJCF Incoming interface: Ethernet0/0.31, RPF nbr 172.16.13.1 Outgoing interface list: Ethernet0/0.13, Forward/Sparse-Dense, 02:29:11/00:02:23 (10.1.1.2, 225.1.1.1), 00:05:51/00:02:26, flags: JT Incoming interface: Ethernet0/0.123, RPF nbr 172.16.123.2 Outgoing interface list: Ethernet0/0.13, Forward/Sparse-Dense, 00:05:51/00:02:23 (10.82.1.2, 225.1.1.1), 00:00:45/00:02:22, flags: J Incoming interface: Ethernet0/0.123, RPF nbr 172.16.123.2 Outgoing interface list: Ethernet0/0.13, Forward/Sparse-Dense, 00:00:45/00:02:23 (172.16.12.2, 225.1.1.1), 00:05:51/00:01:01, flags: JT Incoming interface: Ethernet0/0.123, RPF nbr 172.16.123.2 Outgoing interface list: Ethernet0/0.13, Forward/Sparse-Dense, 00:05:51/00:02:23 (172.16.123.2, 225.1.1.1), 00:06:54/00:02:24, flags: FT Incoming interface: Ethernet0/0.123, RPF nbr 0.0.0.0 Outgoing interface list: Ethernet0/0.13, Forward/Sparse-Dense, 00:06:54/00:02:21 10 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II Notice the flag on the entries has the letter J – Join SPT, and that all incoming interfaces are Ethernet0/0.123, which is PE2-PE3 interface, not PE1-PE3. Therefore, PE1, the RP, is completely bypassed. Let’s avoid this SPT switchover by configuring spt-threshold. CE8-RACK1(config)#ip CE2-RACK1(config)#ip PE2-RACK1(config)#ip PE1-RACK1(config)#ip PE3-RACK1(config)#ip pim pim pim pim pim spt-threshold spt-threshold spt-threshold spt-threshold spt-threshold infinity infinity infinity infinity infinity Let’s ping 225.1.1.1 from PE2 one more time. PE2-RACK1#ping 225.1.1.1 Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 225.1.1.1, timeout is 2 seconds: Reply Reply Reply Reply to to to to request request request request 0 0 0 0 from from from from 10.13.1.1, 10.13.1.1, 10.13.1.1, 10.13.1.1, 28 48 48 28 ms ms ms ms Let’s look at the Multicast routing table on PE2 for this 225.1.1.1 group. We should only see traffic flowing up to PE1. PE2-RACK1#sh ip mroute 225.1.1.1 IP Multicast Routing Table Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, M - MSDP created entry, X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement, U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel, Y - Joined MDT-data group, y - Sending to MDT-data group V - RD & Vector, v - Vector Outgoing interface flags: H - Hardware switched, A - Assert winner Timers: Uptime/Expires Interface state: Interface, Next-Hop or VCD, State/Mode (*, 225.1.1.1), 00:12:13/stopped, RP 10.1.1.1, flags: SPF Incoming interface: Ethernet0/0.21, RPF nbr 172.16.12.1 Outgoing interface list: Null (10.1.1.2, 225.1.1.1), 00:00:56/00:02:51, flags: FT Incoming interface: Loopback0, RPF nbr 0.0.0.0, Registering Outgoing interface list: 11 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II Ethernet0/0.21, Forward/Sparse-Dense, 00:00:56/00:02:47 (10.82.1.2, 225.1.1.1), 00:00:56/00:02:51, flags: FT Incoming interface: Ethernet0/0.82, RPF nbr 0.0.0.0, Registering Outgoing interface list: Ethernet0/0.21, Forward/Sparse-Dense, 00:00:56/00:02:47 (172.16.12.2, 225.1.1.1), 00:00:56/00:02:21, flags: PFT Incoming interface: Ethernet0/0.21, RPF nbr 0.0.0.0 Outgoing interface list: Null Ethernet0/0.21 is the interface leading up to PE1, the RP for the 