Académique Documents
Professionnel Documents
Culture Documents
V100R006C01
01
Date
2011-10-26
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the
customer. All or part of the products, services and features described in this document may not be within the
purchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,
and recommendations in this document are provided "AS IS" without warranties, guarantees or representations
of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Website:
http://www.huawei.com
Email:
support@huawei.com
Issue 01 (2011-10-26)
Commissioning engineer
Symbol Conventions
The symbols that may be found in this document are defined as follows.
Symbol
Description
DANGER
WARNING
CAUTION
Issue 01 (2011-10-26)
TIP
NOTE
ii
Command Conventions
The command conventions that may be found in this document are defined as follows.
Convention
Description
Boldface
Italic
[]
{ x | y | ... }
[ x | y | ... ]
{ x | y | ... }*
[ x | y | ... ]*
&<1-n>
Change History
Updates between document issues are cumulative. Therefore, the latest document issue contains
all updates made in previous issues.
Issue 01 (2011-10-26)
iii
Contents
Contents
About This Document.....................................................................................................................ii
1 IP Multicast Configuration Guide.............................................................................................1
1.1 IP Multicast Overview........................................................................................................................................2
1.2 IP Multicast Features Supported by the S5700..................................................................................................2
1.3 IPv4 Multicast Configuration Guide..................................................................................................................2
1.3.1 IPv4 Multicast Addresses..........................................................................................................................2
1.3.2 IPv4 Multicast Protocols...........................................................................................................................3
1.3.3 Typical Configuration Solution.................................................................................................................4
1.3.4 Controlling Multicast Forwarding.............................................................................................................5
iv
Contents
Contents
5 IGMP Configuration...................................................................................................................68
5.1 Introduction to IGMP.......................................................................................................................................69
5.2 IGMP Features Supported by the S5700..........................................................................................................69
5.3 Configuring Basic IGMP Functions.................................................................................................................70
5.3.1 Establishing the Configuration Task.......................................................................................................70
5.3.2 Enabling IP Multicast..............................................................................................................................71
5.3.3 Enabling the IGMP Function...................................................................................................................72
5.3.4 (Optional) Specifying the IGMP Version................................................................................................72
5.3.5 (Optional) Configuring a Static IGMP Group.........................................................................................73
5.3.6 (Optional) Configuring an IGMP Multicast Group Policy......................................................................73
5.3.7 Checking the Configuration.....................................................................................................................74
5.4 Setting the Parameters of IGMP Features........................................................................................................75
5.4.1 Establishing the Configuration Task.......................................................................................................75
5.4.2 Configuring IGMP Message Options......................................................................................................76
5.4.3 Configuring the IGMPv1 Querier............................................................................................................77
5.4.4 Configuring the IGMPv2 or IGMPv3 Querier........................................................................................79
5.4.5 Configuring IGMP Prompt Leave...........................................................................................................81
5.4.6 Checking the Configuration.....................................................................................................................82
5.5 Configuring SSM Mapping..............................................................................................................................83
5.5.1 Establishing the Configuration Task.......................................................................................................83
5.5.2 Enabling SSM Mapping..........................................................................................................................84
5.5.3 Configuring the SSM Mapping Policy....................................................................................................84
5.5.4 Checking the Configuration.....................................................................................................................85
5.6 Maintaining IGMP............................................................................................................................................85
5.6.1 Clearing the Information About an IGMP Group...................................................................................85
5.6.2 Monitoring the Running Status of IGMP................................................................................................86
5.6.3 Debugging IGMP....................................................................................................................................86
5.7 Configuration Examples...................................................................................................................................87
5.7.1 Example for Configuring Basic IGMP Functions...................................................................................87
5.7.2 Example for Configuring SSM Mapping................................................................................................91
vi
Contents
vii
Contents
viii
Contents
8 MSDP Configuration................................................................................................................198
8.1 MSDP Overview.............................................................................................................................................200
8.2 MSDP Features Supported by the S5700.......................................................................................................200
8.3 Configuring PIM-SM Inter-domain Multicast...............................................................................................202
8.3.1 Establishing the Configuration Task.....................................................................................................202
8.3.2 Configuring Intra-AS MSDP Peers.......................................................................................................203
8.3.3 Configuring Inter-AS MSDP Peers on MBGP Peers............................................................................204
8.3.4 Configuring Static RPF Peers................................................................................................................205
8.3.5 Checking the Configuration...................................................................................................................206
8.4 Configuring an Anycast RP in a PIM-SM Domain........................................................................................207
Issue 01 (2011-10-26)
ix
Contents
Contents
xi
Contents
Issue 01 (2011-10-26)
xii
Issue 01 (2011-10-26)
Multicast is a Point to Multi-Point (P2MP) data transmission mode. During data transmission,
multicast can ensure the security of information. Multicast consumes limited network
bandwidth.
The multicast technology applied to IPv4 and IPv6 is called IP multicast.
The Internet services implemented through IP multicast include IPTV, Video and Audio
Conferences, e-learning, and remote medicine.
