2011年11月29日 星期二

cisco - multicast - pim - sparse mode - auto rp

Cisco - multicast - pim - sparse mode - auto rp

Test item:

1. static rp
2. autorp
3. autorp load sharing
4. autorp failover
5. autorp group announcement interval
6. autorp mapping agent discovery interval
7. shorten the RP failover time by adjusting the interval
8. shorten the RP failover time by adjusting the interval (RP candidate & mapping agent configured on the same router)
9. autorp selection
10. rp-announce & rp-discovery filtering on interface
11. preventing candidate rp spoofing

Topology:



Test item #1 - static rp:

1. Configure R8 as the static rp on R1 - R10

2. Configure igmp join group 226.0.0.1 on the loopback0 of R3

3. ping 226.0.0.1 from R1

R3 interface loopback0:

interface Loopback0
 ip address 192.168.0.3 255.255.255.255
 ip pim sparse-mode
 ip igmp join-group 226.0.0.1
 ip ospf cost 255
end

Ping 226.0.0.1 from R1:

R1#ping 226.0.0.1 repeat 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 226.0.0.1, timeout is 2 seconds:

Reply to request 0 from 192.168.0.3, 16 ms
Reply to request 0 from 192.168.0.3, 16 ms
Reply to request 1 from 192.168.0.3, 40 ms
Reply to request 1 from 192.168.0.3, 56 ms
R1#

R3 show ip mroute:

R3#show ip mroute 226.0.0.1 | b 226.0.0.1
(*, 226.0.0.1), 00:02:50/stopped, RP 192.168.0.8, flags: SJCL
  Incoming interface: Serial3/1, RPF nbr 1.0.0.10
  Outgoing interface list:
    Loopback0, Forward/Sparse, 00:02:50/00:02:33

(192.168.0.1, 226.0.0.1), 00:01:18/00:01:41, flags: LJT
  Incoming interface: Serial3/0, RPF nbr 1.0.0.5
  Outgoing interface list:
    Loopback0, Forward/Sparse, 00:01:18/00:02:33

(1.0.0.1, 226.0.0.1), 00:01:18/00:01:41, flags: LJT
  Incoming interface: Serial3/0, RPF nbr 1.0.0.5
  Outgoing interface list:
    Loopback0, Forward/Sparse, 00:01:18/00:02:33

(1.0.0.13, 226.0.0.1), 00:01:18/00:01:41, flags: LJT
  Incoming interface: Serial3/0, RPF nbr 1.0.0.5
  Outgoing interface list:
    Loopback0, Forward/Sparse, 00:01:18/00:02:33

R3#




Test item #2 - autorp:

R3 join the group 225.0.0.1:

interface Loopback0
 ip address 192.168.0.3 255.255.255.255
 ip pim sparse-mode
 ip igmp join-group 225.0.0.1
 ip ospf cost 255
end

R1 ping the group 225.0.0.1:

R1#ping 225.0.0.1 repeat 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 225.0.0.1, timeout is 2 seconds:

Reply to request 0 from 192.168.0.3, 24 ms
Reply to request 0 from 192.168.0.3, 28 ms
Reply to request 1 from 192.168.0.3, 24 ms
Reply to request 1 from 192.168.0.3, 40 ms
R1#
R3 show ip mroute:

R3#show ip mroute 225.0.0.1 | b 225
(*, 225.0.0.1), 05:50:32/stopped, RP 192.168.0.10, flags: SJCL
  Incoming interface: Serial3/1, RPF nbr 1.0.0.10
  Outgoing interface list:
    Loopback0, Forward/Sparse, 05:50:32/00:02:14

(192.168.0.1, 225.0.0.1), 00:00:57/00:02:02, flags: LJT
  Incoming interface: Serial3/0, RPF nbr 1.0.0.5
  Outgoing interface list:
    Loopback0, Forward/Sparse, 00:00:57/00:02:14

(1.0.0.1, 225.0.0.1), 00:00:57/00:02:02, flags: LJT
  Incoming interface: Serial3/0, RPF nbr 1.0.0.5
  Outgoing interface list:
    Loopback0, Forward/Sparse, 00:00:57/00:02:14

(1.0.0.13, 225.0.0.1), 00:00:57/00:02:02, flags: LJT
  Incoming interface: Serial3/0, RPF nbr 1.0.0.5
  Outgoing interface list:
    Loopback0, Forward/Sparse, 00:00:57/00:02:14

R3#



Test item #3 - autorp load sharing:

- remove static rp-address 192.168.0.8 from all routers
- amend the rp candidate group as below:

R9:

ip pim send-rp-announce Loopback0 scope 255 group-list 10
ip pim send-rp-discovery Loopback0 scope 255
access-list 10 permit 225.0.0.0 0.0.0.255
access-list 10 permit 224.0.0.0 7.255.255.255

R10:

ip pim send-rp-announce Loopback0 scope 255 group-list 20
ip pim send-rp-discovery Loopback0 scope 255
access-list 20 permit 226.0.0.0 0.0.0.255
access-list 20 permit 224.0.0.0 7.255.255.255

R3 join the group 225.0.0.1, 226.0.0.1 & 227.0.0.1:

interface Loopback0
 ip address 192.168.0.3 255.255.255.255
 ip pim sparse-mode
 ip igmp join-group 227.0.0.1
 ip igmp join-group 226.0.0.1
 ip igmp join-group 225.0.0.1
 ip ospf cost 255
end

