Re: FW: Auto-RP : Multiple C-RPs for the same group

From: Rich Collins (nilsi2002@gmail.com)
Date: Tue Oct 30 2007 - 18:55:44 ART

• Next message: Julius Kinsler: "OT:Unity Connection"
• Previous message: Alex Steer: "troubleshooting nest MQC in frame-relay map-class"
• Maybe in reply to: hadek.el-ayachi@nsn.com: "FW: Auto-RP : Multiple C-RPs for the same group"
• Next in thread: Saul Arjona: "Re: FW: Auto-RP : Multiple C-RPs for the same group"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Using only permit statements is what I seem to always see in the workbooks
but it is nothing more than an observation on my part. I guess I would like
to see examples of ACL's with deny statements

-Rich

On 10/30/07, kang lee <kanghlee@gmail.com> wrote:
>
> ACL for this is different than other ACL.
> It does not have explicit deny on ACL.
> Only using permit statement is recommended, as Rich said.
>
>
> On 10/30/07, Rich Collins <nilsi2002@gmail.com> wrote:
>
> > I looked into your question:
> >
> > "Can I say that the simplest and straighforward solution is to define
> > ACL on
> > R5 to permit groups 224-238?
> >
> > By the way, can we use "deny" in the ACL for "ip pim send-rp-announce
> > group-list" command? How does the mapping agent respond to it?"
> >
> >
> > Answer:
> > I have my doubts about it. I have noticed in my multicast studying that
> > the
> > access lists seem to be PERMIT only. I would be also interested in more
> >
> > clarification.
> > It looks like you can include a deny only if you do not want sparse mode
> > for
> > this range of groups (don't expect another rp via autorp to be able to
> > take
> > over for this range).
> >
> >
> >
> >
> > Candidate R1
> >
> > Rack1R1#sh access-lists 24
> > Standard IP access list 24
> > 10 deny 238.0.0.0, wildcard bits 0.255.255.255
> > 20 permit 224.0.0.0, wildcard bits 15.255.255.255
> >
> > ip pim send-rp-announce Loopback2 scope 15 group-list 24
> >
> >
> > Candidate R5
> >
> > Rack1R5#sh access-lists
> > Standard IP access list 24
> > 10 permit 238.0.0.0, wildcard bits 0.255.255.255
> >
> > ip pim send-rp-announce Loopback2 scope 15 group-list 24
> >
> >
> > --------------------------------------------------------------------------------------------------------------------------
> >
> > Then on the mapping agent.
> >
> > Rack1R4#sh ip pim rp mapping
> > PIM Group-to-RP Mappings
> > This system is an RP-mapping agent (Loopback2)
> >
> > Group(s) 224.0.0.0/4
> > RP 192.168.1.1 (?), v2v1
> > Info source: 192.168.1.1 (?), elected via Auto-RP
> > Uptime: 00:03:28, expires: 00:02:29
> > Group(s) (-)238.0.0.0/8
> > RP 192.168.1.1 (?), v2v1
> > Info source: 192.168.1.1 (?), elected via Auto-RP
> > Uptime: 00:03:28, expires: 00:02:30
> > Rack1R4#
> >
> >
> > *Oct 29 11:51:04.212: Auto-RP(0): Received RP-announce, from 192.168.1.1
> > ,
> > RP_cnt 1, ht 181
> > *Oct 29 11:51:04.212: Auto-RP(0): Update (-238.0.0.0/8, RP: 192.168.1.1
> > ),
> > PIMv2 v1
> > *Oct 29 11:51:04.216: Auto-RP(0): Update ( 224.0.0.0/4, RP:192.168.1.1),
> > PIMv2 v1
> > *Oct 29 11:51:04.220: Auto-RP(0): Received RP-announce, from 192.168.1.1
> > ,
> > RP_cnt 1, ht 181
> > *Oct 29 11:51: 04.220: Auto-RP(0): Update (-238.0.0.0/8, RP: 192.168.1.1
> > ),
> > PIMv2 v1
> > *Oct 29 11:51:04.224: Auto-RP(0): Update (224.0.0.0/4 , RP:192.168.1.1),
> > PIMv2 v1
> > Rack1R4#
> >
> > Here we see the second candidate but they aren't installed
> >
> > *Oct 29 11:51:21.340: Auto-RP(0): Received RP-announce, from 192.168.5.1
> > ,
> > RP_cnt 1, ht 181
> > *Oct 29 11:51:21.344: Auto-RP(0): Received RP-announce, from 192.168.5.1
> > ,
> > RP_cnt 1, ht 181
> > Rack1R4#
> > *Oct 29 11:51:54.960: Auto-RP(0): Build RP-Discovery packet
> > *Oct 29 11:51:54.960: Auto-RP: Build mapping (224.0.0.0/4, RP:192.168.1.1
> > ),
> > PIMv2 v1,
> > *Oct 29 11:51:54.964: Auto-RP: Build mapping (- 238.0.0.0/8, RP:
> > 192.168.1.1),
> > PIMv2 v1.
> > *Oct 29 11:51:54.968: Auto-RP(0): Send RP-discovery packet on
> > FastEthernet0/0 (1 RP entries)
> > *Oct 29 11:51:54.968: Auto-RP(0): Send RP-discovery packet on
> > Serial1/0.45
> > (1 RP entries)
> > *Oct 29 11:51:54.972: Auto-RP: Send RP-discovery packet on Loopback2 (1
> > RP
> > entries)
> >
> > I assume the entry for 238.0.0.0/8 is already filled in the mapping
> > table -
> > even if it is a deny.
> >
> > -Rich
> >
> > On 10/30/07, hadek.el-ayachi@nsn.com < hadek.el-ayachi@nsn.com> wrote:
> > >
> > > Longest match has the same meaning as when looking for entry in ip
> > > routing table.
> > > The longest match is 239/8 in this case. So, MA receive two CRP
> > > announcements, one for 239/8 and other for 224/4. it starts by the
> > > longest match which is 239/8 ignoring 224/4.
> > >
> > >
> > > -----Original Message-----
> > > From: ext Gregory Gombas [mailto: ggombas@gmail.com]
> > > Sent: mardi 30 octobre 2007 16:46
> > > To: El Ayachi Hadek (NSN - MA/Rabat)
> > > Cc: ccielab@groupstudy.com
> > > Subject: Re: FW: Auto-RP : Multiple C-RPs for the same group
> > >
> > > By longest match do you mean advertise the group with /32?
> > >
> > > Would that be accomplished like this?
> > >
> > > access-list 1 permit 239.5.5.5 0.0.0.0
> > >
> > > On 10/30/07, hadek.el-ayachi@nsn.com <hadek.el-ayachi@nsn.com> wrote:
> > > > RP is selected based on the following criteria, respectively:
> > > > 1- Longest match
> > > > 2- low Priority
> > > > 3- high hash
> > > > 4- high Ip address
> > > > In case of AutoRP, this is equivalent to the 4th condition, provided
> > > > that there are many condidates for the same prefix (exact match)
> > > >
> > > > ________________________________
> > > >
> > > > From: ext Toh Soon, Lim [mailto: tohsoon28@gmail.com]
> > > > Sent: mardi 30 octobre 2007 15:21
> > > > To: El Ayachi Hadek (NSN - MA/Rabat)
> > > > Cc: ccielab@groupstudy.com
> > > > Subject: Re: Auto-RP : Multiple C-RPs for the same group
> > > >
> > > >
> > > >
> > > > Hi,
> > > >
> > > > Kindly correct me if I'm wrong.
> > > >
> > > > A Mapping Agent selects the RP for a given multicast group address
> > > > range(s) based on the candidate RPs' IP address. The highest
> > candidate
> > >
> > > > RP IP address is selected.
> > > >
> > > > In other words, the tie-breaker is purely based on C-RP's IP
> > address.
> > > >
> > > >
> > > > Thank you.
> > > >
> > > > B.Rgds,
> > > > Lim TS
> > > >
> > > >
> > > >
> > > >
> > > > On 10/30/07, hadek.el-ayachi@nsn.com <hadek.el-ayachi@nsn.com >
> > wrote:
> > > >
> > > > The task is to make R5 RP for all but 239/8, so you should
> > use
> > > > selective
> > > > acl denying 239/8.
> > > > Otherwise, the RP is selected based on longest match (before
> > > > prefering
> > > > low priority, high hash or high IP address)
> > > > All that I know!
> > > > -----Original Message-----
> > > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com ]
> > On
> > > > Behalf Of
> > > > ext Toh Soon, Lim
> > > > Sent: mardi 30 octobre 2007 13:51
> > > > To: ccielab@groupstudy.com
> > > > Subject: Auto-RP : Multiple C-RPs for the same group
> > > >
> > > > Hi Group,
> > > >
> > > > I have the following Auto-RP scenario:
> > > >
> > > > R7
> > > > --
> > > > 1. C-RP for 239.0.0.0/8
> > > > 2. RP address 200.0.0.7
> > > >
> > > > R5
> > > > --
> > > > 1. Mapping agent
> > > > 2. C-RP for all groups except 239.0.0.0/8 3. RP address
> > > > 200.0.0.5
> > > >
> > > > I guess one way of configuring this is, we define an ACL on
> > R5
> > > > that
> > > > matches groups 224 until 238 (summarizing whatever we can)
> > and
> > > > let R5
> > > > announce this group-list.
> > > >
> > > > Another way I'm thinking of is, since R7's IP address is
> > higher
> > >
> > > > than
> > > > R5's, I will configure R5 to announce, by default, all
> > groups.
> > > > When R5
> > > > and R7 contend for group 239.0.0.0/8, R7 will win. R5 will be
> > > > RP for the
> > > > rest of the groups. In the end, this solution meets the task
> > > > requirement
> > > > and does not violate any rules but is it acceptable?
> > > >
> > > > Please share if you have other methods.
> > > >
> > > >
> > > > Thank you.
> > > >
> > > > B.Rgds,
> > > > Lim TS
> > > >
> > > >
> > > >
> > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > > >
> > > >
> > ______________________________________________________________________
> > > > _ Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> > _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Julius Kinsler: "OT:Unity Connection"
• Previous message: Alex Steer: "troubleshooting nest MQC in frame-relay map-class"
• Maybe in reply to: hadek.el-ayachi@nsn.com: "FW: Auto-RP : Multiple C-RPs for the same group"
• Next in thread: Saul Arjona: "Re: FW: Auto-RP : Multiple C-RPs for the same group"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Nov 16 2007 - 13:11:19 ART