Description
224.0.0.0 to 224.0.0.255
224.0.1.0 to 231.255.255.255
233.0.0.0 to 238.255.255.255
Issue 01 (2011-10-26)
Description
232.0.0.0 to 232.255.255.255
239.0.0.0 to 239.255.255.255
IPv4 Network
AS1
IPv4 Network
AS2
Source
PIM
MSDP
PIM
IGMP
IGMP
User
Issue 01 (2011-10-26)
User
Objectives
Multicast Protocol
Internet Group
Management Protocol
(IGMP)
Protocol Independent
Multicast (PIM), including
Protocol Independent
Multicast-Dense Mode
(PIM-DM) and Protocol
Independent MulticastSparse Mode (PIM-SM)
Multicast Source
Discovery Protocol
(MSDP)
CAUTION
Customize configuration solutions according to the actual network conditions and service
requirements. The configuration solution in this section functions only as a reference.
The network environments are classified into two types, which need different configuration
solutions. For details, refer to the Quidway S5700 Series Ethernet Switches Configuration Guide
- Multicast.
NOTE
Ensure that unicast routes work normally in the network before configuring IP multicast.
Issue 01 (2011-10-26)
Small-Scale Network
A small-scale network, such as a test network, is suitable to implement multicast data
transmission in a Local Area Network (LAN), and does not interconnect with the Internet.
Perform the following configurations:
1.
2.
3.
4.
Large-Scale Network
A large-scale network is suitable to transmit multicast services on an ISP network, and
interconnects with the Internet.
Perform the following configurations:
1.
2.
3.
4.
5.
6.
Configure MSDP in the PIM-SM domain and implement the anycast RP.
7.
Configure MSDP between PIM-SM domains. Generally, MSDP cooperates with MBGP.
Issue 01 (2011-10-26)
Issue 01 (2011-10-26)
Source
Router
Router
PIM
PIM
Switch
Reciever A
Reciever B
Switch
Reciever A
Reciever B
Multicast Packet
Issue 01 (2011-10-26)
Reducing broadcast packets on Layer 2 networks, and thus saving network bandwidth
IGMP Snooping
The S5700 supports VLAN-based IGMP snooping.
IGMP snooping implements Layer 2 multicast and controls multicast data forwarding by
listening to multicast protocol packets sent between an upstream router and a downstream host
and maintaining downstream interface information.
You can configure user hosts to join a multicast group statically so that user hosts can steadily
receive multicast data packets.
You can also enable the S5700 to actively send IGMP Query messages so that the S5700 can
rapidly sense a Layer 2 network topology change and forward multicast data based on the new
topology, preventing multicast services from being interrupted.
Prompt Leave
When an interface of the S5700 receives an IGMP Leave message to leave a specified multicast
group, the S5700 deletes the interface from the downstream interface list of this multicast group
immediately. This is called prompt leave of a multicast group member. This feature is used in
the multicast IPTV scenario where one interface of the S5700 is commonly connected to only
one user host. Therefore, the prompt leave function shortens the speed at which the user switches
channels.
IGMP snooping prompt leave has the following advantages:
l
To limit the number of multicast programs available to users and multicast data traffic on
an interface, set the maximum number of multicast groups that the interface can join.
To allow users to order specified multicast programs, configure a multicast group policy.
To reduce the number of packets transmitted over the network, configure IGMP message
suppression so that only the first IGMP Report or Leave message can be forwarded.
If multicast services are stable, for example, the static Layer 2 multicast service, unknown
multicast data packets do not need to be processed. You can enable the discarding of
multicast data packets in such a case.
If IGMP snooping is configured on the Layer 2 device, multicast data of a known group is
forwarded to specified receivers (paid subscribers) but not broadcast at the data link layer.
Pre-configuration Tasks
Before configuring IGMP snooping in a VLAN, complete the following tasks:
l
Connecting interfaces and configuring the physical parameters of each interface to make
the physical layer in Up state
Creating a VLAN
Data Preparation
To configure IGMP snooping in a VLAN, you need the following data.
No.
Data
ID of the VLAN
10
Procedure
Step 1 Run:
system-view
The multicast flows in the VLAN are forwarded based on IP addresses or MAC addresses.
By default, multicast flows are forwarded based on IP addresses.
CAUTION
Before setting the forwarding mode of multicast data in a VLAN, disable IGMP snooping in the
VLAN. After setting the forwarding mode, enable IGMP snooping in the VLAN for the
configuration to take effect.
NOTE
Step 5 Run:
igmp-snooping enable
To enable the IGMP Snooping function of multi-VLANs, run the igmp-snooping enable [ vlan vlan-id1
[ to vlan-id2 ] & <1-10> ] command in the system-view.
If IGMP snooping is enabled in a VLAN, N:1 VLAN mapping or VLAN stacking cannot be configured.
Step 6 (Optional)Run:
igmp-snooping version { 1 | 2 |3 }
The version of IGMP messages that the S5700 can process is set.
By default, the S5700 can process messages of IGMPv1 and IGMPv2 but cannot process
messages of IGMPv3.
NOTE
When the forwarding in a VLAN is based on the MAC address, the IGMP message version cannot be set
to IGMPv3.