R1 ping 225.0.0.1, 226.0.0.1 & 227.0.0.1:

R1#ping 225.0.0.1 repeat 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 225.0.0.1, timeout is 2 seconds:

Reply to request 0 from 192.168.0.3, 20 ms
Reply to request 0 from 192.168.0.3, 20 ms
Reply to request 1 from 192.168.0.3, 28 ms
Reply to request 1 from 192.168.0.3, 32 ms
R1#
R1#ping 226.0.0.1 repeat 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 226.0.0.1, timeout is 2 seconds:

Reply to request 0 from 192.168.0.3, 12 ms
Reply to request 0 from 192.168.0.3, 24 ms
Reply to request 1 from 192.168.0.3, 72 ms
Reply to request 1 from 192.168.0.3, 80 ms
R1#
R1#ping 227.0.0.1 repeat 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 227.0.0.1, timeout is 2 seconds:

Reply to request 0 from 192.168.0.3, 12 ms
Reply to request 0 from 192.168.0.3, 48 ms
Reply to request 1 from 192.168.0.3, 28 ms
Reply to request 1 from 192.168.0.3, 36 ms
R1#

Check the RP for each group on R3:

R3#show ip mroute 225.0.0.1 | in 225.0.0.1.*RP
(*, 225.0.0.1), 06:39:49/stopped, RP 192.168.0.9, flags: SJCL
R3#
R3#show ip mroute 226.0.0.1 | in 226.0.0.1.*RP
(*, 226.0.0.1), 00:46:24/stopped, RP 192.168.0.10, flags: SJCL
R3#
R3#show ip mroute 227.0.0.1 | in 227.0.0.1.*RP
(*, 227.0.0.1), 00:04:05/stopped, RP 192.168.0.10, flags: SJCL
R3#



Test item #4 - autorp failover:

Shutdown all the interface on R10, clear the mroute table & rp-mapping on R1 & R3:

R10#show int desc | in BI
Se3/0                          admin down     down     BI~R10-s3_0~T1~R8-s3_0 ~
Se3/1                          admin down     down     BI~R10-s3_1~T1~R13-s3_0 ~
R10#

clear ip mroute *
clear ip pim rp-mapping

Ping 225.0.0.1, 226.0.0.1 & 227.0.0.1 from R1:

R1#ping 225.0.0.1 repeat 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 225.0.0.1, timeout is 2 seconds:

Reply to request 0 from 192.168.0.3, 36 ms
Reply to request 0 from 192.168.0.3, 36 ms
Reply to request 1 from 192.168.0.3, 12 ms
Reply to request 1 from 192.168.0.3, 40 ms
R1#                     
R1#ping 226.0.0.1 repeat 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 226.0.0.1, timeout is 2 seconds:

Reply to request 0 from 192.168.0.3, 20 ms
Reply to request 1 from 192.168.0.3, 44 ms
R1#
R1#ping 227.0.0.1 repeat 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 227.0.0.1, timeout is 2 seconds:

Reply to request 0 from 192.168.0.3, 12 ms
Reply to request 0 from 192.168.0.3, 28 ms
Reply to request 1 from 192.168.0.3, 20 ms
Reply to request 1 from 192.168.0.3, 36 ms
R1#

Check the RP for each group on R3:

R3#show ip mroute 225.0.0.1 | in 225.0.0.1.*RP
(*, 225.0.0.1), 00:08:14/stopped, RP 192.168.0.9, flags: SJCL
R3#
R3#show ip mroute 226.0.0.1 | in 226.0.0.1.*RP
(*, 226.0.0.1), 00:08:21/stopped, RP 192.168.0.9, flags: SJCL
R3#
R3#show ip mroute 227.0.0.1 | in 227.0.0.1.*RP
(*, 227.0.0.1), 00:08:29/stopped, RP 192.168.0.9, flags: SJCL
R3#
R3#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/5
  RP 192.168.0.9 (?), v2v1
    Info source: 192.168.0.9 (?), elected via Auto-RP
         Uptime: 00:07:06, expires: 00:02:48
Group(s) 225.0.0.0/24
  RP 192.168.0.9 (?), v2v1
    Info source: 192.168.0.9 (?), elected via Auto-RP
         Uptime: 00:08:12, expires: 00:02:49
R3#



Test item #5 - autorp group announcement interval:

Configure R8, R9 & R10 as below:

R8 - mapping agent
R9 - RP candidate for the group 225.0.0.1
R10 - RP candidate for the group 225.0.0.1

Use default rp announcement interval on R9 & R10:

ip pim send-rp-announce Loopback0 scope 255 group-list 10
access-list 10 permit 225.0.0.0 0.0.0.255

