Friday, February 21, 2020

Multicast PIM Accept Register

By default all sources are allowed to register at the RP (Rendezvous Point) when using PIM sparse mode. When a new source starts sending traffic to a multicast group address, the PIM DR (Designated Router) on the segment connected to the source will forward a PIM register message to the RP.
This PIM register message contains the original multicast packet from the source, and it includes the IP address of the source and the destination multicast group address. We can configure our RP to filter certain sources, if we do this the RP will send a PIM register-stop message to the PIM DR so that it will not build the SPT towards the source.
Let’s take a look at an example topology:
R1 rendezvous point R2 source
Above we have two routers, R1 and R2. We will configure R1 as a rendezvous point and R2 will be our source. Let’s configure the basics first:
R1(config)#ip multicast-routing          
R1(config)#ip pim rp-address 192.168.12.1
R1(config)#interface fastEthernet 0/0    
R1(config-if)#ip pim sparse-mode
R2(config)#ip multicast-routing 
R2(config)#ip pim rp-address 192.168.12.1
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip pim sparse-mode 
Just a simple PIM sparse mode setup where R1 is the RP. By default all sources and all multicast groups are allowed to register at the RP.
Let’s send some traffic to a multicast group address from R2 to see what R1 thinks of it:
R1#debug ip pim
PIM debugging is on
First we will enable a debug on R1, now let’s send some traffic from R2:
R2#ping 239.1.1.1 repeat 9999

Type escape sequence to abort.
Sending 9999, 100-byte ICMP Echos to 239.1.1.1, timeout is 2 seconds:
...
This is what you will see on R1:
R1#
PIM(0): Received v2 Register on FastEthernet0/0 from 192.168.12.2
It receives a PIM register message from 192.168.12.2. Nobody is listening to this multicast stream but you will find it in the multicast routing table:
R1#show ip mroute 239.1.1.1
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 239.1.1.1), 00:01:28/stopped, RP 192.168.12.1, flags: SP
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list: Null

(192.168.12.2, 239.1.1.1), 00:01:28/00:02:58, flags: PT
  Incoming interface: FastEthernet0/0, RPF nbr 0.0.0.0
  Outgoing interface list: Null
Above you see that 192.168.12.2 has been added as a source for 239.1.1.1. Now let’s configure a filter so that we reject 192.168.12.2 as a source for this multicast group:
R1(config)#ip pim accept-register list SOURCES
R1(config)#ip access-list extended SOURCES 
R1(config-ext-nacl)#deny ip host 192.168.12.2 host 239.1.1.1
R1(config-ext-nacl)#permit ip host 192.168.12.2 any 
We can use the IP PIM accept-register command to filter sources that we don’t want. In the example above I created an access-list that will reject 192.168.12.2 as the source for multicast group 239.1.1.1. Everything else is allowed. Let’s send some traffic from R2 to see what is going on:
R2#ping 239.1.1.1 repeat 9999

Type escape sequence to abort.
Sending 9999, 100-byte ICMP Echos to 239.1.1.1, timeout is 2 seconds:
...
R1#
PIM(0): Received v2 Register on FastEthernet0/0 from 192.168.12.2
     for 192.168.12.2, group 239.1.1.1
%PIM-4-INVALID_SRC_REG: Received Register from 192.168.12.2 for (192.168.12.2, 239.1.1.1), not willing to be RP
R1#
PIM(0): Register for 192.168.12.2, group 239.1.1.1 rejected
PIM(0): Send v2 Register-Stop to 192.168.12.2 for 192.168.12.2, group 239.1.1.1
You can see that R1 doesn’t accept this PIM register message and as a result it will send a PIM register-stop message. That’s how you can filter sources to register at your RP.
hostname R1
!
ip cef
!
ip multicast-routing
!
interface FastEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 ip pim sparse-mode
!
ip pim rp-address 192.168.12.1
ip pim accept-register list SOURCES
!
ip access-list extended SOURCES
 deny   ip host 192.168.12.2 host 239.1.1.1
 permit ip host 192.168.12.2 any
!
end
hostname R2
!
ip cef
!
ip multicast-routing
!
interface FastEthernet0/0
 ip address 192.168.12.2 255.255.255.0
 ip pim sparse-mode
!
ip pim rp-address 192.168.12.1
!
end

I hope this has been helpful to you, if you have any questions feel free to ask!

No comments:

Post a Comment