dokucama

This is an old revision of the document!

• Cisco fintech architecture: MDNA External_Link

TECH NOTES:

Source(publishers) > Receivers(group members/subscribers)
The publisher sends packets to a multicast IP; The subscriber receives packets with destination that multicast IP.

IGMP: Messages:

• IGMPv1/v2 and MLDv1 Reports (2.2.1)
• IGMPv3 and MLDv2 Reports (2.2.2) «
• IGMPv1 Queries, IGMPv2 and MLDv1 General Queries (2.2.3)
• IGMPv2 Leave and MLDv1 Done (2.2.4)
• IGMPv2 and MLDv1 Group Specific Query (2.2.5)
• IGMPv3 and MLDv2 Group Specific Query (2.2.6)
• IGMPv3 and MLDv2 Group-and-Source Specific Query (2.2.7)

IGMPv3 (MLDv2)

MEMBERSHIP QUERY (0x21) and MEMBERSHIP-REPORT (0x22) (question from the router and answer from the receivers) https://mrncciew.com/2021/04/16/igmp-version-3/

• Does the 'membership report' (aka igmp join) imply the host is doing source-filtering?
• Group-record is the part of the membership-report where the group_ip+unicast_source_ip is requested. It also has a Type (example 'Allow New Sources')
• Membership-report can even be used to articulate IGMPv3 LEAVE MESSAGES without having special message type for that.
  • “BLOCK_OLD_SOURCE” Record type 6 indicating it is no longer interested to hear multicast traffic to that group from specific host.

MEMBERSHIP-QUERY (igmp query):

• Sent by the last hop router. Normally when a listener has left a group and it wants to know if there are still anybody in there interested on the group.
• General Query – to learn complete multicast reception state of the neighboring interface. Sent to 224.0.0.1
• Group-Specific Query – to learn the reception state, with respect to single multicast group address. Sent to destination multicast address of interest.
  • “Max Resp Time” router is giving a max time to a receiver to respond.
  • “S” Flag when set to “1”: For other neighbor routers (potentially being queriers in the segment) to shut up
  • QRV (Query Robustness Variable) used by querier to adjust the query frequency depend on the quality of the network.
  • QQIC (Querier’s Query Interval Code) specified the query interval.
• Group-and-Source-Specific Query – to learn about any neighboring interface desires reception of multicast packets sent to specific group address from any of specified list of sources.

SUBSCRIBER AND PUBLISHERS MESSAGES FLOW:
Nice explanation in this presentation. worth reading: External_Link

1)Receiver → **IGMP_Report **→ Last hop router → **PIM join ** → RP
2)RP ← **PIM-reg** ← FHR@
3)RP → **PIM-join** → FHR*&
@ Firstly GRE tunnel and MC encapsulated (unicast). The is the (*,G) not in the RP yet, RP replies with register-stop and adds it. If there are no receivers yet, RP replies with a PIM-register-stop message
& When the (8,G) state is already in the RP, then the PIM-join goes up all way until the FHR
 receiver sends (*,G) to 224.0.0.13. Inside the pim register is listed: the pim neighbor + the RP's IP.

~~now traffic~~

4)LHR ← RP ← FHR-oil (but lhr knows now the source besides the rp)
5)FHR → PIM-join-for-src → LHR (fhr adds new iface to oil and traffic flows via spt)
6)LHR → PIM-prune → FHR (to remove old (*,G) path)

PIM
PIM-RPF. PIM builds and maintains multicast routing trees u

• IIF (to the source, only one (per group))
• OIL (based on pim joins received)

PIM applies the RPF policy (towards where the 'Source' of the multicast traffic is located).
There an important exception for this: when the PIM-join travels from the LHR Towards The RP, the RFP is made against the RP!

Remember: dynamic RPs are preferred to statically defined

• BSR: IEEE standard where multicast control rely entirely on the PIM packets. So no special configs required to advertise RP when yo configure network to pim sparse-mode.
• AUTO-RP: Having multiple candidates for the role of RP and mapping agent greatly enhances the redundancy of the PIM-SM network. Redundancy reduces the risk of groups (configured in sparse-dense mode) reverting to dense mode operation if an RP cannot be located. To eliminate this risk, we recommend configuring a sink RP on every router in the network. Link
• ANYCAST RP : In practice, anycast is preferred over bsr/auto-rp
  • Classical anycast: lo100 (shared loopback), msdp betweeen lo0 shared 'sa' state about sources.
  • PIM-based anycast (RFC 4610): lo100 (shared loopback). State is shared in the PIM messages themselves. Requires this command ip pim anycast-ip <lo100-IP> <member-N-IP>
• SSM: Is becoming very popular. No RP, all SPT, a little less of state. Requires IGMPv3
• BIDIR: ONLY SHARED TRESS (*,G) - central bidirectional RP which is ALWAYS in the datapath
  • Bidir would not use source trees to better scale its routing table, so a new mechanism is required for Bidir sources to reach the rendezvous point. This new mechanism is called the designated forwarder (DF).
  • There’s no SPT switchover.
  • No RPF so traffic can go in both directions.
  • In absence of the above, loops are prevented by having a, fixed, DF router.
  • DF (designated forwarder) we have one per segment (no per group so several in the way from source to the DR). Role of the DR as well as its election (remember higher IP wins for DR, lower for querier) is important. This is because the DR is the ONLY one forwarding data upstream PER SEGMENT (ie per Ethernet segment, therefore there can be several DRs from Rest do it downstream only.