RP announcement received on R8:

samlee@notebook:~/myperl/test$ cat debug.ip.pim.autorp | grep -E 'debug|announce'
R8#debug ip pim auto-rp
PIM Auto-RP debugging is on
*Dec  3 17:55:57.547: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.10, RP_cnt 1, ht 181
*Dec  3 17:55:57.551: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.10, RP_cnt 1, ht 181
*Dec  3 17:56:15.323: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.9, RP_cnt 1, ht 181
*Dec  3 17:56:15.339: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.9, RP_cnt 1, ht 181
*Dec  3 17:56:57.567: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.10, RP_cnt 1, ht 181
*Dec  3 17:56:57.579: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.10, RP_cnt 1, ht 181
*Dec  3 17:57:15.315: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.9, RP_cnt 1, ht 181
*Dec  3 17:57:15.323: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.9, RP_cnt 1, ht 181
*Dec  3 17:57:57.543: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.10, RP_cnt 1, ht 181
*Dec  3 17:57:57.559: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.10, RP_cnt 1, ht 181
*Dec  3 17:58:15.335: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.9, RP_cnt 1, ht 181
*Dec  3 17:58:15.339: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.9, RP_cnt 1, ht 181
samlee@notebook:~/myperl/test$


Change the RP announcement interval to one second on R9 & R10:

ip pim send-rp-announce Loopback0 scope 255 group-list 10 interval 1


RP announcement received on R8:

samlee@notebook:~/myperl/test$ cat debug.ip.pim.autorp.2 | grep -E 'debug|announce'
R8#debug ip pim auto-rp
PIM Auto-RP debugging is on
*Dec  3 18:12:00.631: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.9, RP_cnt 1, ht 4
*Dec  3 18:12:00.635: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.9, RP_cnt 1, ht 4
*Dec  3 18:12:00.755: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.10, RP_cnt 1, ht 4
*Dec  3 18:12:00.755: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.10, RP_cnt 1, ht 4
*Dec  3 18:12:01.599: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.9, RP_cnt 1, ht 4
*Dec  3 18:12:01.615: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.9, RP_cnt 1, ht 4
*Dec  3 18:12:01.719: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.10, RP_cnt 1, ht 4
*Dec  3 18:12:01.731: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.10, RP_cnt 1, ht 4
*Dec  3 18:12:02.615: Auto-RP(0): Received RP-announce packet of length 48, from 192.168.0.9, RP_cnt 1, ht 4
samlee@notebook:~/myperl/test$



Test item #6 - autorp mapping agent discovery interval:

R8 - mapping agent
R9 & R10 - RP candidate

Configure both mapping agenet & RP candidate without interval specified:

ip pim send-rp-discovery Loopback0 scope 255
ip pim send-rp-announce Loopback0 scope 255 group-list 10

Check the RP discovery on R3:

samlee@notebook:~/myperl/test$ cat debug.ip.pim.discovery | grep covery
*Dec  3 21:21:56.919: Auto-RP(0): Received RP-discovery packet of length 54, from 192.168.0.8, RP_cnt 1, ht 181
*Dec  3 21:22:55.551: Auto-RP(0): Received RP-discovery packet of length 54, from 192.168.0.8, RP_cnt 1, ht 181
*Dec  3 21:23:55.399: Auto-RP(0): Received RP-discovery packet of length 54, from 192.168.0.8, RP_cnt 1, ht 181
*Dec  3 21:24:54.891: Auto-RP(0): Received RP-discovery packet of length 54, from 192.168.0.8, RP_cnt 1, ht 181

Change the RP discovery interval to 1 on R8:

ip pim send-rp-discovery Loopback0 scope 255 interval 1

Check the RP discovery on R3:

samlee@notebook:~/myperl/test$ cat debug.ip.pim.discovery.2 | grep covery
*Dec  3 21:50:05.543: Auto-RP(0): Received RP-discovery packet of length 54, from 192.168.0.8, RP_cnt 1, ht 4
*Dec  3 21:50:07.411: Auto-RP(0): Received RP-discovery packet of length 54, from 192.168.0.8, RP_cnt 1, ht 4
*Dec  3 21:50:09.335: Auto-RP(0): Received RP-discovery packet of length 54, from 192.168.0.8, RP_cnt 1, ht 4
*Dec  3 21:50:10.327: Auto-RP(0): Received RP-discovery packet of length 54, from 192.168.0.8, RP_cnt 1, ht 4
*Dec  3 21:50:12.227: Auto-RP(0): Received RP-discovery packet of length 54, from 192.168.0.8, RP_cnt 1, ht 4



Test item #7 - shorten the RP failover time by adjusting the interval:

R9 & R10:

ip pim send-rp-announce Loopback0 scope 255 group-list 10
access-list 10 permit 225.0.0.0 0.0.0.255
access-list 10 permit 224.0.0.0 7.255.255.255

R8:

ip pim send-rp-discovery Loopback0 scope 255

Shutdown all the physical link on R10, failover the RP to R9:

*Dec  3 22:28:31.851: %LINK-5-CHANGED: Interface Serial3/0, changed state to administratively down
*Dec  3 22:28:35.203: %LINK-5-CHANGED: Interface Serial3/1, changed state to administratively down

RP mapping status on R3:

R3#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/5
  RP 192.168.0.10 (?), v2v1
    Info source: 192.168.0.8 (?), elected via Auto-RP
         Uptime: 00:07:17, expires: 00:02:36
Group(s) 225.0.0.0/24
  RP 192.168.0.10 (?), v2v1
    Info source: 192.168.0.8 (?), elected via Auto-RP
         Uptime: 00:07:17, expires: 00:02:39
R3#
*Dec  3 22:29:20.315: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
*Dec  3 22:30:58.667: PIM(0): Initiating register encapsulation tunnel creation for RP 192.168.0.9
*Dec  3 22:30:58.671: PIM(0): Initial register tunnel creation succeeded for RP 192.168.0.9
*Dec  3 22:30:58.715: PIM(0): Initiating register encapsulation tunnel deletion for RP 192.168.0.10
*Dec  3 22:30:59.727: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
R3#
R3#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/5
  RP 192.168.0.9 (?), v2v1
    Info source: 192.168.0.8 (?), elected via Auto-RP
         Uptime: 00:01:41, expires: 00:02:12
Group(s) 225.0.0.0/24
  RP 192.168.0.9 (?), v2v1
    Info source: 192.168.0.8 (?), elected via Auto-RP
         Uptime: 00:01:41, expires: 00:02:13
R3#

