Hi Brian, I appreciate you taking the time to explain this! made things very
clear.
I still don't understand why my lab wasn't working the first time round
though because the SA was being accepted fine between RPs.
I must have a made a mistake somewhere but after letting it drive me crazy
for long enough I got rid of it and started over
and it worked fine.
On 2 April 2010 17:35, Bryan Bartik <bbartik_at_ipexpert.com> wrote:
> Malick,
>
> Here is what I have found in my testing. It is not by any mean all
> inclusive, there may be several other scenarios you can dig into with MBGP
> in the mix.
>
> The originator-id is used as the RP address in the SA message. By default,
> this is the actual RP address configured/learned on the router. When anycast
> RP is being used, this means that the receiving MSDP router receives the SA
> message with an address belonging to itself as the RP. This will normally
> cause the RPF check on that address to fail because it is received on an
> interface that is not local (obviously!). But...afaik, Cisco doesn't
> perform RPF checking in this manner by default so it does not matter what
> your originator-id is. By default, SAs are excepted even when the RP address
> is equal to an address on the receiving MSDP peer.
>
> If you want Cisco to RPF check the RP address in the SA message, use this
> command:
>
> R4(config)#ip msdp rpf rfc3618
>
> http://cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_msdp.html
>
> As an example I have R2 and R4 both at 24.24.24.24 as RPs, using Antonio's
> mini labs :) I have no originator-id so the RP in the SA message is
> 24.24.24.24 by default.
>
> Scenario 1: "no ip msdp rpf rfc3618" (default) on R4
>
> R2 sends an SA...R4 accepts it:
>
> 01:18:40: MSDP(0): Received 20-byte TCP segment from 2.2.2.2
> 01:18:40: MSDP(0): Append 20 bytes to 0-byte msg 92 from 2.2.2.2, qs 1
> 01:18:40: MSDP(0): 2.2.2.2: Received 20-byte msg 92 from peer
> 01:18:40: MSDP(0): 2.2.2.2: SA TLV, len: 20, ec: 1, RP: 24.24.24.24
> 01:18:40: MSDP(0): 2.2.2.2: Peer RPF check passed for single peer
> 01:18:40: MSDP(0): (10.10.10.1/32, 224.1.1.1), accepted
>
> Scenario 2: "ip msdp rpf rfc3618" on R4
>
> R2 sends the same exact SA...R4 denies it:
>
> 01:19:45: MSDP(0): Received 120-byte TCP segment from 2.2.2.2
> 01:19:45: MSDP(0): Append 120 bytes to 0-byte msg 94 from 2.2.2.2, qs 1
> 01:19:45: MSDP(0): 2.2.2.2: Received 120-byte msg 94 from peer
> 01:19:45: MSDP(0): 2.2.2.2: SA TLV, len: 120, ec: 1, RP: 24.24.24.24, with
> data
> 01:19:45: MSDP(0): 2.2.2.2: RPF check failed for 24.24.24.24, we are RP
>
> Notice in both cases, the RP was 24.24.24.24 (the Anycast RP) and it one
> case it passed and the other it didn't, depending on the ip msdp rfc3618
> command. In scenario #2, you would use the originator-id to specify what
> goes in the RP field of the SA message so it would pass the RPF check on R4.
>
> I was testing in with 12.4(23) on 3640s so perhaps there could be different
> behaviors across IOS version, but hopefully sheds some light on what you are
> looking for.
>
> -hth
>
> On Sun, Mar 28, 2010 at 4:54 PM, Muzammil Malick <malickmuz_at_gmail.com>wrote:
>
>> Thanks Narbik, appreciate the offer but I think I have cracked it!
>>
>> I tried what you recommended Marko but it didnt work :(
>> So I went back to the drawing board and labbed it all again and now its
>> working :)
>> But after reading about the "ip msdp originator-id" command, I have found
>> 2
>> references which suggest that the command should not be the Anycast
>> Address,
>>
>>
>> http://www.cisco.com/en/US/docs/ios/solutions_docs/ip_multicast/White_papers/anycast.html
>>
>> http://www.groupstudy.com/archives/ccielab/200710/msg00110.html
>>
>> Can you confirm?
>> <http://www.groupstudy.com/archives/ccielab/200710/msg00110.html>
>>
>> On 28 March 2010 22:44, Narbik Kocharians <narbikk_at_gmail.com> wrote:
>>
>> > Malick,
>> >
>> > Let me know if you like couple labs on MSDP/Anycast, and i will send it
>> to
>> > you.
>> >
>> > On Sun, Mar 28, 2010 at 2:24 PM, Marko Milivojevic <markom_at_ipexpert.com
>> >wrote:
>> >
>> >> On Sun, Mar 28, 2010 at 20:58, Muzammil Malick <malickmuz_at_gmail.com>
>> >> wrote:
>> >> > The looback0 address.
>> >>
>> >> Originator-ID needs to be set to the interface you are using as
>> >> Anycast-RP. Set it to Lo1 and give it another go. If it doesn't
>> >> work... it's ASCII art time. We'll need diagram and all the relevant
>> >> configs.
>> >>
>> >> I'd also like to see "show ip route" from the last-hop router and the
>> >> client.
>> >>
>> >> --
>> >> Marko Milivojevic - CCIE #18427
>> >> Senior Technical Instructor - IPexpert
>> >>
>> >> YES! We include 400 hours of REAL rack
>> >> time with our Blended Learning Solution!
>> >>
>> >> Mailto: markom_at_ipexpert.com
>> >> Telephone: +1.810.326.1444
>> >> Fax: +1.810.454.0130
>> >> Web: http://www.ipexpert.com/
>> >>
>> >>
>> >> Blogs and organic groups at http://www.ccie.net
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >
>> >
>> > --
>> > Narbik Kocharians
>> > CCSI#30832, CCIE# 12410 (R&S, SP, Security)
>> > www.MicronicsTraining.com
>> > Sr. Technical Instructor
>> > YES! We take Cisco Learning Credits!
>> > Training And Remote Racks available
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Bryan Bartik
> CCIE #23707 (R&S, SP), CCNP
> Sr. Support Engineer - IPexpert, Inc.
> URL: http://www.IPexpert.com
Blogs and organic groups at http://www.ccie.net
Received on Fri Apr 02 2010 - 23:36:17 ART
This archive was generated by hypermail 2.2.0 : Sat May 01 2010 - 09:49:56 ART