Example for Configuring SA Message Filtering
Networking Requirements
As shown in Figure 6-13, service data is transmitted in multicast mode on the network that is divided into three Protocol Independent Multicast Sparse Mode (PIM-SM) domains. The multicast source Source1 sends multicast data to multicast groups 225.1.1.0/30 and 226.1.1.0/30, and Source2 sends multicast data to the multicast group 227.1.1.0/30. According to service requirements, HostA and HostB need to receive only multicast data that is sent to multicast groups 225.1.1.0/30 and 226.1.1.0/30, and HostC needs to receive only multicast data that is sent to multicast groups 226.1.1.0/30 and 227.1.1.0/30.
Configuration Roadmap
Configure MSDP to implement multicast source information sharing among domains. Configure Source-Active (SA) message filtering so that the receivers receive only required multicast data.
Configure IP addresses for the interfaces on each router and configure Open Shortest Path First (OSPF) in the PIM-SM domain.
Enable multicast and PIM-SM on each interface. Configure a BootStrap router (BSR) boundary to divide the PIM-SM domain and enable IGMP on interfaces connected to network segments of receiver hosts.
Configure Loopback0 interfaces on RouterA, RouterC, and RouterD as the candidate bootstrap router (C-BSR) and candidate rendezvous point (C-RP) of each PIM-SM domain.
Set up MSDP peer relationships between RPs in PIM-SIM domains. Set up the MSDP peer relationship between RouterA and RouterC, and between RouterC and RouterD.
Configure rules for filtering SA messages. Prohibit RouterC from forwarding SA messages carrying (Source1, 225.1.1.0/30) entries to RouterD. Prohibit RouterD from creating SA messages carrying Source2 information.
Procedure
- Configure IP addresses for interfaces and configure a unicast routing protocol on each router.
# According to Figure 6-13, configure IP addresses and masks for the interfaces in the PIM-SM domain. Configure OSPF between routeres. The configuration details are not mentioned here.
- Enable multicast routing and configure PIM-SM.
# Enable multicast routing on all routers and PIM-SM on all interfaces. Enable IGMP on interfaces connected to network segments of receiver hosts. The following information shows the configuration on RouterA. The configurations on other routers are similar to the configuration on RouterA, and are not mentioned here.
[RouterA] multicast routing-enable [RouterA] interface gigabitethernet 1/0/0 [RouterA-GigabitEthernet1/0/0] pim sm [RouterA-GigabitEthernet1/0/0] igmp enable [RouterA-GigabitEthernet1/0/0] quit [RouterA] interface gigabitethernet 2/0/0 [RouterA-GigabitEthernet2/0/0] pim sm [RouterA-GigabitEthernet2/0/0] quit [RouterA] interface gigabitethernet 3/0/0 [RouterA-GigabitEthernet3/0/0] pim sm [RouterA-GigabitEthernet3/0/0] quit [RouterA] interface loopback 0 [RouterA-LoopBack0] pim sm [RouterA-LoopBack0] quit
- Configure a BSR boundary to divide the PIM-SM domain.
# Configure a BSR boundary on RouterC. The configurations on RouterA, RouterB, and RouterD are similar to the configuration on RouterC, and are not mentioned here.
[RouterC] interface gigabitethernet 2/0/0 [RouterC-GigabitEthernet2/0/0] pim bsr-boundary [RouterC-GigabitEthernet2/0/0] quit [RouterC] interface gigabitethernet 3/0/0 [RouterC-GigabitEthernet3/0/0] pim bsr-boundary [RouterC-GigabitEthernet3/0/0] quit [RouterC] interface gigabitethernet 4/0/0 [RouterC-GigabitEthernet4/0/0] pim bsr-boundary [RouterC-GigabitEthernet4/0/0] quit
- Configure C-BSRs and C-RPs.
# Configure the C-BSR and C-RP on the Loopback0 interface of RouterA. The configurations on RouterC and RouterD are similar to the configuration on RouterA, and are not mentioned here.
[RouterA] pim [RouterA-pim] c-bsr loopback0 [RouterA-pim] c-rp loopback0 [RouterC-pim] quit
- Configure MSDP peers.