Resume the physical interface on R10, resume the RP back to R10:

R10#sho int desc | in BI    
Se3/0                          up             up       BI~R10-s3_0~T1~R8-s3_0 ~
Se3/1                          up             up       BI~R10-s3_1~T1~R13-s3_0 ~
R10#

R3#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/5
  RP 192.168.0.10 (?), v2v1
    Info source: 192.168.0.8 (?), elected via Auto-RP
         Uptime: 00:01:41, expires: 00:00:03
Group(s) 225.0.0.0/24
  RP 192.168.0.10 (?), v2v1
    Info source: 192.168.0.8 (?), elected via Auto-RP
         Uptime: 00:01:41, expires: 00:00:03
R3#

Change RP announcement & mapping agent discovery message to interval 1:

ip pim send-rp-announce Loopback0 scope 255 group-list 10 interval 1
ip pim send-rp-discovery Loopback0 scope 255 interval 1

Shutdown all the physical links on R10 to force R9 to be the RP:

*Dec  3 22:44:04.747: %LINK-5-CHANGED: Interface Serial3/0, changed state to administratively down
*Dec  3 22:44:07.611: %LINK-5-CHANGED: Interface Serial3/1, changed state to administratively down

RP mapping status on R3:

R3#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/5
  RP 192.168.0.10 (?), v2v1
    Info source: 192.168.0.8 (?), elected via Auto-RP
         Uptime: 00:05:23, expires: 00:00:02
Group(s) 225.0.0.0/24
  RP 192.168.0.10 (?), v2v1
    Info source: 192.168.0.8 (?), elected via Auto-RP
         Uptime: 00:05:23, expires: 00:00:02
R3#
*Dec  3 22:44:06.759: PIM(0): Initiating register encapsulation tunnel creation for RP 192.168.0.9
*Dec  3 22:44:06.763: PIM(0): Initial register tunnel creation succeeded for RP 192.168.0.9
*Dec  3 22:44:06.795: PIM(0): Initiating register encapsulation tunnel deletion for RP 192.168.0.10
*Dec  3 22:44:07.807: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to up
R3#
R3#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/5
  RP 192.168.0.9 (?), v2v1
    Info source: 192.168.0.8 (?), elected via Auto-RP
         Uptime: 00:00:13, expires: 00:00:02
Group(s) 225.0.0.0/24
  RP 192.168.0.9 (?), v2v1
    Info source: 192.168.0.8 (?), elected via Auto-RP
         Uptime: 00:00:13, expires: 00:00:02
R3#



Test item #8 - shorten the RP failover time by adjusting the interval (RP candidate & mapping agent configured on the same router)

Resume all interface on R10
Remove mapping agent function from R8
Configure R9 & R10 to be both RP candidate & mapping agent, with interval equal to 1:

ip pim send-rp-announce Loopback0 scope 255 group-list 10 interval 1
ip pim send-rp-discovery Loopback0 scope 255 interval 1

Shutdown all the physical links on R10 to force R9 to be the RP:

*Dec  3 22:58:10.467: %LINK-5-CHANGED: Interface Serial3/0, changed state to administratively down
*Dec  3 22:58:12.675: %LINK-5-CHANGED: Interface Serial3/1, changed state to administratively down

RP mapping status on R3:

R3#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/5
  RP 192.168.0.10 (?), v2v1
    Info source: 192.168.0.9 (?), elected via Auto-RP
         Uptime: 00:01:00, expires: 00:00:02
Group(s) 225.0.0.0/24
  RP 192.168.0.10 (?), v2v1
    Info source: 192.168.0.9 (?), elected via Auto-RP
         Uptime: 00:01:00, expires: 00:00:02
R3#
*Dec  3 22:58:12.999: PIM(0): Initiating register encapsulation tunnel creation for RP 192.168.0.9
*Dec  3 22:58:13.003: PIM(0): Initial register tunnel creation succeeded for RP 192.168.0.9
*Dec  3 22:58:13.047: PIM(0): Initiating register encapsulation tunnel deletion for RP 192.168.0.10
*Dec  3 22:58:14.067: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to up
R3#
R3#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/5
  RP 192.168.0.9 (?), v2v1
    Info source: 192.168.0.9 (?), elected via Auto-RP
         Uptime: 00:00:10, expires: 00:00:03
Group(s) 225.0.0.0/24
  RP 192.168.0.9 (?), v2v1
    Info source: 192.168.0.9 (?), elected via Auto-RP
         Uptime: 00:00:10, expires: 00:00:03
R3#



Test item #9 - autorp selection:

Current RP candidate announcement interface:

R9: loopback0 - 192.168.0.9
R10: loopback0 - 192.168.0.10

RP mapping on R3:

R3#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/5
  RP 192.168.0.10 (?), v2v1
    Info source: 192.168.0.10 (?), elected via Auto-RP
         Uptime: 03:18:06, expires: 00:00:02
Group(s) 225.0.0.0/24
  RP 192.168.0.10 (?), v2v1
    Info source: 192.168.0.10 (?), elected via Auto-RP
         Uptime: 03:18:06, expires: 00:00:02
R3#

Add a new loopback interface lo199 on R9 with IP address 192.168.0.199, advertise it via OSPF, enable pim sparse-mode on the interface & change the send-rp-announce interface to it:

interface Loopback199
 ip address 192.168.0.199 255.255.255.255
 ip pim sparse-mode
end

R9#show run | in pim.*announce
ip pim send-rp-announce Loopback199 scope 255 group-list 10 interval 1
R9#

RP mapping on R3:

R3#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/5
  RP 192.168.0.199 (?), v2v1
    Info source: 192.168.0.10 (?), elected via Auto-RP
         Uptime: 00:01:39, expires: 00:00:03
Group(s) 225.0.0.0/24
  RP 192.168.0.199 (?), v2v1
    Info source: 192.168.0.10 (?), elected via Auto-RP
         Uptime: 00:01:39, expires: 00:00:03
R3#



Test item #10 - rp-announce & rp-discovery filtering on interface:

Configure the lab as below:

R1-R10 belongs to AS1 & R11-R20 belongs to AS2
No ospf running between AS1 & AS2
R8 is the RP candidate & mapping agent of AS1
R18 is the RP candidate & mapping agent of AS2
Remove RP candidate & mapping agent function from R9 & R10

R8 & R18 autorp configuration:

R8#show run | in rp
ip pim autorp listener
ip pim send-rp-announce Loopback0 scope 255 interval 1
ip pim send-rp-discovery Loopback0 scope 255 interval 1
R8#

Configure OSPF for R1 to R R20, with all running under the same AS. Check the RP mapping status on R6:

R6#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
  RP 192.168.1.18 (?), v2v1
    Info source: 192.168.1.18 (?), elected via Auto-RP
         Uptime: 00:08:22, expires: 00:00:03
R6#

Break the OSPF into 2 IGP domain by using passive interface on the border interface on R9, R10, R12 & R13.

check the RP mapping status on R6 again:

R6#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
  RP 192.168.0.8 (?), v2v1
    Info source: 192.168.0.8 (?), elected via Auto-RP
         Uptime: 00:01:47, expires: 00:00:03
R6#

Check the mroute status for the rp-announce & rp-discovery multicast group on R6:

R6#show ip mroute 224.0.1.39 | b 224
(*, 224.0.1.39), 00:14:14/stopped, RP 0.0.0.0, flags: D
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/2, Forward/Sparse, 00:14:14/00:00:00
    Serial3/1, Forward/Sparse, 00:14:14/00:00:00
    Serial3/0, Forward/Sparse, 00:14:14/00:00:00

(192.168.0.8, 224.0.1.39), 00:11:13/00:02:49, flags: T
  Incoming interface: Serial3/1, RPF nbr 1.0.0.21
  Outgoing interface list:
    Serial3/0, Prune/Sparse, 00:02:01/00:00:58
    Serial3/2, Forward/Sparse, 00:01:59/00:00:00

R6#

R6#show ip mroute 224.0.1.40 | b 224
(*, 224.0.1.40), 00:28:13/stopped, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/2, Forward/Sparse, 00:28:04/00:00:00
    Serial3/1, Forward/Sparse, 00:28:12/00:00:00
    Serial3/0, Forward/Sparse, 00:28:13/00:00:00

(192.168.0.8, 224.0.1.40), 00:23:10/00:02:58, flags: LT
  Incoming interface: Serial3/1, RPF nbr 1.0.0.21
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 00:23:10/00:00:00
    Serial3/2, Forward/Sparse, 00:23:10/00:00:00

R6#

Check the RP mapping on R9:

R9#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
  RP 192.168.0.8 (?), v2v1
    Info source: 192.168.0.8 (?), elected via Auto-RP
         Uptime: 00:13:34, expires: 00:00:02
R9#

Check the mroute status for the rp-announce & rp-discovery multicast group on R9:

R9#show ip mroute 224.0.1.39 | b 224
(*, 224.0.1.39), 00:25:39/stopped, RP 0.0.0.0, flags: D
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/1, Forward/Sparse, 00:25:39/00:00:00
    Serial3/0, Forward/Sparse, 00:25:39/00:00:00

(192.168.1.18, 224.0.1.39), 00:00:24/00:02:35, flags:
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 00:00:24/00:00:00
    Serial3/1, Forward/Sparse, 00:00:24/00:00:00

(192.168.0.8, 224.0.1.39), 00:25:39/00:01:17, flags: T
  Incoming interface: Serial3/1, RPF nbr 1.0.0.33
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 00:12:13/00:00:00

R9#

R9#show ip mroute 224.0.1.40 | b 224
(*, 224.0.1.40), 00:30:11/stopped, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/1, Forward/Sparse, 00:30:10/00:00:00
    Serial3/0, Forward/Sparse, 00:30:11/00:00:00

(192.168.1.18, 224.0.1.40), 00:02:58/00:00:01, flags: L
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 00:02:58/00:00:00
    Serial3/1, Forward/Sparse, 00:02:58/00:00:00