225.1.1.1 Multicast group. SPT switchover did not occur. Task 7.8: Right now you can ping 229.0.0.1 and 229.0.0.2 groups on CE8 from CE2. PE2 is the RP for this group. The shared tree is created from CE8 up to the RP PE2. If CE2 tries to be the source, its next hop router PE3 will have to send PIM Unicast Register message to PE2 to create SPT tree from PE3 to PE2. To complete this task, on PE2 you have to block the PIM Register messages coming from PE3. Enable debug ip pim on PE2 and PE3. You will see how PE3 will try to send PIM Register message to PE2 when you ping 229.0.0.1 from CE8, but PE2 will reject it, and the ping will fail. It will work when you ping 229.0.0.2, though. PE2-RACK1(config)#ip access-list extended SSM PE2-RACK1(config-ext-nacl)#deny ip host 10.23.1.1 229.0.0.1 0.255.255.254 PE2-RACK1(config-ext-nacl)#permit ip host 10.23.1.1 229.0.0.0 0.255.255.254 PE2-RACK1(config-ext-nacl)#permit ip any any PE2-RACK1(config)#ip pim accept-register list SSM 12 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II This is also called source specific Multicast, SSM. The access-list will reject PIM Register messages coming from PE3 on behalf of source 10.23.1.1 (CE2) for Multicast traffic going to the 229.0.0.x odd groups. The access-list will also permit PIM Register messages coming from PE3 on behalf of source 10.23.1.1 and other sources for Multicast traffic going to the 229.0.0.x even groups. Let’s try to ping 229.0.0.2 and watch the debugs. The ping will work. PIM Register will be permitted on PE2. CE2-RACK1#ping 229.0.0.2 Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 229.0.0.2, timeout is 2 seconds: Reply to request 0 from 10.82.1.1, 52 ms PE3 debug: PE3 is sending PIM Register message to PE2. PE3-RACK1# 04:23:11: PIM(0): Check RP 10.1.1.2 into the (*, 229.0.0.2) entry 04:23:11: PIM(0): Send v2 Register to 10.1.1.2 for 10.23.1.1, group 229.0.0.2 04:23:11: PIM(0): Received v2 Join/Prune on Ethernet0/0.123 from 172.16.123.2, to us 04:23:11: PIM(0): Join-list: (10.23.1.1/32, 229.0.0.2), S-bit set 04:23:11: PIM(0): Add Ethernet0/0.123/172.16.123.2 to (10.23.1.1, 229.0.0.2), Forward state, by PIM SG Join PE2 debug: PE2 receives PIM Register message from PE3, accepts it, and builds SPT tree to PE3. PE2-RACK1# 04:23:14: PIM(0): Received v2 Register on Ethernet0/0.123 from 172.16.123.3 04:23:14: for 10.23.1.1, group 229.0.0.2 04:23:14: PIM(0): Insert (10.23.1.1,229.0.0.2) join in nbr 172.16.123.3's queue 04:23:14: PIM(0): Forward decapsulated data packet for 229.0.0.2 on Ethernet0/0.82 04:23:14: PIM(0): Building Join/Prune packet for nbr 172.16.123.3 04:23:14: PIM(0): Adding v2 (10.23.1.1/32, 229.0.0.2), S-bit Join 04:23:14: PIM(0): Send v2 join/prune to 172.16.123.3 (Ethernet0/0.123) Now let’s try to ping 229.0.0.1 and watch the debugs. The ping will fail. PIM Register will be on PE2 and Register-Stop message will be sent back to PE3. 