Multicast Boundary Filtering
https://networklessons.com/multicast/multicast-boundary-filtering

DESIGNATED ROUTER AND QUERIER:

• DESIGNATED ROUTER: Routers configured for IP multicast send PIM hello messages to determine which router will be the designated router (DR) for each LAN segment (subnet). The hello messages contain the router's IP address, and the router with the highest IP address becomes the DR
  • in each LAN segment where one or more multicast enabled routers are connected to you can see the three roles of PIM DR, IGMP querier, PIM forwarder.
• PIM FORWARDER: Is different. When data can be sent to a receiver via two different routers, there's an 'ASSERT' election process to choose one of them, this becomes the pim forwarder
• QUERIER: When a multicast-enabled router first becomes active on a subnet, it assumes that it is the Querier — the router responsible for sending all General and Group-Specific Queries to the subnet. When there are multiple routers, the rule for electing the Querier is simple: The router whose connected interface has the lowest IP address is the Querie. http://www.bscottrandall.com/5.1.3.html

show ip igmp snooping querier 

NX-OS CONFIGURATION:

!SPARSE-MODE BSR - NEITHER RP-CANDIDATE NOR BSR-CANDIDATE
feature pim
!
interface ex/x
ip pim sparse-mode
!

!SPARSE-MODE BSR - RP-CANDIDATE AND BSR-CANDIDATE
feature pim
!
interface ex/x
ip pim sparse-mode
!
ip pim bsr-candidate loopback 0  ! To become BSR - we can add a hash value 'Hash Mask length for RP selection'.  The BSR does not elect the best RP for every group range but builds a set of candidate RPs. Priority (below) is used for that.
ip pim rp-candidate loopback 0 group-list 10 priority 10 ! For the rp-candidacy - lower priority wins, who should become RP if multiple candidates for same group 
!
access-list 10 permit 224.0.0.0 15.255.255.255
access-list 20 deny 224.0.1.39
access-list 20 deny 224.0.1.40
!
ip pim bsr forward
!

!SPARSE-MODE AUTO-RP - NEITHER CANDIDATE NOR MAPPING AGENT BUT HAVING A 'SINK RP'
feature pim
!
interface ex/x
ip pim sparse-dense-mode
!
ip pim rp-address 1.1.1.1 20 ! rp-address + access-list

!SPARSE-MODE AUTO-RP - CANDIDATE AND MAPPING AGENT
feature pim
!
interface ex/x
ip pim sparse-dense-mode
!
ip pim rp-address 1.1.1.1 20 ! rp-address + access-list
ip pim send-rp-discovery Loopback0 scope 32 ! For the rp mapping-agent - agent sends discovery messages to 224.0.1.40
ip pim send-rp-announce Loopback0 scope 32 group-list 10 ! For the rp candidate_rp - sends messages to 224.0.1.39 to become RP for groups in '10'
!
access-list 10 permit 224.0.0.0 15.255.255.255
access-list 20 deny 224.0.1.39
access-list 20 deny 224.0.1.40
!
ip pim auto-rp listen

!SSM - TODO

!BIDIR - This goes in all the participants
feature pim
!
ip pim bidir-enable
ip pim rp-address 10.0.1.1 45 bidir

DEBUG COMMANDS:

access-list 2239 permit ip any host 239.1.1.1
debug ip packet 2239 detail
!

• debug ip igmp
• debug ip mpacket
• debug ip mrouting
• debug ip pim

TROUBLESHOOTING:

show ip pim rpm 6.6.6.6  ! ios
show ip route rpf 6.6.6.6  ! nxos

show ip mroute First thing in the output is the ‘state’:

(S,G) or (*,G)
In Arista : S (meaning (S,G) or 0.0.0.0 meaning (*,G)) 