----End
Issue 01 (2011-10-26)
11
Procedure
Step 1 Run:
system-view
12
dynamic. If a dynamic member interface has not received any IGMP Report messages for a
multicast group before its aging time expires, the device deletes this member interface from the
downstream interface list of the multicast forwarding entry for this group.
If each interface in a VLAN connects only one receiver host, you can enable prompt leave for
interfaces in the VLAN. After prompt leave is enabled and if the device receives an IGMP Leave
from a member interface, the device immediately deletes the forwarding entry related to this
interface from the multicast forwarding table.
If hosts connected to an interface want to steadily receive multicast data for a multicast group
or a source-specific multicast group, statically add the interface to the multicast group or sourcespecific multicast group. The interface is then a static member interface and does not age.
Procedure
Step 1 Run:
system-view
On the S5700, the permit rule is applicable to all multicast groups by default. To configure prompt leave
for a specified multicast group, you need to use the rule deny source any command.
Step 5 Run:
quit
Run:
interface interface-type interface-number
(Optional) Run:
undo igmp-snooping learning vlan { vlan-id { [ &<110> ][to vlan-id ] | all } }
Issue 01 (2011-10-26)
13
Run:
l2-multicast static-group { [ source-address source-ip-address ] groupaddress group-ip-address } vlan { { vlan-id1 [ to vlan-id2 ] } &<1-10> }
The interface is added to a multicast group statically. It is then a static member interface.
You can also run the l2-multicast static-group [ source-address source-ip-address ]
group-address group-ip-address1 to group-ip-address2 vlan vlan-id command to add the
interface to multiple multicast groups.
NOTE
After an interface is added to a multicast group statically, existing entries cannot be replaced.
----End
Procedure
Step 1 Run:
system-view
The interval at which the querier sends IGMP General Query messages is set.
By default, the interval for sending IGMP General Query messages is 60 seconds.
Step 5 (Optional) Run:
igmp-snooping robust-count robust-count
14
The maximum response time must be shorter than the interval at which IGMP General Query messages
are sent.
After receiving IGMP Report messages from hosts, the S5700 sets the aging time of member interfaces
based on the following formula: IGMP robustness variable x Interval at which IGMP General Query
messages are sent + Maximum response time of IGMP Query messages. If all the parameters are of the
default value, the aging time of member interfaces defaults to 130 seconds.
The interval at which the querier sends Last Member Query (IGMP Group-Specific Query)
messages is set.
By default, the interval at which IGMP Group-Specific Query messages are sent is 1 second.
NOTE
After receiving IGMP Leave messages from hosts, the S5700 sets the aging time of member interfaces by
using the following formula: Interval at which IGMP Group-Specific Query messages are sent x IGMP
robustness variable.
IGMPv1 hosts do not send Leave messages when leaving multicast groups. Therefore, the igmp-snooping
lastmember-queryinterval command is valid only when the IGMP snooping version is set to 2 in the
VLAN.
----End
Procedure
Step 1 Run:
system-view
15
Step 3 Run:
igmp-snooping group-limit group-limit vlan {vlan-id [ to vlan-id ] } &<1-10>
The maximum number of multicast groups that hosts attached to the interface can join.
If vlan-id is specified, the maximum number of multicast groups that hosts attached to the
interface in a specified VLAN can join is set.
----End
When you create an ACL for a multicast group policy of a VLAN, the configuration takes effect only if
you select deny in the rule command. That is, a multicast group policy can only prohibit hosts in a VLAN
from accessing all or specified multicast groups.
Procedure
Step 1 Run:
system-view
A multicast group policy is configured for the VLAN. Interfaces in the VLAN can dynamically
join only the multicast group that matches the specified ACL rules.
By default, no multicast group policy is available in a VLAN. That is, hosts in a VLAN can join
any multicast group. If the IGMP version is not specified for a multicast policy, the S5700 applies
the policy to all IGMP messages regardless of their versions.
NOTE
If an advanced ACL is referenced by the group-policy, the ACL applies to the multicast group regardless
of the protocol type specified in the ACL.
----End
16
hosts belonging to the same multicast group, the Layer 3 device receives duplicated IGMP Report
or Leave messages from these hosts.
After IGMP Report and Leave message suppression is enable, the Layer 2 device sends only the
IGMP Report or Leave message received first for a multicast group to the Layer 3 device in one
query interval and does not send Report or Leave messages received subsequently for this
multicast group, reducing the number of packets transmitted over the network.
During the suppression time, the S5700 sends only one copy of the same IGMP messages
continuously sent by hosts upstream. This reduces the number of redundant messages.
Procedure
Step 1 Run:
system-view
17
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
The S5700 enabled with IGMP snooping is configured to respond to changes of a Layer 2
network topology.
NOTE
The function of responding to changes of Layer 2 network topology is usually used on a ring network.
When the topology of the ring network changes, theS5700 sends an IGMP Query message with the source
IP address being 192.168.0.1. The source IP address can be changed by the igmp-snooping send-query
source-address source-address command.
----End
18
Context
Router-Alert is a mechanism used to identify protocol packets. The packets carrying RouterAlert options are delivered to the routing protocol layer for processing.