# Configure an MSDP peer on RouterA.
[RouterA] msdp [RouterA-msdp] peer 192.168.1.2 connect-interface gigabitethernet 3/0/0 [RouterA-msdp] quit
# Configure MSDP peers on RouterC.
[RouterC] msdp [RouterC-msdp] peer 192.168.1.1 connect-interface gigabitethernet 3/0/0 [RouterC-msdp] peer 10.110.5.2 connect-interface gigabitethernet 2/0/0 [RouterC-msdp] quit
# Configure an MSDP peer on RouterD.
[RouterD] msdp [RouterD-msdp] peer 10.110.5.1 connect-interface gigabitethernet 2/0/0 [RouterD-msdp] quit
- Configure rules for filtering SA messages.
# Prohibit RouterC from forwarding SA messages carrying (Source1, 225.1.1.0/30) entries to RouterD.
[RouterC] acl number 3001 [RouterC-acl-adv-3001] rule deny ip source 10.110.3.100 0 destination 225.1.1.0 0.0.0.3 [RouterC-acl-adv-3001] rule permit ip source any destination any [RouterC-acl-adv-3001] quit [RouterC] msdp [RouterC-msdp] peer 10.110.5.2 sa-policy export acl 3001 [RouterC-msdp] quit
# Prohibit RouterD from creating SA messages carrying Source2 information.
[RouterD] acl number 2001 [RouterD-acl-basic-2001] rule deny source 10.110.6.100 0 [RouterD-acl-basic-2001] quit [RouterD] msdp [RouterD-msdp] import-source acl 2001 [RouterD-msdp] quit
- Verify the configuration.
# Run the display msdp sa-cache command to view information about the (S, G) entries in the SA cache on routers. The following output shows information about the (S, G) entries in the SA cache on RouterC and RouterD.
<RouterC> display msdp sa-cache MSDP Source-Active Cache Information of VPN-Instance: public net MSDP Total Source-Active Cache - 8 entries MSDP matched 8 entries (10.110.3.100, 225.1.1.0) Origin RP: 10.10.1.1 Pro: ?, AS: ? Uptime: 02:03:30, Expires: 00:05:31 (10.110.3.100, 225.1.1.1) Origin RP: 10.10.1.1 Pro: ?, AS: ? Uptime: 02:03:30, Expires: 00:05:31 (10.110.3.100, 225.1.1.2) Origin RP: 10.10.1.1 Pro: ?, AS: ? Uptime: 02:03:30, Expires: 00:05:31 (10.110.3.100, 225.1.1.3) Origin RP: 10.10.1.1 Pro: ?, AS: ? Uptime: 02:03:30, Expires: 00:05:31 (10.110.3.100, 226.1.1.0) Origin RP: 10.10.1.1 Pro: ?, AS: ? Uptime: 02:03:30, Expires: 00:05:31 (10.110.3.100, 226.1.1.1) Origin RP: 10.10.1.1 Pro: ?, AS: ? Uptime: 02:03:30, Expires: 00:05:31 (10.110.3.100, 226.1.1.2) Origin RP: 10.10.1.1 Pro: ?, AS: ? Uptime: 02:03:30, Expires: 00:05:31 (10.110.3.100, 226.1.1.3) Origin RP: 10.10.1.1 Pro: ?, AS: ? Uptime: 02:03:30, Expires: 00:05:31<RouterD> display msdp sa-cache MSDP Source-Active Cache Information of VPN-Instance: public net MSDP Total Source-Active Cache - 4 entries MSDP matched 4 entries (10.110.3.100, 226.1.1.0) Origin RP: 10.10.1.1 Pro: ?, AS: ? Uptime: 00:32:53, Expires: 00:05:07 (10.110.3.100, 226.1.1.1) Origin RP: 10.10.1.1 Pro: ?, AS: ? Uptime: 00:32:53, Expires: 00:05:07 (10.110.3.100, 226.1.1.2) Origin RP: 10.10.1.1 Pro: ?, AS: ? Uptime: 00:32:53, Expires: 00:05:07 (10.110.3.100, 226.1.1.3) Origin RP: 10.10.1.1 Pro: ?, AS: ? Uptime: 00:32:53, Expires: 00:05:07The preceding output shows that only multicast data to multicast groups 225.1.1.0/30 and 226.1.1.0/30 exists in the SA cache on RouterC, and only multicast data to the multicast groups 226.1.1.0/30 exists in the SA cache on RouterD.