# << EXPLAIN MAIN FLAGS MEANING
* D--Dense. Entry is operating in dense mode.
* S--Sparse. Entry is operating in sparse mode.
* s-- ssm
* B--Bidir Group. Indicates that a multicast group is operating in bidirectional mode.
* s--SSM Group. Indicates that a multicast group is within the SSM range of IP addresses. This flag is reset if the SSM range changes.
* C--Connected. A member of the multicast group is present on the directly connected interface.
* L--Local. The router itself is a member of the multicast group. Groups are joined locally by the ip igmp join-group (for the configured group), the ip sap listen command (for the well-known session directory groups), and rendezvous point (RP) mapping (for the well-known groups 224.0.1.39 and 224.0.1.40). Locally joined groups are not fast switched.
* P--Pruned. Route has been pruned. The Cisco IOS software keeps this information so that a downstream member can join the source.
* R--RP-bit set. Indicates that the (S, G) entry is pointing toward the RP. This flag typically indicates a prune state along the shared tree for a particular source.
* **T--SPT-bit**. Indicates that packets have been received on the shortest path source tree.
* **J--Join SPT**. For (*, G) entries, indicates that the rate of traffic flowing down the shared tree is exceeding the SPT-Threshold set for the group. (The default SPT-Threshold setting is 0 kbps).When the J - Join shortest path tree (SPT) flag is set, the next (*, G) packet received down the shared tree triggers an (S, G) join in the direction of the source, thereby causing the router to join the source tree.

show ip rpf 2.2.2.2  # Cisco and frr
sh ip route rpf unicast 10.240.0.50  # Arista 

If ECMP are available, the RPF for the multicast traffic will be based on highest IP address for the RPF neighbor

SERVER SIDE TOOLS (generate multicast traffic):
If we cannot install anything (and we have pyton3 we can paste these scripts:

GENERATING MULTICAST TRAFFIC

#!/usr/bin/python3
import socket
# Usage in bash : 'while true; do ./msend.py; sleep 2; done'
MCAST_GRP = '239.1.1.1'
MCAST_PORT = 5007
# regarding socket.IP_MULTICAST_TTL
# ---------------------------------
# for all packets sent, after two hops on the network the packet will not
# be re-sent/broadcast (see https://www.tldp.org/HOWTO/Multicast-HOWTO-6.html)
MULTICAST_TTL = 250
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, MULTICAST_TTL)
# For Python 3, change next line to 'sock.sendto(b"robot", ...' to avoid the
# "bytes-like object is required" msg (https://stackoverflow.com/a/42612820)
sock.sendto(b"robot", (MCAST_GRP, MCAST_PORT))
! 
! Execute from the cli with:
while true; do ./msend.py; sleep 2; done

SUBSCRIBING TO MULTICAST STREAM

#!/usr/bin/python3
import socket
import struct
import sys
multicast_group = '239.1.1.1'
server_address = ('', 5007)
# Create the socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
# Bind to the server address
sock.bind(server_address)
# Tell the operating system to add the socket to the multicast group
# on all interfaces.
group = socket.inet_aton(multicast_group)
mreq = struct.pack('4sL', group, socket.INADDR_ANY)
sock.setsockopt(socket.IPPROTO_IP, socket.IP_ADD_MEMBERSHIP, mreq)
while True:
    print('\nwaiting to receive message', file=sys.stderr)
    data, address = sock.recvfrom(1024)

    print('\nreceived ' + str(len(data)) + ' bytes from ' + ''.join(str(address)), file=sys.stderr)
    print(data, file=sys.stderr)

# string = “AcK” # string_utf = string.encode() # print('\nsending ack to ' + .join(str(address)), file=sys.stderr) # sock.sendto(string_utf, address) If we can, install IPERF'':

iperf -c 224.0.0.1 -u -B 10.1.0.54 -t 3600 -T 255 # traffic for this group from this address (needs to belong to the switch)

PRESENTATIONS:

• https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2019/pdf/BRKIPM-2264.pdf
• https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKIPM-1261.pdf

MULTICAST IN ARISTA:

• pim cannot be enabled in loopback interfaces. Nonetheless is not required to enable RP.

! This is for static and BSR RP:
interface Vlan100
   ip address 10.1.8.3/24
   pim ipv4 sparse-mode
! static
router pim sparse-mode
   ipv4
      rp address 10.0.0.3
! BSR
router pim sparse-mode
   ipv4
      rp candidate Vlan100 235.1.1.0/24 priority 48 interval 45
router pim bsr
   ipv4
      candidate Vlan100 priority 192 hashmask 30 interval 30

MULTICAST IN IOS-XR:

router pim
 address-family ipv4
  rp-address 10.0.100.2
  spt-threshold infinity
  ssm disable

IPV6 MULTICAST

• PIM > IPv6 PIM
• IGMPv2 > MLDv1
• IGMPv3 > MLDv2

ipv6 multicast-routing
show ipv6 mroute
!
show ipv6 pim neighbor
!
show ipv6 mld group
show ipv6 mld interface g0/0
show ipv6 mld traffic  

BIER (bit indexed explicit replication)
https://www.linkedin.com/posts/mc36mc36_bit-indexed-explicit-replication-aka-next-next-gen-activity-7024219343123062784--sG9?utm_source=share&utm_medium=member_desktop