By default, devices do not check whether packets carry Router-Alert options for the sake of
compatibility, and send all IGMP messages to the upper layer for processing. To improve device
performance, reduce costs, and ensure protocol security, configure devices to send packets
without Router-Alert options.
Procedure
Step 1 Run:
system-view
The S5700 is configured to receive IGMP messages that must contain the Router Alert option
in the IP header. The S5700 does not process the packet but discard the packet directly.
By default, the S5700 can receive IGMP messages that do not contain the Router Alert options
in the IP headers from a VLAN.
Step 4 Run:
igmp-snooping send-router-alert
The S5700 is configured to contain the Router Alert option in the IP header of the sent IGMP
messages. You can run the undo igmp-snooping send-router-alert command to set the IP
header of the sent IGMP packet not to contain the Router-Alert option.
By default, the S5700 sends IGMP messages that contain the Router Alert options in the IP
headers to a VLAN.
----End
19
Procedure
Step 1 Run:
system-view
After IGMP snooping proxy is enabled, the switch broadcasts IGMP Query messages to all interfaces in a
VLAN periodically, including the routing interfaces in the VLAN. This may result in the reelection of
IGMP querier. If the multicast network already has a querier, you are advised to use the igmp-snooping
proxy-uplink-port command to configure an interface as an IGMP snooping proxy uplink interface. No
IGMP Query message can be sent to this interface.
IGMP snooping proxy and IGMP snooping querier cannot be configured in the same VLAN.
----End
Procedure
Step 1 Run:
system-view
The Layer 2 multicast data from a certain VLAN on the interface is rejected.
----End
20
Prerequisite
The configuration of IGMP snooping in a VLAN is complete.
Procedure
l
Run the display igmp-snooping [ vlan vlan-id ] command to check the configuration of
IGMP snooping in a VLAN.
Run the display igmp-snooping statistics vlan [ vlan-id ] command to check the statistics
of IGMP snooping on a VLAN.
Run the display igmp-snooping port-info [ vlan vlan-id [ group-address groupaddress ] ] [ verbose ] command to check the information about member interfaces of a
multicast group.
Run the display igmp-snooping router-port vlan vlan-id command to check the
information about router interfaces.
Run the display igmp-snooping querier vlan [ vlan-id ] command to check the enabling
information about the IGMP snooping querier.
Run the display l2-multicast forwarding-table vlan vlan-id [ source-address sourceaddress group-address | group-address ] command to check the multicast forwarding
table of a VLAN.
----End
Example
NOTE
If IGMP snooping is disabled in a VLAN, you can still configure IGMP snooping functions, but the
configuration does not take effect. In this case, no information is displayed after you run the display igmpsnooping command.
If the configurations succeed, you can obtain the following information after running the display
igmp-snooping [ vlan vlan-id ] command:
l
Aging time of the router interface, interval for sending Last Member Query messages,
interval for sending IGMP General Query messages, maximum response time, suppression
duration of IGMP messages, and IGMP robustness variable are correctly set.
Issue 01 (2011-10-26)
21
When the dynamic interface learning is disabled, if you run the display igmp-snooping portinfo [ vlan vlan-id ] [ group-address group-address ] [ verbose ] command, only the static
entries are displayed.
<Quidway> display igmp-snooping port-info
----------------------------------------------------------------------(Source, Group) Port
Flag
Flag: S:Static
D:Dynamic
M: Ssm-mapping
----------------------------------------------------------------------VLAN 101, 1 Entry(s)
(*, 225.0.0.1) GE0/0/1
-D1 port(s)
VLAN 102, 1 Entry(s)
(*, 225.0.0.1) GE0/0/24
-D1 port(s)
----------------------------------------------------------------------<Quidway> display igmp-snooping router-port vlan 3
Port Name
UpTime
Expires
Flags
-------------------------------------------------------------VLAN 3, 2 router-port(s)
GE0/0/1
1d:22h
00:01:20
DYNAMIC
GE0/0/2
2d:10h
-STATIC
Run the display igmp-snooping querier vlan [ vlan-id ] command. If the querier is displayed
as Enabled, it indicates that the querier is successfully enabled.
<Quidway> display igmp-snooping querier vlan
VLAN
Querier-state
----------------------------------------------3
Enable
total entry 1
<Quidway> display l2-multicast forwarding-table vlan 7
VLAN ID : 7, Forwarding Mode : IP
----------------------------------------------------------------------(Source, Group)
Interface
Out-Vlan
----------------------------------------------------------------------(1.1.1.1, 232.1.1.1)
GigabitEthernet0/0/1
7
----------------------------------------------------------------------Total Group(s) : 1
Applicable Environment
If a Layer 2 switch receives a multicast data packet whose destination MAC address is not a
multicast MAC address, the switch cannot find the matching entry in the MAC address table.
Therefore, the switch broadcasts the multicast packet in the VLAN. This wastes bandwidth and
threatens network security.
To save bandwidth and ensure network security, configure a static multicast MAC address on
an interface so that multicast packets destined for the multicast MAC address are forwarded only
by this interface.