(192.168.0.8, 224.0.1.40), 00:25:34/00:02:58, flags: LT
  Incoming interface: Serial3/1, RPF nbr 1.0.0.33
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 00:25:34/00:00:00, A

R9#

How about enabling BGP for both AS?
& interconnecting both AS by BGP?
Enable fully mesh BGP within AS1 & AS2.
Enable BGP between AS1 & AS2.
(skipped the result)

Check the RP mapping on R6:

R6#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
  RP 192.168.1.18 (?), v2v1
    Info source: 192.168.1.18 (?), elected via Auto-RP
         Uptime: 00:05:34, expires: 00:00:02
R6#

Check the mroute status for the rp-announce & rp-discovery multicast group on R6:

R6#show ip mroute 224.0.1.39 | b 224
(*, 224.0.1.39), 01:15:41/stopped, RP 0.0.0.0, flags: D
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/2, Forward/Sparse, 01:15:41/00:00:00
    Serial3/1, Forward/Sparse, 01:15:41/00:00:00
    Serial3/0, Forward/Sparse, 01:15:41/00:00:00

(192.168.1.18, 224.0.1.39), 00:06:04/00:02:29, flags: T
  Incoming interface: Serial3/1, RPF nbr 1.0.0.21
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 00:03:04/00:00:00
    Serial3/2, Forward/Sparse, 00:06:04/00:00:00

(192.168.0.8, 224.0.1.39), 01:12:40/00:02:20, flags: T
  Incoming interface: Serial3/1, RPF nbr 1.0.0.21
  Outgoing interface list:
    Serial3/0, Prune/Sparse, 00:02:27/00:00:32
    Serial3/2, Forward/Sparse, 00:57:20/00:00:00

R6#

R6#show ip mroute 224.0.1.40 | b 224
(*, 224.0.1.40), 01:20:30/stopped, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/2, Forward/Sparse, 01:20:21/00:00:00
    Serial3/1, Forward/Sparse, 01:20:30/00:00:00
    Serial3/0, Forward/Sparse, 01:20:30/00:00:00

(192.168.1.18, 224.0.1.40), 00:06:22/00:02:59, flags: LT
  Incoming interface: Serial3/1, RPF nbr 1.0.0.21
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 00:06:22/00:00:00
    Serial3/2, Forward/Sparse, 00:06:22/00:00:00

(192.168.0.8, 224.0.1.40), 01:15:27/00:02:59, flags: LT
  Incoming interface: Serial3/1, RPF nbr 1.0.0.21
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 01:15:27/00:00:00
    Serial3/2, Forward/Sparse, 01:15:27/00:00:00

R6#

Check the RP mapping on R9:

R9#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
  RP 192.168.1.18 (?), v2v1
    Info source: 192.168.1.18 (?), elected via Auto-RP
         Uptime: 00:08:16, expires: 00:00:02
R9#

Check the mroute status for the rp-announce & rp-discovery multicast group on R9:

R9#show ip mroute 224.0.1.39 | b 224
(*, 224.0.1.39), 01:18:27/stopped, RP 0.0.0.0, flags: D
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/1, Forward/Sparse, 01:18:27/00:00:00
    Serial3/0, Forward/Sparse, 01:18:27/00:00:00

(192.168.1.18, 224.0.1.39), 00:11:08/00:01:42, flags: T
  Incoming interface: Serial3/0, RPF nbr 1.0.0.42
  Outgoing interface list:
    Serial3/1, Forward/Sparse, 00:11:08/00:00:00

(192.168.0.8, 224.0.1.39), 01:18:27/00:02:17, flags: PT
  Incoming interface: Serial3/1, RPF nbr 1.0.0.33
  Outgoing interface list:
    Serial3/0, Prune/Sparse, 00:07:22/00:01:43

R9#

R9#show ip mroute 224.0.1.40 | b 224
(*, 224.0.1.40), 01:22:47/stopped, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/1, Forward/Sparse, 01:22:47/00:00:00
    Serial3/0, Forward/Sparse, 01:22:47/00:00:00

(192.168.1.18, 224.0.1.40), 00:10:27/00:02:59, flags: LT
  Incoming interface: Serial3/0, RPF nbr 1.0.0.42
  Outgoing interface list:
    Serial3/1, Forward/Sparse, 00:10:27/00:00:00

(192.168.0.8, 224.0.1.40), 01:18:11/00:02:59, flags: LT
  Incoming interface: Serial3/1, RPF nbr 1.0.0.33
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 01:18:11/00:00:00, A

R9#

Check the RP mapping on R12:

R12#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
  RP 192.168.1.18 (?), v2v1
    Info source: 192.168.1.18 (?), elected via Auto-RP
         Uptime: 01:08:40, expires: 00:00:02
R12#

Check the mroute status for the rp-announce & rp-discovery multicast group on R12:

R12#show ip mroute 224.0.1.39 | b 224
(*, 224.0.1.39), 01:20:55/stopped, RP 0.0.0.0, flags: D
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/2, Forward/Sparse, 01:20:55/00:00:00
    Serial3/1, Forward/Sparse, 01:20:55/00:00:00
    Serial3/0, Forward/Sparse, 01:20:55/00:00:00

(192.168.0.8, 224.0.1.39), 00:12:57/00:01:51, flags: PT
  Incoming interface: Serial3/0, RPF nbr 1.0.0.41
  Outgoing interface list:
    Serial3/1, Prune/Sparse, 00:02:42/00:00:17
    Serial3/2, Prune/Sparse, 00:01:11/00:01:51, A

