RE: The "ip pim rp-announce-filter" command

From: k carter (kieren.carter@postremo.co.uk)
Date: Tue Nov 23 2004 - 06:28:52 GMT-3

• Next message: gladston@br.ibm.com: "Re: Re: setting the FR-de bit on exceeding bandwidth"
• Previous message: Tom Lijnse: "RE: access-expression and dlsw"
• Maybe in reply to: Nico van Niekerk: "RE: The "ip pim rp-announce-filter" command"
• Next in thread: Nico van Niekerk: "RE: The "ip pim rp-announce-filter" command"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Nico,

Thanks for your response.

The reason for the ACL on R3 is to allow this router to advertise itself
as a cRP for both 224.0.0.0/8 and 224.0.0.0/4, not just the default of
224.0.0.0/4. If I take out the 2nd line as suggested it will only
advertise out 224.0.0.0/8 and not the 224.0.0.0/4. This will means that
the mapping agent will only get this one group and use the filter to
check that this group is allowed (basically a double check, esp. good if
you don't have control of cRP but, imho, not what I would call a
filtering tool).

What I thought might be possible with this command is to have 10 cRP's
advertise 10 groups which they can be an RP for, and then on the mapping
agent use this command to filter out which groups different cRP's can be
considered for.

Are you saying that the filter only confirms what groups the cRP is
sending matches exactly as the mapping agent believes it such receive.
Obviously, if you have configured the cRP correctly (I know it always
helps to double check) then there shouldn't be a problem.

Therefore, from the mapping agents viewpoint, instead of thinking "the
cRP can look after X,Y,Z" and I, the mapping agent, will only accept it
as a cRP for X and Y, it thinks "the cRP says it can look after X,Y,Z" ,
this is what I thought the cRP was going to advertise, therefore I will
accept it?

Am I on the right track here thinking that the command acts more like a
checking tool, rather than a filtering one?

Hope that this e-mail isn't too confusing but I thought that the command
was more powerful.

Cheers

Kieren

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Nico van Niekerk
Sent: Monday, November 22, 2004 9:32 PM
To: kieren.carter@postremo.co.uk; ccielab@groupstudy.com
Subject: RE: The "ip pim rp-announce-filter" command

The rp-announce-filter must match exactly what the cRP is advertising.
Why the following acl?
     access-list 10 permit 224.0.0.0 0.255.255.255
     access-list 10 permit 224.0.0.0 15.255.255.255

Try leaving out the 2nd line of the cRP's acl and leave out the deny
line of
the Mapping Agent's acl (Make the acl's identical).