Issue 01 (2011-10-26)
22
NOTE
Pre-configuration Tasks
Before configuring a static multicast MAC address, complete the following task:
l
Creating a VLAN and adding the interface that needs to be configured with a static multicast
MAC address to the VLAN
Data Preparation
To configure a static multicast MAC address, you need the following data.
No.
Data
Procedure
Step 1 Run:
system-view
Run:
interface interface-type interface-number
Run:
mac-address multicast mac-address vlan vlan-id
23
l The specified VLAN exists and the interfaces have been added to the VLAN.
l The value of mac-address must be a multicast MAC address, which starts with 01.
l The MAC address cannot be in the range from 0100-5E00-0000 to 0100-5E00-7FFF (used
for IPv4 multicast) or 3333-xxxx-xxxx (used for IPv6 multicast).
l The VLAN cannot be a super-VLAN, a leased line VLAN, or the control VLAN of a Smart
Ethernet Protocol (SEP) segment or Rapid Ring Protection Protocol (RRPP) ring.
----End
Follow-up Procedure
l
Run the display mac-address multicast [ mac-address ] [ vlan vlan-id ] command to check
the configured static multicast MAC addresses.
Run the display mac-address multicast [ vlan vlan-id ] total-number command to check
the number of configured static multicast MAC addresses.
# View the number of static multicast MAC address entries in VLAN 10.
<Quidway> display mac-address multicast vlan 10 total-number
Total number of mac-address : 3
Pre-configuration Tasks
Before configuring SSM mapping, complete the following task:
l
Issue 01 (2011-10-26)
24
Data Preparation
To configure SSM mapping, you need the following data.
No.
Data
When you create an ACL for an SSM policy, the configuration takes effect only if you select permit and
specify a multicast address in the rule command. The configuration does not take effect if deny is selected
or if the specified address is not a multicast address.
Procedure
Step 1 Run:
system-view
25
SSM mapping can be configured only when IGMP snooping is enabled globally and in the
corresponding VLAN and when the IGMP messages version is set to IGMPv3 in the VLAN.
If the multicast replication function is configured, you only need to configure SSM mapping in
the multicast VLAN.
Procedure
Step 1 Run:
system-view
The mapping between a multicast group address and a multicast source is configured.
The specified multicast group address must be in the range of multicast group addresses specified
by the SSM policy. For the configuration of the SSM policy, see 2.5.2 (Optional) Configuring
an SSM Group Policy.
----End
Procedure
l
Run the display igmp-snooping port-info command to view the IGMP snooping entries
on an interface.
----End
Issue 01 (2011-10-26)
26
Example
Run the display igmp-snooping port-info command, and you can view the IGMP snooping
entries on the interface. For example:
<Quidway> display igmp-snooping port-info vlan 10
----------------------------------------------------------------------(Source, Group) Port
Flag
Flag: S:Static
D:Dynamic
M: Ssm-mapping
----------------------------------------------------------------------VLAN 10, 3 Entry(s)
(*, 225.1.1.1) GE0/0/2
--M
1 port(s)
(*, 225.1.1.2) GE0/0/2
--M
1 port(s)
(*, 225.1.1.3) GE0/0/2
--M
1 port(s)
-----------------------------------------------------------------------
CAUTION
Static entries in a forwarding table cannot be restored after you clear them and you have to
configure them again. Confirm the operation before you run the following command.
Procedure
Step 1 Run:
system-view
27
CAUTION
Running this command disables hosts in a VLAN from receiving certain multicast flows. The
hosts in the VLAN receive the multicast flows again only after the S5700 receives IGMP Report
messages from the hosts again and the forwarding entries are regenerated on the S5700.
Procedure
l
Run the reset igmp-snooping group { all | vlan { vlan-id | all } } command in the user
view to clear the dynamic forwarding entries in the multicast forwarding table.
NOTE
This command cannot clear static forwarding entries and dynamic router port entries.
----End
CAUTION
The statistics on IGMP snooping cannot be restored after you clear them. So, confirm the action
before you use the command.
Procedure
l
Run the reset igmp-snooping statistics { all | vlan { vlan-id | all } } command in the user
view to clear the statistics on IGMP snooping.
----End
28
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
igmp-snooping all command to disable it immediately.
Procedure
l
Run the debugging igmp-snooping { all | aps | event | fwd | general | leave [ basic-aclnumber ] | mvlan | packet [ advance-acl-number ] | query [ advance-acl-number ] |
report [ advance-acl-number ] | syn | timer } command in the user view to enable
debugging of IGMP snooping.
----End
Issue 01 (2011-10-26)
29
Multicast source
DHCP server
IP/MPLS core
GE0/0/1
Switch
GE0/0/2
VLAN3
Host3
Host4
Host5
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Create a VLAN and add interfaces to the VLAN.
<Switch> system-view
[Switch] vlan 3
[Switch-vlan3] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port hybrid tagged vlan 3
[Switch-GigabitEthernet0/0/1] quit
Issue 01 (2011-10-26)
30
According to the preceding information, the IGMP snooping of the VLAN is enabled.
# Check the configuration of the static router interface.
Run the display igmp-snooping router-port vlan 3 command on the S5700.