13 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II CE2-RACK1#ping 229.0.0.1 Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 229.0.0.1, timeout is 2 seconds: . PE3 debug, PE3 is sending PIM Register message to PE2. PE3-RACK1# 04:25:42: PIM(0): 04:25:42: PIM(0): 229.0.0.1 04:25:42: PIM(0): 10.1.1.2 04:25:42: PIM(0): 04:25:42: PIM(0): 229.0.0.1) Check RP 10.1.1.2 into the (*, 229.0.0.1) entry Send v2 Register to 10.1.1.2 for 10.23.1.1, group Received v2 Register-Stop on Ethernet0/0.123 from for source 10.23.1.1, group 229.0.0.1 Clear register flag to 10.1.1.2 for (10.23.1.1/32, PE2 debug. PE2 receives PIM Register message, rejects it, and sends Register-Stop message back. PE2-RACK1# 04:25:45: PIM(0): Received v2 Register on Ethernet0/0.123 from 172.16.123.3 04:25:45: for 10.23.1.1, group 229.0.0.1 04:25:45: %PIM-4-INVALID_SRC_REG: Received Register from 172.16.123.3 for (10.23.1.1, 229.0.0.1), not willing to be RP 04:25:45: PIM(0): Register for 10.23.1.1, group 229.0.0.1 rejected 04:25:45: PIM(0): Send v2 Register-Stop to 172.16.123.3 for 10.23.1.1, group 229.0.0.1 Task 7.9: If you do show ip pim rp 235.235.235.235, the output will say “v2, v1”. This means that this group is running in PIM v1 and v2. PE2-RACK1#show ip pim rp 235.235.235.235 Group: 235.235.235.235, RP: 10.1.1.3, v2, v1, uptime 00:55:55, expires 00:02:15 To force this group into version 2 only mode, you have to override Auto-RP configuration with BSR configuration. BSR is the newer way to automatically elect RPs. BSR has been introduced with PIM v2 and, therefore, it can only be used with PIM v2. 14 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II First of all, you should remove 235.0.0.0/8 from Auto-RP. You currently have 235.0.0.0/8 being announced from PE1, PE2, and PE3. Excluding 235.235.235.235 won’t work. It will be denied by the Auto-RP, and BSR will never pick it up. PE2-RACK1(config)#no ip access-list standard PE2-Groups PE2-RACK1(config)#ip access-list standard PE2-Groups PE2-RACK1(config-std-nacl)#permit 229.0.0.1 PE2-RACK1(config-std-nacl)#permit 229.0.0.2 PE2-RACK1(config-std-nacl)#permit 225.8.8.8 PE1-RACK1(config)#no ip access-list standard PE1-Groups PE1-RACK1(config)#ip access-list standard PE1-Groups PE1-RACK1(config-std-nacl)#deny any PE3-RACK1(config)#no ip access-list standard PE3-Groups PE3-RACK1(config)#ip access-list standard PE3-Groups PE3-RACK1(config-std-nacl)#permit 225.2.2.2 By the way, you should always clear ip pim rp whenever you make this kind of change. When you remove the access-list, the default 224.0.0.0/4 is automatically advertised until you create the new access-list. So, do clear ip pim rp on PE1, PE2, and PE3 after making this change. Otherwise, you’ll see 224.0.0.0/4 auto-rp mapping. PE1-RACK1#clear ip pim rp PE2-RACK1#clear ip pim rp PE3-RACK1#clear ip pim rp Now, let’s configure BSR. Auto-RP had all three PEs participate in the RP election. We should configure BSR the same way. Configure this on PE1, PE2 and PE3. PE1-RACK1(config)#ip access-list standard BSR PE1-RACK1(config-std-nacl)#permit 235.235.235.235 PE1-RACK1(config)#ip pim rp-candidate Loopback 0 group-list BSR PE2-RACK1(config)#ip access-list standard BSR PE2-RACK1(config-std-nacl)#permit 235.235.235.235 PE2-RACK1(config)#ip pim rp-candidate Loopback 0 group-list BSR PE3-RACK1(config)#ip access-list standard BSR PE3-RACK1(config-std-nacl)#permit 235.235.235.235 PE3-RACK1(config)#ip pim rp-candidate Loopback 0 group-list BSR 15 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II