多播配置向导
时间:2023-01-07 18:40 来源:网络整理 作者:采集插件 点击:次
Multicast Configuration Guide Members should implement the following: BGP and MBGP to RNO router PIM sparse mode local RP (auto RP ?) MSDP to RNO router no static mroute IGMP snooping (or equivalent) on all switches rate limiting (if/as required) Notes CGMP for all-cisco sites. Needs to be enabled on switches and interfaces of routers attached to switches. Low impact on CPU of switch. IGMP snooping in mixed and/or non-cisco sites. Can have high impact on CPU of switch. MSDP uses TCP port 639, so check that this is allowed in (to your RP, from your MSDP peers) through firewalls, access lists, etc. Design Issues RP - use a loopback address so you can move it around. RP location - on the border router or nearby/on the core router. Final Goal - Implementation details Configuration examples based on Cisco IOS. Border Router Enable multicast (use "distributed" mode when using "distributed cef" for less CPU impact/better performance on Cisco 7500 platforms): ip multicast-routing distributed Create a multicast boundary on your router interface connected to the RNO router, and set PIM sparse on this boundary: ! create an RNO multicast ACL ! This allows AARNet wide multicast address space to pass, ! and local RNO address space to pass, ! but blocks address space reserved for members private use. ! Use this on all links between an RNO and a members, ! and between members. ip access-list standard MULTICASTRNOADMIN remark block Cisco auto-RP deny 224.0.1.39 deny 224.0.1.40 remark reserved rfc2365 deny 239.0.0.0 0.127.255.255 deny 239.128.0.0 0.63.255.255 remark member only usage deny 239.224.0.0 0.15.255.255 remark reserved rfc2365 deny 239.253.0.0 0.0.255.255 deny 239.254.0.0 0.0.255.255 deny 239.255.0.0 0.0.255.255 remark allow all remaining multicast remark including RNO and AARNet scope permit 224.0.0.0 15.255.255.255 interface gigabitethernet 1/0/0 ip pim bsr-border ip pim sparse-mode ip multicast boundary MULTICASTRNOADMIN Also enable the session directory facility (turn it on on one interface is all that is required): interface loopback0 ip address A.B.C.D ip pim sparse-mode ip sdr listen Turn on MBGP for your networks (assuming you run BGP, if not make sure the RNO does this on your behalf). router bgp 65536 network 130.155.0.0 nlri unicast multicast Enable MBGP to the RNO BGP peer: router bgp 65536 neighbor 203.15.123.37 remote-as 7570 nlri unicast multicast Create a local Rendezvous Point (assumes you want to use the loopback mentioned above as the RP address, you might want to create a separate loopback for the RP - which you can move to another router if desired). Specify an access list to stop incorrect multicast sessions from being registered. ip access-list extended pim-register-filter deny ip any 224.0.0.0 0.0.0.255 deny ip any 232.0.0.0 0.255.255.255 deny ip 10.0.0.0 0.255.255.255 any deny ip 127.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 192.168.0.0 0.0.255.255 any permit ip any any ip pim rp-address A.B.C.D ip pim register-rate-limit 2 ip pim accept-register list pim-register-filter Establish MSDP between local RP and RNO RP ! Create an RNO MSDP filter ! This allows AARNet wide multicast advertisements to pass, ! and allows local RNO advertisements to pass, ! but blocks members private advertisements. ! Use this on all MSDP peerings between an AARNet RNO and a member, ! or between two members. ip access-list extended MSDPRNOFILTER remark SGI-Dogfight deny ip any host 224.0.1.2 remark Rwhod deny ip any host 224.0.1.3 remark SVRLOC deny ip any host 224.0.1.22 remark microsoft-ds deny ip any host 224.0.1.24 remark Cisco auto-RP deny ip any host 224.0.1.39 deny ip any host 224.0.1.40 remark SVRLOC-DA deny ip any host 224.0.1.35 remark hp-device-discovery deny ip any host 224.0.1.60 remark unknown ... deny ip any host 224.0.2.2 remark reserved RFC2365 deny ip any 239.0.0.0 0.127.255.255 deny ip any 239.128.0.0 0.63.255.255 deny ip any 239.253.0.0 0.0.255.255 deny ip any 239.254.0.0 0.0.255.255 deny ip any 239.255.0.0 0.0.255.255 remark member scope multicast deny ip any 239.224.0.0 0.15.255.255 remark bad source RFC3330 deny ip 127.0.0.0 0.255.255.255 any remark bad source RFC1918 deny ip 10.0.0.0 0.255.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 192.168.0.0 0.0.255.255 any remark Source Specific Multicast deny ip any 232.0.0.0 0.255.255.255 remark all the rest might be OK remark including RNO and AARNet scope permit ip any any ip msdp peer 203.15.123.37 ip msdp description 203.15.123.37 MSDP multicast with NSW RNO ip msdp sa-filter in 203.15.123.37 list MSDPRNOFILTER ip msdp sa-filter out 203.15.123.37 list MSDPRNOFILTER ip msdp cache-sa-state Turn on pim-sparse mode to internal network interfaces. interface FastEthernet2/0 ip pim sparse-mode interface FastEthernet3/0 ip pim sparse-mode Internal Routers Do the following on all internal routers. Enable multicast (use "distributed" mode when using "distributed cef" for less CPU impact/better performance on Cisco 7500 platforms): ip multicast-routing distributed put pim sparse-mode on all interfaces: interface FastEthernet 1/0 ip pim sparse-mode interface FastEthernet 2/0 ip pim sparse-mode Also enable the session directory facility (turn it on on one interface is all that is required): interface loopback0 ip pim sparse-mode ip sdr listen Specify your RP (using the address mentioned above): ip pim rp-address A.B.C.D Internal Switches Choose one of the following on all internal switches. CGMP Enable CGMP on your switches set cgmp enable Turn on CGMP on router interfaces connected to your switches: interface FastEthernet 1/0 ip cgmp interface FastEthernet 2/0 ip cgmp IGMP Enable IGMP on your switches set igmp enable Local RP (责任编辑:admin) |