Auto RP filters

I can't figure out why when using auto rp if I add rp announce filters with group filters on the rps the solution works.  If I remove the group filters from the RPs with the announce filters the routers can't find the RPs.    If I add a announce filters to the RPs back in it works??   This is my setup:

R1-----R2

|          |

|          |

R4-----R3

|          |

|          |

--- R5---

 

Every one is running sparse mode with auto rp listener.  10.x.x.x is the loopbacks of the routers.  ie. 10.1.1.1=r1 10.2.2.2=r2.  R5 has joined igmp groups 225.1.1.1 and 224.1.1.1.

 

With this configuration on R1 and R2 the pings work to R5 igmp groups and everyone gets the correct RP:

R1:

ip pim send-rp-announce Loopback0 scope 5 group-list 3
ip pim send-rp-discovery Loopback0 scope 5 interval 5
ip pim rp-announce-filter rp-list 2 group-list 1
ip pim rp-announce-filter rp-list 4 group-list 3
R1#show run | i access-l
access-list 1 permit 224.1.1.0 0.0.0.255
access-list 2 permit 10.2.2.2
access-list 3 permit 225.1.1.0 0.0.0.255
access-list 4 permit 10.1.1.1

 

R2:

ip pim send-rp-announce Loopback0 scope 15 group-list 4

R2#show run | i access-l
access-list 4 permit 224.1.1.0 0.0.0.255

 

R4#ping 225.1.1.1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 225.1.1.1, timeout is 2 seconds:

Reply to request 0 from 192.168.4.5, 64 ms

 

R4#ping 224.1.1.1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:

Reply to request 0 from 192.168.4.5, 40 ms

R4#show ip pim rp
Group: 225.1.1.1, RP: 10.1.1.1, v2, uptime 00:13:59, expires 00:00:11
Group: 224.1.1.1, RP: 10.2.2.2, v2, v1, uptime 00:14:05, expires 00:00:11
R4#

 

When I remove the group-list RP filters from R1 and R2 and clear ip mroute * and clear ip pim rp the solution does not work.  I am stumped.

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#no ip pim send-rp-announce Loopback0 scope 15 group-list 4
R2(config)#ip pim send-rp-announce Loopback0 scope 15  

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#no ip pim send-rp-announce Loopback0 scope 5 group-list 3
R1(config)#ip pim send-rp-announce Loopback0 scope 5            
R1(config)#end

 

R4#clear ip mroute *
R4#clear ip pim rp

R4#debug ip mpacket
IP multicast packets debugging is on

R4#ping 225.1.1.1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 225.1.1.1, timeout is 2 seconds:

*Feb 21 20:57:27.869: IP(0): s=192.168.1.4 (FastEthernet0/0) d=225.1.1.1 id=8, ttl=254, prot=1, len=114(100), RPF lookup failed for source or RP

R4#ping 224.1.1.1

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:

*Feb 21 20:57:16.221: IP(0): s=10.4.4.4 (Loopback0) d=224.1.1.1 id=7, ttl=254, prot=1, len=100(100), RPF lookup failed for source or RP.

Group: 225.1.1.1, RP: 0.0.0.0
Group: 224.1.1.1, RP: 0.0.0.0

 

Comments

  • Are the rp announce filters still present?  groups must match ranges within rp announce packets

    debug ip pim auto-rp on mapping agent shows if filters blocking rpannouncements

    Also, cisco multicast depends a lot on caching as you probably know or are finding out.  Need to clear cache on routers to see config results else need to wait for timers to clear caches.  hope this helps

  • The problem is when I remove the RP filters on the RPs it doesn't work.  When the filters are on it works.  You would think it should be the other way around.  Let me try removing the filters and clearing the cache.      Thanks

     

    R2#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    R2(config)#no ip pim send-rp-announce Loopback0 scope 15 group-list 4
    R2(config)#ip pim send-rp-announce Loopback0 scope 15  

    R1#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    R1(config)#no ip pim send-rp-announce Loopback0 scope 5 group-list 3
    R1(config)#ip pim send-rp-announce Loopback0 scope 5            
    R1(config)#end

     

    R4#clear ip mroute *
    R4#clear ip pim rp

    R4#debug ip mpacket
    IP multicast packets debugging is on

    R4#ping 225.1.1.1

    Type escape sequence to abort.
    Sending 1, 100-byte ICMP Echos to 225.1.1.1, timeout is 2 seconds:

    *Feb
    21 20:57:27.869: IP(0): s=192.168.1.4 (FastEthernet0/0) d=225.1.1.1
    id=8, ttl=254, prot=1, len=114(100), RPF lookup failed for source or RP

    R4#ping 224.1.1.1

    Type escape sequence to abort.
    Sending 1, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:

    *Feb
    21 20:57:16.221: IP(0): s=10.4.4.4 (Loopback0) d=224.1.1.1 id=7,
    ttl=254, prot=1, len=100(100), RPF lookup failed for source or RP.

    Group: 225.1.1.1, RP: 0.0.0.0
    Group: 224.1.1.1, RP: 0.0.0.0

     

  • The group-list in send-rp-announce command takes the form of a standard access-list, but actually follows prefix-list logic. The host field defines the bit pattern, while the wildcard field defines prefix length which equals the position of the fist 1 bit. For example, "access-list 10 permit 229.4.0.0 0.3.255.255" limits the groups advertised to 229.4.0.0/14. Non-consecutive 1s can produce unexpected results. 

     
    The group-list in rp-announce-filter command follows access-list logic. It can be used to define some really fancy filter, e.g. only allow RPs groups that begin with 226.6.0.0 and have even number in the last octet.

     

     

    In your example, when send-rp-announce is called with group-list parameter, the following RP are announced:

    10.1.1.1 ==> 225.1.1.0/24

    10.2.2.2 ==> 224.1.1.0/24 

    Given the following filter, you have two matches.

    10.1.1.1 ==> 225.1.1.0 0.0.0.255

    10.2.2.2 ==> 224.1.1.0 0.0.0.255

     

    When send-rp-announce is called without group-list parameter, the following RP are announced:

    10.1.1.1 ==> 224.0.0.0/4   

    10.2.2.2 ==> 224.0.0.0/4

     

    Given the same filter, you get zero match.

    10.1.1.1 ==> 225.1.1.0 0.0.0.255

    10.2.2.2 ==> 224.1.1.0 0.0.0.255

  • That makes perfect sense thanks for pointing out the misconfig.

Sign In or Register to comment.