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> kieren.carter@postremo.co.uk
> Sent: Tuesday, 23 November 2004 3:02 AM
> To: ccielab@groupstudy.com
> Subject: The "ip pim rp-announce-filter" command
>
>
> Hi all,
>
> I wonder if someone could shed a bit of light on the use of the
> ip pim rp-announce-filter command within Cisco Auto-RP.
>
> I have a very basic network setup for testing consisting of three
> routers connected via serial connections as shown below (this is
> part of a bigger test network, thats why there is R3, R4 and R2):
>
> (R3)-----------/ \-----------(R2)
> /-------------(R4)-------------\
>
>
> I am using Loopbacks on all routers with the following IP addresses:
>
> R2 Loopback Interface = 10.0.52.1/24
> R3 Loopback Interface = 10.0.53.1/24
> R4 Loopback Interface = 10.0.54.1/24
>
> All of the interfaces on the router are configured with ip pim
> sparse-dense-mode.
>
> I have configured R2 and R3 as Candidate RPs and R4 is
> configured as the RP mapping agent. Below is the configuration
> for both R2 and R3 allowing them to advertise themselves as RPs:
>
> R2:
> !
> ip multicast-routing
> !
> ip pim send-rp-announce Loopback0 scope 6 interval 10
> !
>
>
> R3:
> !
> ip multicast-routing
> !
> ip pim send-rp-announce Loopback0 scope 6 group-list 10 interval 10
> !
> access-list 10 permit 224.0.0.0 0.255.255.255
> access-list 10 permit 224.0.0.0 15.255.255.255
>
>
> Each of the cRPs advertises out every 10 seconds for the ease of
> troubleshooting. On R3 I have configured the cRP so that it will
> advertise out itself as a cRP for 224.0.0.0/8 and
> 224.0.0.0/4. On the mapping agent I want to filter the cRPs
> so that it will only consider R2 (10.0.52.1) as a cRP for the
> range 224.0.0.0/4 but Im not having much luck getting this to
> work as expected. The configuration for the R4, the mapping agent is:
>
> R4:
> ip multicast-routing
> !
> ip pim rp-announce-filter rp-list 10 group-list 11
> ip pim send-rp-discovery Loopback0 scope 5
> !
> access-list 10 permit 10.0.53.1
> access-list 11 permit 224.0.0.0 0.255.255.255
> access-list 11 deny 224.0.0.0 15.255.255.255
>
>
> The ip pim rp-announce-filter identifies any of the cRP that I
> want to apply a filter to, in this case I only want to tie a
> filter to 10.0.53.1 (R3). The filter I want to apply is given in
> the group-list, highlighting that I want to permit this router as
> a cRP for 224.0.0.0/8 but deny it as a cRP for the range
> 224.0.0.0/4. Unfortunately, it doesnt seem to be working as
> desired, the debugging for the auto-rp announcements shows that
> 10.0.53.1 (R3) is sending an RP-announce message for
> 224.0.0.0/4 and 224.0.0.0/8 and both of these and both are
> being accepted:
>
> R4#debu ip pim auto-rp
> PIM Auto-RP debugging is on
> R4#clear ip pim rp-mapping
> 03:07:52: Auto-RP: Received RP-announce, from 10.0.52.1, RP_cnt 1, ht
31
> 03:07:52: Auto-RP: Update (224.0.0.0/4, RP:10.0.52.1), PIMv2 v1
> 03:07:52: Auto-RP: Received RP-announce, from 10.0.52.1, RP_cnt 1, ht
31
> 03:07:52: Auto-RP: Update (224.0.0.0/4, RP:10.0.52.1), PIMv2 v1
> 03:07:52: Auto-RP: Received RP-announce, from 10.0.52.1, RP_cnt 1, ht
31
> 03:07:52: Auto-RP: Update (224.0.0.0/4, RP:10.0.52.1), PIMv2 v1
> 03:07:59: Auto-RP: Received RP-announce, from 10.0.53.1, RP_cnt 1, ht
31
> 03:07:59: Auto-RP: Update (224.0.0.0/8, RP:10.0.53.1), PIMv2 v1
> 03:07:59: Auto-RP: Update (224.0.0.0/4, RP:10.0.53.1), PIMv2 v1
> 03:07:59: Auto-RP: Received RP-announce, from 10.0.53.1, RP_cnt 1, ht
31
> 03:07:59: Auto-RP: Update (224.0.0.0/8, RP:10.0.53.1), PIMv2 v1
> 03:07:59: Auto-RP: Update (224.0.0.0/4, RP:10.0.53.1), PIMv2 v1
> 03:07:59: Auto-RP: Received RP-announce, from 10.0.53.1, RP_cnt 1, ht
31
> 03:07:59: Auto-RP: Update (224.0.0.0/8, RP:10.0.53.1), PIMv2 v1
> 03:07:59: Auto-RP: Update (224.0.0.0/4, RP:10.0.53.1), PIMv2 v1
> 03:07:59: Auto-RP: Received RP-announce, from 10.0.53.1, RP_cnt 1, ht
31
>
> This means that R3 is winning the RP election based on IP address
> for 224.0.0.0/4 as shown below:
>
> R4#show ip pim rp mapping
> PIM Group-to-RP Mappings
> This system is an RP-mapping agent (Loopback0)
>
> Group(s) 224.0.0.0/8
> RP 10.0.53.1 (?), v2v1
> Info source: 10.0.53.1 (?), elected via Auto-RP
> Uptime: 00:03:27, expires: 00:00:23
> Group(s) 224.0.0.0/4
> RP 10.0.53.1 (?), v2v1
> Info source: 10.0.53.1 (?), elected via Auto-RP
> Uptime: 00:03:27, expires: 00:00:23
> RP 10.0.52.1 (?), v2v1
> Info source: 10.0.52.1 (?), via Auto-RP
> Uptime: 00:03:24, expires: 00:00:26
>
> I have played around with this command for a while, but I cant
> seem to get the filtering to work as I want it to. For example,
> I changed access-list 11 on R4 to:
>
> access-list 11 deny 224.0.0.0 0.255.255.255
> access-list 11 permit 224.0.0.0 15.255.255.255
>
> The idea being that the 224.0.0.0/8 would be filtered and the
> 224.0.0.0/4 would be accepted, but instead both of the groups get
> filtered leaving only R2 (10.0.52.1) as a cRP:
>
> R4#
> 03:27:19: Auto-RP: Received RP-announce, from 10.0.53.1, RP_cnt 1, ht
31
> 03:27:19: Auto-RP: Filtered 224.0.0.0/8 for RP 10.0.53.1
> 03:27:19: Auto-RP: Filtered 224.0.0.0/4 for RP 10.0.53.1
> 03:27:19: Auto-RP: Received RP-announce, from 10.0.53.1, RP_cnt 1, ht
31
> 03:27:19: Auto-RP: Filtered 224.0.0.0/8 for RP 10.0.53.1
> 03:27:19: Auto-RP: Filtered 224.0.0.0/4 for RP 10.0.53.1
> 03:27:19: Auto-RP: Received RP-announce, from 10.0.53.1, RP_cnt 1, ht
31
> 03:27:19: Auto-RP: Filtered 224.0.0.0/8 for RP 10.0.53.1
> 03:27:19: Auto-RP: Filtered 224.0.0.0/4 for RP 10.0.53.1
> 03:27:19: Auto-RP: Received RP-announce, from 10.0.53.1, RP_cnt 1, ht
31
>
> R4#show ip pim rp mapping
> PIM Group-to-RP Mappings
> This system is an RP-mapping agent (Loopback0)
>
> Group(s) 224.0.0.0/4
> RP 10.0.52.1 (?), v2v1
> Info source: 10.0.52.1 (?), elected via Auto-RP
> Uptime: 00:01:34, expires: 00:00:26
>
> Has anyone came across this issue before or am I missing
> something very basic.
>
> This could be be an IOS specific problem (IOS 12.2(24a) is used
> on the routers at the moment).
>
> I wanted to include as much information as possible so hope post
> isn't too big!
>
> Thanks in advance to anyone who is able shed light on this one :-)
>
> cheers
>
> Kieren
>
>

• Next message: gladston@br.ibm.com: "Re: Re: setting the FR-de bit on exceeding bandwidth"
• Previous message: Tom Lijnse: "RE: access-expression and dlsw"
• Maybe in reply to: Nico van Niekerk: "RE: The "ip pim rp-announce-filter" command"
• Next in thread: Nico van Niekerk: "RE: The "ip pim rp-announce-filter" command"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 02 2004 - 06:57:49 GMT-3