[Switch] display igmp-snooping router-port vlan 3
Port Name
UpTime
Expires
Flags
--------------------------------------------------------------------VLAN 3, 1 router-port(s)
GE0/0/1
2d:10h
-STATIC
Issue 01 (2011-10-26)
31
According to the preceding information, multicast groups 225.1.1.1 to 225.1.1.3 are configured
with static forwarding entries.
# View the multicast forwarding table.
[Switch] display l2-multicast forwarding-table vlan 3
VLAN ID : 3, Forwarding Mode : IP
-------------------------------------------------------------------(Source, Group)
Interface
Out-Vlan
-------------------------------------------------------------------Router-port
GigabitEthernet0/0/1
3
(*, 225.1.1.1)
GigabitEthernet0/0/1
3
GigabitEthernet0/0/2
3
(*, 225.1.1.2)
GigabitEthernet0/0/1
3
GigabitEthernet0/0/2
3
(*, 225.1.1.3)
GigabitEthernet0/0/1
3
GigabitEthernet0/0/2
3
-------------------------------------------------------------------Total Group(s) : 3
The preceding information shows the VLAN ID and outgoing interface mapping the data from
multicast groups 225.1.1.1 to 225.1.1.3.
----End
Configuration Files
l
32
between a multicast group and a multicast source. (*, G) information in IGMPv1 or IGMPv2
multicast data packets is then mapped to (S, G) information, providing SSM services for the
hosts running IGMPv1 or IGMPv2.
Figure 2-3 Networking diagram for configuring IGMP snooping SSM mapping
Source 2
10.1.1.2
Internet/
Intranet
Source 1
10.1.1.1
RouterA
GE0/0/1
GE0/0/2
SwitchA
Swtich
SSM Mapping
VLAN10
Host1
Host2
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure basic IGMP snooping functions so that users can receive multicast data from
multicast sources.
2.
Configure an SSM group policy for IGMP snooping to add the ASM group addresses of
users to the SSM group address range.
3.
Configure IGMP snooping SSM mapping so that users can receive multicast data from a
specified multicast source.
Data Preparation
To complete the configuration, you need the following data:
l
IGMPv3 run on Switch A and IGMPv2 run on Switch, Host 1, and Host 2
Procedure
Step 1 Configure a VLAN.
# Configure Switch A.
<Quidway> system-view
[Quidway] sysname SwitchA
Issue 01 (2011-10-26)
33
0/0/1
hybrid pvid vlan 10
hybrid untagged vlan 10
0/0/2
hybrid pvid vlan 10
hybrid untagged vlan 10
Step 2 Enable global IGMP snooping and IGMP snooping in the VLAN.
# Configure Switch A.
[SwitchA] igmp-snooping enable
[SwitchA] vlan 10
[SwitchA-vlan10] igmp-snooping enable
Step 3 Configure IGMPv3 on Switch A and configure IGMPv2 on hosts. The hosts are not allowed to
upgrade the IGMP version to 3.
# Configure SwitchA.
[SwitchA-vlan10] igmp-snooping version 3
[SwitchA-vlan10] quit
Step 5 Configure an SSM group policy for IGMP snooping and enable IGMP snooping SSM mapping.
[SwitchA] acl number 2008
[SwitchA-acl-basic-2008] rule 5 permit source 224.1.1.1 0
[SwitchA-acl-basic-2008] quit
[SwitchA] vlan 10
[SwitchA-vlan10] igmp-snooping ssm-policy 2008
[SwitchA-vlan10] igmp-snooping ssm-mapping enable
[SwitchA-vlan10] igmp-snooping ssm-mapping 224.1.1.1 24 10.1.1.2
[SwitchA-vlan10] quit
# After SwitchA receives a Report message, run the display igmp-snooping port-info command
to view the configurations on the interface.
[SwitchA] display igmp-snooping port-info
----------------------------------------------------------------------(Source, Group) Port
Flag
Flag: S:Static
D:Dynamic
M: Ssm-mapping
----------------------------------------------------------------------VLAN 10, 1 Entry(s)
(10.1.1.2, 224.1.1.1) GE0/0/2
--M
Issue 01 (2011-10-26)
34
1 port(s)
-----------------------------------------------------------------------
----End
Configuration Files
l
Issue 01 (2011-10-26)
35
Issue 01 (2011-10-26)
36
Multicast Packet
VLAN 2
VLAN 3
Receiver
HostA
VLAN 2
VLAN 4
Receiver
HostB
Source
Router
Switch
VLAN 3
Receiver
HostC
VLAN 4
Issue 01 (2011-10-26)
37
Figure 3-2 shows multicast data transmission after multicast VLAN replication is configured.
The router only needs to copy multicast data for the multicast VLAN and sends the data to the
switch. This saves network bandwidth and reduces workload of the router.
