Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Multicast Routing Between Sites 3

Status
Not open for further replies.
Jimtron26

Jimtron26

Programmer
Nov 8, 2004
123
GB
Hi all,

I am having problems with routing multicast traffic between three sites. Two of the sites (BFD/ FOR) are connected back to the third (RIV) using 100Mb connections as follows:

BFD-----RIV-----FOR

The connections between sites were originally Layer 2 and we had a nightmare with all multicast and broadcast traffic traversing the link and flooding to each sites. To prevent this, I enabled Layer 3 point to point routing between them which works fine. However, I now have a problem whereby I cannot route specific multicast traffic between sites which is required for Paging on an IP telephone system the customer uses. I need to send Pages across from BFD to RIV and FOR on Multicast address 224.0.1.41, however, despite hours spent researching, I cannot get my head around how to do it... What is more annoying is I am sure I have done this somewhere but can`t remember it/ where/ find documentation etc!!!

Configs.... (please ignore the non-RFC IP on BFD, its not my network :eek:))

BFD SWITCH
Building configuration...

Current configuration : 2824 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service sequence-numbers
no service dhcp
!
hostname BFD
!
enable secret level ******
enable secret ******
!
username ****** password ******
!
ip subnet-zero
ip routing
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport mode dynamic desirable
!
interface FastEthernet0/2
switchport mode dynamic desirable
!
******OUTPUT OMITTED******
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
description LINK TO RIV
no switchport
ip address 172.16.1.6 255.255.255.252
speed 100
duplex full
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 192.0.0.3 255.255.0.0
!
interface Vlan2
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.0.0.230
ip route 10.10.0.0 255.255.0.0 172.16.1.5
ip route 192.168.0.0 255.255.0.0 172.16.1.5
ip http server
!
snmp-server community ****** RW
!
end

RIV SWITCH
Building configuration...

Current configuration : 3053 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service sequence-numbers
no service dhcp
!
hostname RIV
!
aaa new-model
aaa authentication login HUB_AUTH local
enable secret ******
!
username ****** password ******

clock timezone GMT 0
clock summer-time GMT recurring last Sun Mar 1:00 last Sun Oct 2:00
ip subnet-zero
ip routing
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport mode dynamic desirable
!
interface FastEthernet0/2
switchport mode dynamic desirable
!

******OUTPUT OMITTED******

!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
description Link To BFD
no switchport
ip address 172.16.1.5 255.255.255.252
speed 100
duplex full
!
interface FastEthernet0/24
description Link To FOR
no switchport
ip address 172.16.1.1 255.255.255.252
speed 100
duplex full
!
interface GigabitEthernet0/1
description Uplink To Core
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 10.10.27.3 255.255.0.0
!
interface Vlan2
no ip address
!
ip default-gateway 10.10.27.2
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.32
ip route 192.0.0.0 255.255.0.0 172.16.1.6
ip route 192.168.0.0 255.255.0.0 172.16.1.2
ip http server
ip http authentication local
!
snmp-server community ****** RW
!
end

FOR SWITCH
Building configuration...

Current configuration : 2820 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname FOR

enable secret ******
!
username ****** privilege 15 password ******
aaa new-model
aaa authentication login FORAUTHEN local
aaa authorization network FORAUTHEN local
!
aaa session-id common
ip subnet-zero
ip routing
no ip domain-lookup
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3

******OUTPUT OMITTED******

interface FastEthernet0/45
!
interface FastEthernet0/46
!
interface FastEthernet0/47
!
interface FastEthernet0/48
description Link to RIV
no switchport
ip address 172.16.1.2 255.255.255.252
speed 100
duplex full
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
ip address 192.168.3.3 255.255.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.32
ip route 10.10.0.0 255.255.0.0 172.16.1.1
ip route 192.0.0.0 255.255.0.0 172.16.1.1
ip http server
!
snmp-server community ****** RW
radius-server source-ports 1645-1646
!
control-plane
!
end

Thank you all in advance for any help provided.

Jim

 
Sort by date Sort by votes
BLF traffic is constant but not bandwidth intensive. The paging traffic is 'as and when' they send one. I think the biggest concern is for IP phones at one site ending up registered at another site (remote as it may be I have seen this happen with this system).