(192.168.1.18, 224.0.1.39), 01:20:23/00:02:04, flags: T
  Incoming interface: Serial3/2, RPF nbr 1.1.1.6
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 01:07:29/00:00:00
    Serial3/1, Prune/Sparse, 00:00:58/00:02:04

R12#

Check the RP mapping on R16:

R16#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
  RP 192.168.1.18 (?), v2v1
    Info source: 192.168.0.8 (?), elected via Auto-RP
         Uptime: 01:10:03, expires: 00:00:03
R16#

Check the mroute status for the rp-announce & rp-discovery multicast group on R16:

R16#show ip mroute 224.0.1.39 | b 224
(*, 224.0.1.39), 01:22:30/stopped, RP 0.0.0.0, flags: D
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/2, Forward/Sparse, 01:22:30/00:00:00
    Serial3/1, Forward/Sparse, 01:22:30/00:00:00
    Serial3/0, Forward/Sparse, 01:22:30/00:00:00

(192.168.0.8, 224.0.1.39), 00:13:13/00:01:11, flags: T
  Incoming interface: Serial3/0, RPF nbr 1.1.1.9
  Outgoing interface list:
    Serial3/1, Forward/Sparse, 00:13:13/00:00:00
    Serial3/2, Prune/Sparse, 00:01:00/00:02:01

(192.168.1.18, 224.0.1.39), 01:21:59/00:02:13, flags: T
  Incoming interface: Serial3/1, RPF nbr 1.1.1.21
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 01:21:59/00:00:00
    Serial3/2, Prune/Sparse, 00:02:55/00:00:06

R16#

R16#show ip mroute 224.0.1.40 | b 224
(*, 224.0.1.40), 01:25:56/stopped, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/2, Forward/Sparse, 01:25:49/00:00:00
    Serial3/1, Forward/Sparse, 01:25:56/00:00:00
    Serial3/0, Forward/Sparse, 01:25:56/00:00:00

(192.168.0.8, 224.0.1.40), 00:13:32/00:02:58, flags: LT
  Incoming interface: Serial3/0, RPF nbr 1.1.1.9
  Outgoing interface list:
    Serial3/1, Forward/Sparse, 00:13:32/00:00:00
    Serial3/2, Forward/Sparse, 00:13:32/00:00:00

(192.168.1.18, 224.0.1.40), 01:22:07/00:02:59, flags: LT
  Incoming interface: Serial3/1, RPF nbr 1.1.1.21
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 01:22:07/00:00:00
    Serial3/2, Forward/Sparse, 01:22:07/00:00:00

R16#

On R6, join 225.0.0.1 on the loopback0 & configure pim spt-threshold to infinity.
Ping 225.0.0.1 from R1.

Check the mroute status on R6:

R1#ping 225.0.0.1 repeat 2 

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 225.0.0.1, timeout is 2 seconds:

Reply to request 0 from 192.168.0.6, 28 ms
Reply to request 0 from 192.168.0.6, 28 ms
Reply to request 1 from 192.168.0.6, 28 ms
Reply to request 1 from 192.168.0.6, 32 ms
R1#

R6#show ip mroute 225.0.0.1 | b 225
(*, 225.0.0.1), 00:01:57/00:02:56, RP 192.168.1.18, flags: SCL
  Incoming interface: Serial3/1, RPF nbr 1.0.0.21
  Outgoing interface list:
    Loopback0, Forward/Sparse, 00:01:57/00:02:56

R6#

Apply rp-announce & rp-discovery filtering on all the interfaces between AS1 & AS2:

access-list 99 deny 224.0.1.39
access-list 99 deny 224.0.1.40
access-list 99 deny 239.0.0.0 0.255.255.255
access-list 99 permit 224.0.0.0 15.255.255.255

interface Serial3/0
 description BI~R9-s3_0~T1~R12-s3_0 ~
 ip address 1.0.0.41 255.255.255.252
 ip pim sparse-mode
 ip multicast boundary 99
 ip ospf cost 2
 serial restart-delay 0
end

check the RP mapping on R6:

R6#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
  RP 192.168.0.8 (?), v2v1
    Info source: 192.168.0.8 (?), elected via Auto-RP
         Uptime: 00:07:14, expires: 00:00:03
R6#
Check the mroute status for the rp-announce & rp-discovery multicast group on R6:

R6#show ip mroute 224.0.1.39 | b 224
(*, 224.0.1.39), 01:45:49/stopped, RP 0.0.0.0, flags: D
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/2, Forward/Sparse, 01:45:49/00:00:00
    Serial3/1, Forward/Sparse, 01:45:49/00:00:00
    Serial3/0, Forward/Sparse, 01:45:49/00:00:00

(192.168.0.8, 224.0.1.39), 01:42:48/00:01:04, flags: T
  Incoming interface: Serial3/1, RPF nbr 1.0.0.21
  Outgoing interface list:
    Serial3/0, Prune/Sparse, 00:02:03/00:00:56
    Serial3/2, Forward/Sparse, 01:27:29/00:00:00