Now configure PE1 as the BSR candidate. It’s similar to the Auto-RP mapping agent. PE1-RACK1(config)#ip pim bsr-candidate Loopback0 10 10 Let’s verify which RP the BSR has elected on PE2: PE2-RACK1#sh ip pim rp 235.235.235.235 Group: 235.235.235.235, RP: 10.1.1.2, v2, next RP-reachable in 00:01:10 Notice the “v2.” This group is using RP 10.1.1.2 thanks to the PIMv2 BSR election. BSR uses a different algorithm to elect the RP when there’s more than one candidate. Check CCO documentation for more detail. IP PIM Advanced and DVMRP Task 7.10: PE1-RACK1(config)#int fastethernet0/0 PE1-RACK1(config-if)#ip multicast rate-limit out 200 PE1-RACK1(config)#int fastethernet0/1 PE1-RACK1(config-if)#ip multicast rate-limit out 200 Task 7.11: You have to use admin scoping. PE3-RACK1(config)#access-list 80 deny 236.0.0.0 0.0.127.255 PE3-RACK1(config)#access-list 80 permit any PE3-RACK1(config)#int ethernet0/0.13 PE3-RACK1(config-if)#ip multicast boundary 80 16 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II Task 7.12: It’s a trick question. You have to configure TTL of 9, not 10. This command stops the router from forwarding Multicast packets unless the TTL is above a specific value. PE3-RACK1(config)#int ethernet0/0.13 PE3-RACK1(config-if)#ip multicast ttl-threshold 9 Task 7.13: PE1-RACK1(config)#access-list 10 permit 172.16.12.0 0.0.0.255 PE1-RACK1(config)#int tunnel 500 PE1-RACK1(config-if)#ip unnumbered FastEthernet0/1 PE1-RACK1(config-if)#tunnel source Loopback0 PE1-RACK1(config-if)#tunnel destination 199.199.199.199 PE1-RACK1(config-if)#tunnel mode dvmrp PE1-RACK1(config-if)#ip pim sparse-dense-mode PE1-RACK1(config-if)#ip dvmrp metric 2 list 10 17 This product is individually licensed. Copyright® 2005 ieMentor http://www.iementor.com. [...]... PE2-RACK1(config-std-nacl)#permit 229.0.0.1 PE2-RACK1(config-std-nacl)#permit 229.0.0.2 PE2-RACK1(config-std-nacl)#permit 225.8.8.8 PE1-RACK1(config)#no ip access-list standard PE1-Groups PE1-RACK1(config)#ip access-list standard PE1-Groups PE1-RACK1(config-std-nacl)#deny any PE3-RACK1(config)#no ip access-list standard PE3-Groups PE3-RACK1(config)#ip access-list standard PE3-Groups PE3-RACK1(config-std-nacl)#permit 225.2.2.2... and PE3 PE1-RACK1(config)#ip access-list standard BSR PE1-RACK1(config-std-nacl)#permit 235.235.235.235 PE1-RACK1(config)#ip pim rp-candidate Loopback 0 group-list BSR PE2-RACK1(config)#ip access-list standard BSR PE2-RACK1(config-std-nacl)#permit 235.235.235.235 PE2-RACK1(config)#ip pim rp-candidate Loopback 0 group-list BSR PE3-RACK1(config)#ip access-list standard BSR PE3-RACK1(config-std-nacl)#permit... look at the Multicast routing table on PE2 for this 225.1.1.1 group We should only see traffic flowing up to PE1 PE2-RACK1#sh ip mroute 225.1.1.1 IP Multicast Routing Table Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, M - MSDP created entry, X - Proxy Join Timer Running, A - Candidate... PE1-RACK1(config)#int fastethernet0/0 PE1-RACK1(config-if)#ip multicast rate-limit out 200 PE1-RACK1(config)#int fastethernet0/1 PE1-RACK1(config-if)#ip multicast rate-limit out 200 Task 7.11: You have to use admin scoping PE3-RACK1(config)#access-list 80 deny 