I am going to have to abandon the SSM and go back to unclericos original config ie

BFD(config)# int f0/24
BFD(config-if)# ip pim sparse-dense-mode
BFD(config)# int vlan 1
BFD(config-if)# ip pim sparse-dense-mode

and then try to filter out the registration requests with the ACL below

Switch(config)# access-list 101 deny udp host 224.0.1.41 any eq 1716
Switch(config)# access-list 101 permit ip any any

applied to fa0/24 and vlan 1...

Or will this allow other multicast traffic through as well?!

Sorry for the persistent questions... I don`t have a lab I can test this in so any config is going to have to be done on the live network and as I mentioned in the start of the thread, L3 routing was enabled to prevent all mcast and bcast traffic flooding the LAN... I must be careful!

Thank you :)


 
Upvote 0 Downvote
Yes this will allow other multicast traffic. The ACLs you posted are the wrong way around anyway as multicast addresses are always destination addresses. You could maybe use the ACL:

access-list 101 deny udp any host 224.0.1.41 eq 1716
access-list 101 permit udp any host 224.0.1.41
access-list 101 deny ip any 224.0.0.0 15.255.255.255
access-list 101 permit ip any any

The normal desination port number used for H.323 Gatekeeper Discovery is 1718, so I am not sure where 1716 comes from?

The way H.323 Multicast Gatekeeper discovery works is the Gatekeepers join the multicast group 224.0.1.41 to receive traffic for this group. The H.323 terminals on boot-up multicast to the group address 224.0.1.41 using a source port of 1719 and a destination of 1718. All the gatekeepers that receive the discovery message (assuming other items sent in the message are OK such as the domain name) should respond via unicast directly to the H.323 terminal. The terminal can then select the Gatekeeper to register to.

Andy
 
Upvote 0 Downvote
Andy you are spot on, I got the port number wrong it is indeed 1718 as per manufacturer documentation.

Thank you for all your assistance with this Andy and thanks to Unclerico too, you have both been really helpful.

I will try the config on customer network.

Most appreciated!

:eek:)
 
Upvote 0 Downvote
Hi again,

I have tried the solution and unfortunately, it has not worked.

Here are the configs from two of the switches at BFD and RIV:

BFD SWITCH

Building configuration...

Current configuration : 3689 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service sequence-numbers
no service dhcp
!
hostname BFD
!
enable secret level ******
enable secret ******
!
username ****** password ******

ip subnet-zero
ip routing
!
ip multicast-routing
ip dhcp-server 192.0.0.203
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport mode dynamic desirable
!
interface FastEthernet0/2
switchport mode dynamic desirable
!
******OUTPUT OMITTED******

interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
description LINK TO RIV
no switchport
ip address 172.16.1.6 255.255.255.252
ip access-group 105 in
ip pim sparse-dense-mode
speed 100
duplex full
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 192.0.0.3 255.255.0.0
ip access-group 105 in
ip pim sparse-dense-mode
!
interface Vlan2
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.0.0.230
ip route 10.10.0.0 255.255.0.0 172.16.1.5
ip route 192.168.0.0 255.255.0.0 172.16.1.5
ip http server
!
access-list 105 permit ip any host 224.0.1.41
access-list 105 deny ip any 224.0.0.0 15.255.255.255
access-list 105 permit ip any any
!
snmp-server community ****** RW
!
end


RIV SWITCH
Building configuration...

Current configuration : 3978 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service sequence-numbers
no service dhcp
!
hostname RIV
!
aaa new-model
aaa authentication login HUB_AUTH local
enable secret ******
!
username ****** password******

clock timezone GMT 0
clock summer-time GMT recurring last Sun Mar 1:00 last Sun Oct 2:00
ip subnet-zero
ip routing
!
ip multicast-routing
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
interface FastEthernet0/1
switchport mode dynamic desirable
!
interface FastEthernet0/2
switchport mode dynamic desirable
!

******OUTPUT OMITTED******


interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
description Link To BFD
no switchport
ip address 172.16.1.5 255.255.255.252
ip access-group 104 in
ip pim sparse-dense-mode
speed 100
duplex full
!
interface FastEthernet0/24
description Link To FOR
no switchport
ip address 172.16.1.1 255.255.255.252
ip access-group 104 in
ip pim sparse-dense-mode
speed 100
duplex full
!
interface GigabitEthernet0/1
description Uplink To Core
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 10.10.27.3 255.255.0.0
ip access-group 104 in
ip pim sparse-dense-mode
!
interface Vlan2
no ip address
!
ip default-gateway 10.10.27.2
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.32
ip route 192.0.0.0 255.255.0.0 172.16.1.6
ip route 192.168.0.0 255.255.0.0 172.16.1.2
ip http server
ip http authentication local
!
access-list 104 permit ip any host 224.0.1.41
access-list 104 deny ip any 224.0.0.0 15.255.255.255
access-list 104 permit ip any any
snmp-server community ****** RW
!
end

I tried a few different things and eventually just permitted everything to 224.0.1.41 including 1718. The phone systems still cannot page and now do not update each other with busy lamp information (uses same mcast address as page). I have left the third site out of the post on purpose as once I get multicast routing working between these two sites, I should be able to get it working to the third!