R6#

R6#show ip mroute 224.0.1.40 | b 224
(*, 224.0.1.40), 01:50:39/stopped, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/2, Forward/Sparse, 01:50:30/00:00:00
    Serial3/1, Forward/Sparse, 01:50:38/00:00:00
    Serial3/0, Forward/Sparse, 01:50:39/00:00:00

(192.168.0.8, 224.0.1.40), 01:45:36/00:02:59, flags: LT
  Incoming interface: Serial3/1, RPF nbr 1.0.0.21
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 01:45:36/00:00:00
    Serial3/2, Forward/Sparse, 01:45:36/00:00:00

R6#

check the RP mapping on R16:

R16#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
  RP 192.168.1.18 (?), v2v1
    Info source: 192.168.1.18 (?), elected via Auto-RP
         Uptime: 00:06:35, expires: 00:00:02
R16#

Check the mroute status for the rp-announce & rp-discovery multicast group on R16:

R16#show ip mroute 224.0.1.39 | b 224
(*, 224.0.1.39), 01:46:19/stopped, RP 0.0.0.0, flags: D
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/2, Forward/Sparse, 01:46:19/00:00:00
    Serial3/1, Forward/Sparse, 01:46:19/00:00:00
    Serial3/0, Forward/Sparse, 01:46:19/00:00:00

(192.168.1.18, 224.0.1.39), 01:45:48/00:02:23, flags: T
  Incoming interface: Serial3/1, RPF nbr 1.1.1.21
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 00:01:50/00:00:00
    Serial3/2, Prune/Sparse, 00:02:16/00:00:45

R16#

R16#show ip mroute 224.0.1.40 | b 224
(*, 224.0.1.40), 01:49:44/stopped, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial3/2, Forward/Sparse, 01:49:37/00:00:00
    Serial3/1, Forward/Sparse, 01:49:44/00:00:00
    Serial3/0, Forward/Sparse, 01:49:44/00:00:00

(192.168.1.18, 224.0.1.40), 01:45:55/00:02:58, flags: LT
  Incoming interface: Serial3/1, RPF nbr 1.1.1.21
  Outgoing interface list:
    Serial3/0, Forward/Sparse, 01:45:55/00:00:00
    Serial3/2, Forward/Sparse, 01:45:55/00:00:00

R16#

Ping 225.0.0.1 from R1:

R1#ping 225.0.0.1 repeat 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 225.0.0.1, timeout is 2 seconds:

Reply to request 0 from 192.168.0.6, 72 ms
Reply to request 0 from 192.168.0.6, 132 ms
Reply to request 0 from 192.168.0.6, 96 ms
Reply to request 1 from 192.168.0.6, 40 ms
Reply to request 1 from 192.168.0.6, 64 ms
R1#

Check the mroute status of 225.0.0.1 from R6:

R6#show ip mroute 225.0.0.1 | b 225
(*, 225.0.0.1), 00:24:37/00:02:17, RP 192.168.0.8, flags: SCL
  Incoming interface: Serial3/1, RPF nbr 1.0.0.21
  Outgoing interface list:
    Loopback0, Forward/Sparse, 00:24:37/00:02:17

R6#

On R16, join 225.0.0.1, ping this group from R11 & check the status:

R11#ping 225.0.0.1 repeat 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 225.0.0.1, timeout is 2 seconds:

Reply to request 0 from 192.168.1.16, 80 ms
Reply to request 0 from 192.168.1.16, 128 ms
Reply to request 1 from 192.168.1.16, 44 ms
Reply to request 1 from 192.168.1.16, 72 ms
R11#

R16#show ip mroute 225.0.0.1 | b 225
(*, 225.0.0.1), 00:00:50/00:02:10, RP 192.168.1.18, flags: SCL
  Incoming interface: Serial3/1, RPF nbr 1.1.1.21
  Outgoing interface list:
    Loopback0, Forward/Sparse, 00:00:50/00:02:10

R16#



Test item #11 - preventing candidate rp spoofing:

http://www.cisco.com/en/US/tech/tk828/technologies_configuration_example09186a00801cb923.shtml

Note: Use this command with caution. RPs that are matched by rp-list (allowed by a permit statement) have their multicast groups filtered by group-list. RPs that are denied (either by an explicit or implicit deny) are not subject to the filtering of their multicast groups and are "blindly" accepted as candidate RPs for all of their groups. In other words, only RPs that are permitted by rp-list have their multicast-groups filtered by group-list. All other RPs are accepted without examination.

1. Configure rp-announce on R9 & R10
2. Configure rp-discovery on R2

Check rp mapping on R7:

R7#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
  RP 192.168.0.10 (?), v2v1
    Info source: 192.168.0.2 (?), elected via Auto-RP
         Uptime: 00:08:48, expires: 00:00:03
R7#

Configure rp-announce-filter on R2:

ip pim rp-announce-filter rp-list 99 group-list 89
access-list 99 permit 192.168.0.10
access-list 89 deny   224.0.0.0 15.255.255.255

ip pim rp-announce-filter rp-list 98 group-list 88
access-list 98 permit 192.168.0.9
access-list 88 permit 224.0.0.0 15.255.255.255

check rp mapping on R7:

R7#show ip pim rp mapping
PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4
  RP 192.168.0.9 (?), v2v1
    Info source: 192.168.0.2 (?), elected via Auto-RP
         Uptime: 00:12:21, expires: 00:00:02
R7#
張貼者:

沒有留言:

張貼留言

訂閱: 張貼留言 (Atom)