Multicast Configuration Guide
Members should implement the following:
BGP and MBGP to RNO router
PIM sparse mode
local RP (auto RP ?)
MSDP to RNO router
no static mroute
IGMP snooping (or equivalent) on all switches
rate limiting (if/as required)
Notes
CGMP for all-cisco sites. Needs to be enabled on switches and interfaces of routers attached to switches. Low impact on CPU of switch.
IGMP snooping in mixed and/or non-cisco sites. Can have high impact on CPU of switch.
MSDP uses TCP port 639, so check that this is allowed in (to your RP, from your MSDP peers) through firewalls, Access lists, etc.
Design Issues
RP - use a loopback address so you can move it around.
RP location - on the border router or nearby/on the core router.
Final Goal - Implementation details
Configuration examples based on Cisco IOS.
Border Router
Enable multicast (use "distributed" mode when using "distributed cef" for less CPU impact/better performance on Cisco 7500 platforms):
ip multicast-routing distributed
Create a multicast boundary on your router interface connected to the RNO router, and set PIM sparse on this boundary:
! create an RNO multicast ACL
! This allows AARNet wide multicast address space to pass,
! and local RNO address space to pass,
! but blocks address space reserved for members private use.
! Use this on all links between an RNO and a members,
! and between members.
ip access-list standard MULTICASTRNOADMIN
remark block Cisco auto-RP
deny 224.0.1.39
deny 224.0.1.40
remark reserved rfc2365
deny 239.0.0.0 0.127.255.255
deny 239.128.0.0 0.63.255.255
remark member only usage
deny 239.224.0.0 0.15.255.255
remark reserved rfc2365
deny 239.253.0.0 0.0.255.255
deny 239.254.0.0 0.0.255.255
deny 239.255.0.0 0.0.255.255
remark allow all remaining multicast
remark including RNO and AARNet scope
permit 224.0.0.0 15.255.255.255
interface gigabitethernet 1/0/0
ip pim bsr-border
ip pim sparse-mode
ip multicast boundary MULTICASTRNOADMIN
Also enable the session Directory facility (turn it on on one interface is all that is required):
interface loopback0
ip address A.B.C.D
ip pim sparse-mode
ip sdr listen
Turn on MBGP for your networks (assuming you run BGP, if not make sure the RNO does this on your behalf).
router bgp 65536
network 130.155.0.0 nlri unicast multicast
Enable MBGP to the RNO BGP peer:
router bgp 65536
neighbor 203.15.123.37 remote-as 7570 nlri unicast multicast
Create a local Rendezvous Point (assumes you want to use the loopback mentioned above as the RP address, you might want to create a separate loopback for the RP - which you can move to another router if desired). Specify an access list to stop incorrect multicast sessions from being registered.
ip access-list extended pim-register-filter
deny ip any 224.0.0.0 0.0.0.255
deny ip any 232.0.0.0 0.255.255.255
deny ip 10.0.0.0 0.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
permit ip any any
ip pim rp-address A.B.C.D
ip pim register-rate-limit 2
ip pim accept-register list pim-register-filter
Establish MSDP between local RP and RNO RP
! Create an RNO MSDP filter
! This allows AARNet wide multicast advertisements to pass,
! and allows local RNO advertisements to pass,
! but blocks members private advertisements.
! Use this on all MSDP peerings between an AARNet RNO and a member,
! or between two members.
ip access-list extended MSDPRNOFILTER
remark SGI-Dogfight
deny ip any host 224.0.1.2
remark Rwhod
deny ip any host 224.0.1.3
remark SVRLOC
deny ip any host 224.0.1.22
remark microsoft-ds
deny ip any host 224.0.1.24
remark Cisco auto-RP
deny ip any host 224.0.1.39
deny ip any host 224.0.1.40
remark SVRLOC-DA
deny ip any host 224.0.1.35
remark hp-device-discovery
deny ip any host 224.0.1.60
remark unknown ...
deny ip any host 224.0.2.2
remark reserved RFC2365
deny ip any 239.0.0.0 0.127.255.255
deny ip any 239.128.0.0 0.63.255.255
deny ip any 239.253.0.0 0.0.255.255
deny ip any 239.254.0.0 0.0.255.255
deny ip any 239.255.0.0 0.0.255.255
remark member scope multicast
deny ip any 239.224.0.0 0.15.255.255
remark bad source RFC3330
deny ip 127.0.0.0 0.255.255.255 any
remark bad source RFC1918
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
remark Source Specific Multicast
deny ip any 232.0.0.0 0.255.255.255
remark all the rest might be OK
remark including RNO and AARNet scope
permit ip any any
ip msdp peer 203.15.123.37
ip msdp description 203.15.123.37 MSDP multicast with NSW RNO
ip msdp sa-filter in 203.15.123.37 list MSDPRNOFILTER
ip msdp sa-filter out 203.15.123.37 list MSDPRNOFILTER
ip msdp cache-sa-state
Turn on pim-sparse mode to internal network interfaces.
interface FastEthernet2/0
ip pim sparse-mode
interface FastEthernet3/0
ip pim sparse-mode
Internal Routers
Do the following on all internal routers.
Enable multicast (use "distributed" mode when using "distributed cef" for less CPU impact/better performance on Cisco 7500 platforms):
ip multicast-routing distributed
put pim sparse-mode on all interfaces:
interface FastEthernet 1/0
ip pim sparse-mode
interface FastEthernet 2/0
ip pim sparse-mode
Also enable the session directory facility (turn it on on one interface is all that is required):
interface loopback0
ip pim sparse-mode
ip sdr listen
Specify your RP (using the address mentioned above):
ip pim rp-address A.B.C.D
Internal Switches
Choose one of the following on all internal switches.
CGMP
Enable CGMP on your switches
set cgmp enable
Turn on CGMP on router interfaces connected to your switches:
interface FastEthernet 1/0
ip cgmp
interface FastEthernet 2/0
ip cgmp
IGMP
Enable IGMP on your switches
set igmp enable
Local RP
In a large site (many layer 3 routers) you may choose to use auto-RP (Cisco proprietary), or anycast RP, or BSR (but note that BSR does not support scoped addresses properly) to set up your Rendezvous Point. It would also be good to configure a redundant RP.
Rate Limiting
Rate limiting should be applied on any small link to prevent unwanted flooding of the link by multicast traffic. Care should be paid to shared infrastrUCture (such as an RNO switch) to ensure the rate limits for all members are the same, and favour the member with the fullest link, otherwise that member will suffer link saturation. On a per-interface basis you can apply the following (units are kilobits per second):
interface XYZ0/0
ip multicast rate-limit in 600