Configuration Files
RouterA configuration file
# sysname RouterA # multicast routing-enable # interface Gigabitethernet1/0/0 ip address 10.110.1.1 255.255.255.0 pim sm igmp enable # interface Gigabitethernet2/0/0 ip address 10.110.2.1 255.255.255.0 pim sm # interface Gigabitethernet3/0/0 ip address 192.168.1.1 255.255.255.0 pim bsr-boundary pim sm # interface LoopBack0 ip address 10.10.1.1 255.255.255.255 pim sm # ospf 1 area 0.0.0.0 network 10.10.1.1 0.0.0.0 network 10.110.1.0 0.0.0.255 network 10.110.2.0 0.0.0.255 network 192.168.1.0 0.0.0.255 # pim c-bsr LoopBack0 c-rp LoopBack0 # msdp peer 192.168.1.2 connect-interface Gigabitethernet3/0/0 # returnRouterB configuration file
# sysname RouterB # multicast routing-enable # interface Gigabitethernet1/0/0 ip address 10.110.3.1 255.255.255.0 pim sm # interface Gigabitethernet2/0/0 ip address 10.110.2.2 255.255.255.0 pim sm # interface Gigabitethernet3/0/0 ip address 192.168.2.1 255.255.255.0 pim bsr-boundary pim sm # ospf 1 area 0.0.0.0 network 10.110.2.0 0.0.0.255 network 10.110.3.0 0.0.0.255 network 192.168.2.0 0.0.0.255 # returnRouterC configuration file
# sysname RouterC # multicast routing-enable # acl number 3001 rule 5 deny ip source 10.110.3.100 0 destination 225.1.1.0 0.0.0.3 rule 10 permit ip # interface Gigabitethernet1/0/0 ip address 10.110.4.1 255.255.255.0 pim sm igmp enable # interface Gigabitethernet2/0/0 ip address 10.110.5.1 255.255.255.0 pim bsr-boundary pim sm # interface Gigabitethernet3/0/0 ip address 192.168.1.2 255.255.255.0 pim bsr-boundary pim sm # interface Gigabitethernet4/0/0 ip address 192.168.2.2 255.255.255.0 pim bsr-boundary pim sm # interface LoopBack0 ip address 10.10.1.2 255.255.255.255 pim sm # ospf 1 area 0.0.0.0 network 10.10.1.2 0.0.0.0 network 10.110.4.0 0.0.0.255 network 10.110.5.0 0.0.0.255 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 # pim c-bsr LoopBack0 c-rp LoopBack0 # msdp peer 192.168.1.1 connect-interface Gigabitethernet3/0/0 peer 10.110.5.2 connect-interface Gigabitethernet2/0/0 peer 10.110.5.2 sa-policy export acl 3001 # returnRouterD configuration file
# sysname RouterD # multicast routing-enable # acl number 2001 rule 5 deny source 10.110.6.100 0 # interface Gigabitethernet1/0/0 ip address 10.110.7.1 255.255.255.0 pim sm igmp enable # interface Gigabitethernet2/0/0 ip address 10.110.5.2 255.255.255.0 pim bsr-boundary pim sm # interface Gigabitethernet3/0/0 ip address 10.110.6.1 255.255.255.0 pim sm # interface LoopBack0 ip address 10.10.1.3 255.255.255.255 pim sm # ospf 1 area 0.0.0.0 network 10.10.1.3 0.0.0.0 network 10.110.5.0 0.0.0.255 network 10.110.6.0 0.0.0.255 network 10.110.7.0 0.0.0.255 # pim c-bsr LoopBack0 c-rp LoopBack0 # msdp import-source acl 2001 peer 10.110.5.1 connect-interface Gigabitethernet2/0/0 # return