Figure 3-2 Multicast VLAN replication
Multicast Packet
Multicast VLAN
VLAN 2
VLAN 3
Receiver
HostA
VLAN 2
VLAN 4
Receiver
HostB
Source
Router
Switch
VLAN 3
Receiver
HostC
VLAN 4
The S5700 supports the following mapping modes between multicast VLANs and user VLANs:
l
Issue 01 (2011-10-26)
38
Figure 3-3 Multicast data transmission before and after multicast VLAN replication is
configured on interfaces
Multicast Packet
Multicast VLAN 2
Multicast VLAN 3
Multicast Packet
Multicast VLAN 2
Multicast VLAN 3
Router
Source
Router
Source
Switch
ISP1
VLAN4
Receiver
HostA
Switch
ISP1
VLAN4
ISP2
VLAN4
HostA
Receiver
HostA
ISP2
VLAN4
HostA
39
Pre-configuration Tasks
Before configuring multicast VLAN replication based on user VLANs, complete the following
tasks:
l
Connecting interfaces and setting physical parameters for the interfaces to ensure that the
physical status of the interfaces is Up
Data Preparation
To configure multicast VLAN replication based on user VLANs, you need the following data.
No.
Data
Multicast VLAN ID
Multicast VLAN replication is enabled, and the VLAN is configured as a multicast VLAN.
By default, multicast VLAN replication is disabled.
After IP multicast is configured on the S5700, no multicast VLAN can be configured.
Step 5 Run:
multicast-vlan user-vlan { { vlan-id1 [ to vlan-id2 ] } & <1-10> }
40
The vlan-id1 and vlan-id2 parameters specify user VLAN IDs. The value of vlan-id2 must be
greater than the value of vlan-id1.
NOTE
The user VLANs specified in the command must be existing VLANs enabled with IGMP snooping and
cannot be multicast VLANs or user VLANs of another multicast VLAN.
----End
2.
Configure the network-side interface as a trunk or hybrid interface and add the interface to
the multicast VLAN. For the configuration procedure, see Dividing a LAN into VLANs
Based on Ports.
3.
Run the interface interface-type interface-number command to enter the user-side interface
view
2.
Configure the user-side interface as a trunk or hybrid interface and add the interface to the
user VLAN. For the configuration procedure, see Dividing a LAN into VLANs Based on
Ports.
----End
Procedure
l
Run the display multicast-vlan vlan [ vlan-id ] command to view information about a
multicast VLAN.
----End
Example
Run the display multicast-vlan vlan [ vlan-id ] command to view information about a multicast
VLAN.
Issue 01 (2011-10-26)
41
Run the display user-vlan vlan [ vlan-id ] command to view information about user VLANs.
<Quidway> display user-vlan vlan
Total user vlan
2
user-vlan snooping-state
multicast-vlan snooping-state
--------------------------------------------------------100
IGMP Enable /MLD Disable 3
IGMP Enable /MLD Disable
200
IGMP Enable /MLD Disable 3
IGMP Enable /MLD Disable
Pre-configuration Tasks
Before configuring multicast VLAN replication based on interfaces, complete the following
tasks:
l
Connecting interfaces and setting physical parameters for the interfaces to ensure that the
physical status of the interfaces is Up
Data Preparation
To configure multicast VLAN replication based on interfaces, you need the following data.
Issue 01 (2011-10-26)
No.
Data
Multicast VLAN ID
42
No.
Data
43
Procedure
Step 1 Run:
system-view
2.
Configure the network-side interface as a trunk or hybrid interface and add the interface to
the multicast VLAN. For the configuration procedure, see Dividing a LAN into VLANs
Based on Ports.
3.
Run the interface interface-type interface-number command to enter the user-side interface
view
2.
Configure the user-side interface as a trunk or hybrid interface and add the interface to the
user VLAN. For the configuration procedure, see Dividing a LAN into VLANs Based on
Ports.
----End
Run the display l2-multicast-bind [ mvlan vlan-id ] command to view information about
a multicast VLAN and user VLANs bound to the multicast VLAN on an interface.
----End
Example
Run the display l2-multicast-bind [ mvlan vlan-id ] command to view information about a
multicast VLAN and its user VLANs.
<Quidway> display l2multicast-bind mvlan 90
Port
Startvlan
Endvlan
Mvlan
-----------------------------------------------------------------GigabitEthernet0/0/1
901
-90
Total Table(s) : 1
44
Applicable Environment
In many-to-one mode, a user VLAN can be added to only one multicast VLAN and users in the
user VLAN can receive programs of only one multicast group. Many-to-many multicast VLAN
allows you to add a user VLAN to multiple multicast VLANs and specify multiple multicast
groups for users in the user VLAN.
When a user VLAN needs to be mapped to multiple multicast VLANs, enable the user VLAN
to be added to multiple multicast VLANs, and configure multicast flows.
Pre-configuration Tasks
Before configuring the many-to-many multicast VLANs, complete the following tasks:
l
Connecting interfaces of Switch and setting physical parameters for the interfaces to ensure
that the physical status of the interfaces is Up.
Data Preparation
To configure many-to-many multicast VLANs, you need the following data.
Number
Data
User VLAN ID
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
45
Procedure
Step 1 Run:
system-view
Multicast VLAN replication is enabled and the current VLAN is configured as a multicast
VLAN.
After IP multicast is configured on the S5700, no multicast VLAN can be configured.