Output of show access-list commands

BFD#sh access-list 105
Extended IP access list 105
permit ip any host 224.0.1.41 (149 matches)
deny ip any 224.0.0.0 15.255.255.255 (1402 matches)
permit ip any any (17262 matches)

RIV#sh access-list 104
Extended IP access list 104
permit ip any host 224.0.1.41 (158 matches)
deny ip any 224.0.0.0 15.255.255.255 (1621 matches)
permit ip any any (36212 matches)

The show output indicates that traffic is being matched on the correct mcast address but not reaching the other site.

Any thoughts?

Many thanks.

 
Upvote 0 Downvote
Looking at that ACL again it will prevent PIM v2 neighbor relationships being formed so you should really allow this group (224.0.0.13). To be honest I think you should allow all the 224.0.0.0/24 addresses as these are all link local addresses.
Change the ACL to
Code: 
access-list 104 permit ip any host 224.0.1.41
access-list 104 permit ip any 224.0.0.0 0.0.0.255
access-list 104 deny   ip any 224.0.0.0 15.255.255.255
access-list 104 permit ip any any

and see what happens....

Andy
 
Upvote 0 Downvote
Also, check your application doesn't have a "multicast maximum hop count" configured to "1", which happened to me last year.
 
Upvote 0 Downvote
Thank you Andy, I have tried the revised ACL and can now page between the BFD and RIV sites... however....

I still cannot page between BFD and FOR sites, this could be because of what Vince has pointed out, thank you for that. I have ran some tests here captured with Wireshark between two phone systems paging each other, page sent from IP handset with IP 192.168.43.

Internet Protocol, Src: 192.168.43.73 (192.168.43.73), Dst: 224.0.1.41 (224.0.1.41)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0xa0 (DSCP 0x28: Class Selector 5; ECN: 0x00)
Total Length: 280
Identification: 0x1777 (6007)
Flags: 0x00
Fragment offset: 0
Time to live: 100
Protocol: UDP (0x11)
Header checksum: 0x70a3 [correct]
Source: 192.168.43.73 (192.168.43.73)
Destination: 224.0.1.41 (224.0.1.41)

TTL is 100 so don`t think that is the problem(?)

Also, another problem that has come up following the application of the new ACL is local hosts to the system doing the paging do not receive Busy Lamp Field information which is uses multicast address 224.0.1.41 port 1717... It seems the phone system is sending all multicast traffic to the switch which is forwarding it on to the other site(s) but then not propagating it through it`s own directly connected network.

Any thoughts?

Thank you



 
Upvote 0 Downvote
With refernence to the last problem highlighted - no multicast BLF on local network, I have found the following statement in a Cisco Press BCMSN book....

"When a router configured for PIM-DM receives a multicast packet, the router performs the RPF check to validate the correct interface for the source and then forwards the packet to all the interfaces configured for multicasting..."

Since I only have the interface connected to the 100Mb circuit and the VLAN 1 interface configured for multicasting, would this explain why the switch is not propagating the traffic through it`s own network...?

Many thanks.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Pankaj88
  • Locked
  • Question
BGP Routing Clarification
Replies
0
Views
109
Pankaj88
Pankaj88
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
68
mikey789
mikey789
bmiller23
  • Locked
  • Question
Issues Between Cisco Network & NVT Phybridge POLRE 8 Port Extender
Replies
13
Views
260
VinceWhirlwind
VinceWhirlwind
paramjotsingh
  • Locked
  • Question
InterVALN Routing in Switch 3850
Replies
4
Views
110
paramjotsingh
paramjotsingh
jmkelly
  • Locked
  • Question
Dynamic routing protocols for catalyst 3850 switches
Replies
4
Views
195
ADB100
ADB100

Part and Inventory Search

Sponsor

Back
Top