236.0.0.0 0.0.127.255 PE3-RACK1(config)#access-list 80 permit any PE3-RACK1(config)#int ethernet0/0.13 PE3-RACK1(config-if)#ip multicast boundary 80 16 This product... v1.0 | Lab7 Solutions: Multicast II First of all, you should remove 235.0.0.0/8 from Auto-RP You currently have 235.0.0.0/8 being announced from PE1, PE2, and PE3 Excluding 235.235.235.235 won’t work It will be denied by the Auto-RP, and BSR will never pick it up PE2-RACK1(config)#no ip access-list standard PE2-Groups PE2-RACK1(config)#ip access-list standard PE2-Groups PE2-RACK1(config-std-nacl)#permit... PE1-RACK1(config)#access-list 10 permit 172.16.12.0 0.0.0.255 PE1-RACK1(config)#int tunnel 500 PE1-RACK1(config-if)#ip unnumbered FastEthernet0/1 PE1-RACK1(config-if)#tunnel source Loopback0 PE1-RACK1(config-if)#tunnel destination 199.199.199.199 PE1-RACK1(config-if)#tunnel mode dvmrp PE1-RACK1(config-if)#ip pim sparse-dense-mode PE1-RACK1(config-if)#ip dvmrp metric 2 list 10 17 This product is individually licensed Copyright®... the ping will fail It will work when you ping 229.0.0.2, though PE2-RACK1(config)#ip access-list extended SSM PE2-RACK1(config-ext-nacl)#deny ip host 10.23.1.1 229.0.0.1 0.255.255.254 PE2-RACK1(config-ext-nacl)#permit ip host 10.23.1.1 229.0.0.0 0.255.255.254 PE2-RACK1(config-ext-nacl)#permit ip any any PE2-RACK1(config)#ip pim accept-register list SSM 12 This product is individually licensed Copyright®... Workbook v1.0 | Lab7 Solutions: Multicast II Task 7.12: It’s a trick question You have to configure TTL of 9, not 10 This command stops the router from forwarding Multicast packets unless the TTL is above a specific value PE3-RACK1(config)#int ethernet0/0.13 PE3-RACK1(config-if)#ip multicast ttl-threshold 9 Task 7.13: PE1-RACK1(config)#access-list 10 permit 172.16.12.0 0.0.0.255 PE1-RACK1(config)#int... Proxy Join Timer Running, A - Candidate for MSDP Advertisement, U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel, Y - Joined MDT-data group, y - Sending to MDT-data group V - RD & Vector, v - Vector Outgoing interface flags: H - Hardware switched, A - Assert winner Timers: Uptime/Expires Interface state: Interface, Next-Hop or VCD, State/Mode (*, 225.1.1.1), 00:12:13/stopped, RP 10.1.1.1,... Workbook v1.0 | Lab7 Solutions: Multicast II Notice the flag on the entries has the letter J – Join SPT, and that all incoming interfaces are Ethernet0/0.123, which is PE2-PE3 interface, not PE1-PE3 Therefore, PE1, the RP, is completely bypassed Let’s avoid this SPT switchover by configuring spt-threshold CE8-RACK1(config)#ip CE2-RACK1(config)#ip PE2-RACK1(config)#ip PE1-RACK1(config)#ip PE3-RACK1(config)#ip ...ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II PE2-RACK1(config)#ip access-list standard PE2-Groups PE2-RACK1(config-std-nacl)#permit 225.8.8.8... http://www.iementor.com ieMentor CCIE™ Service Provider Workbook v1.0 | Lab7 Solutions: Multicast II Task 7.3: Similarly to the previous task, configure Auto-RP announcements not just on one router,... v1.0 PE2-RACK# 02:23:06: ht 180 02:23:06: 02:23:06: ht 180 02:23:06: | Lab7 Solutions: Multicast II Auto-RP(0): Received RP-discovery, from 172.16.12.1, RP_cnt 1, Auto-RP(0): Added with (235.0.0.0/8,