Step 5 Run:
multicast-vlan user-vlan { { vlan-id1 [ to vlan-id2 ] } & <1-10> }
46
Before adding the user VLAN to multiple multicast VLANs, run the multicast flow-trigger
enable command in the user VLAN view to enable it to be added to multiple multicast VLANs.
----End
Procedure
Step 1 Run:
system-view
Any two static flows in a multicast VLAN cannot be the same. Note that flows of the same multicast group
with different source IP addresses are considered as different flows.
----End
47
Procedure
l
Run the display multicast static-flow [ mvlan vlan-id ] command to view the static flow
in a multicast VLAN.
----End
Example
# Run the display multicast static-flow [ mvlan vlan-id ] command to view the static flow in
multicast VLAN 10.
<Quidway> display multicast static-flow
------------------------------------------------------------------Vlan
(Source, Group)
------------------------------------------------------------------10
(*, 225.1.1.1)
------------------------------------------------------------------Total Table(s) : 1
Issue 01 (2011-10-26)
48
Figure 3-4 Networking diagram for configuring multicast VLAN replication based on user
VLANs
Source
GE1/0/0 RouterA
VLAN10
GE0/0/1 SwitchA
GE0/0/4
GE0/0/2
GE0/0/3
VLAN100
VLAN200
HostA
Reciever
HostB
Reciever
VLAN300
HostC
Reciever
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Create a multicast VLAN and enable IGMP snooping in the multicast VLAN.
3.
Create user VLANs and enable IGMP snooping in the user VLANs.
4.
5.
Add the network-side interface and user-side interfaces to VLANs as hybrid interfaces.
Data Preparation
To complete the configuration, you need the following data:
l
Interface connected to RouterA and the VLAN that the interface belongs to
Procedure
Step 1 Enable IGMP snooping globally.
<SwitchA> system-view
[SwitchA] igmp-snooping enable
Step 2 Create a multicast VLAN and enable IGMP snooping in the multicast VLAN.
<SwitchA> system-view
[SwitchA] igmp-snooping enable
Issue 01 (2011-10-26)
49
[SwitchA] vlan 10
[SwitchA-vlan10] igmp-snooping enable
[SwitchA-vlan10] multicast-vlan enable
[SwitchA-vlan10] quit
Step 3 Create user VLANs and enable IGMP snooping in the user VLANs.
[SwitchA] vlan 100
[SwitchA-vlan100] igmp-snooping enable
[SwitchA-vlan100] quit
[SwitchA] vlan 200
[SwitchA-vlan200] igmp-snooping enable
[SwitchA-vlan200] quit
[SwitchA] vlan 300
[SwitchA-vlan300] igmp-snooping enable
[SwitchA-vlan300] quit
Step 4 Bind user VLANs 100, 200, and 300 to multicast VLAN 10.
[SwitchA] vlan 10
[SwitchA-vlan10] multicast-vlan user-vlan 100 200 300
[SwitchA-vlan10] quit
# Add GE0/0/2, GE0/0/3, and GE0/0/4 to user VLANs 100, 200, and 300 respectively.
[SwitchA] interface gigabitethernet0/0/2
[SwitchA-GigabitEthernet0/0/2] port hybrid
[SwitchA-GigabitEthernet0/0/2] port hybrid
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet0/0/3
[SwitchA-GigabitEthernet0/0/3] port hybrid
[SwitchA-GigabitEthernet0/0/3] port hybrid
[SwitchA-GigabitEthernet0/0/3] quit
[SwitchA] interface gigabitethernet0/0/4
[SwitchA-GigabitEthernet0/0/4] port hybrid
[SwitchA-GigabitEthernet0/0/4] port hybrid
[SwitchA-GigabitEthernet0/0/4] quit
----End
Configuration Files
l
Issue 01 (2011-10-26)
50
#
sysname SwitchA
#
vlan batch 10 100 200 300
#
igmp-snooping enable
#
vlan 10
igmp-snooping enable
multicast-vlan enable
multicast-vlan user-vlan 100 200 300
#
vlan 100
igmp-snooping enable
#
vlan 200
igmp-snooping enable
#
vlan 300
igmp-snooping enable
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/4
port hybrid pvid vlan 300
port hybrid untagged vlan 300
#
return
Issue 01 (2011-10-26)
51
Figure 3-5 Networking diagram for configuring multicast VLAN replication based on interfaces
Router GE1/0/0
Source
GE0/0/1
GE0/02
GE0/0/3
SwitchA
ISP1
VLAN10
ISP2
VLAN10
Receiver
HostB
Receiver
HostA
Multicast Packet
Multicast VLAN 2
Multicast VLAN 3
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Create multicast VLANs 2 and 3 and enable IGMP snooping in the multicast VLANs.
3.
4.
5.
Add the network-side interface and user-side interfaces to VLANs as hybrid interfaces.
Data Preparation
To complete the configuration, you need the following data:
l
Interface connected to the Router and the VLAN that the interface belongs to
Procedure
Step 1 Create multicast VLANs 2 and 3 and enable IGMP snooping in the multicast VLANs.
<SwitchA> system-view
[SwitchA] igmp-snooping enable
[SwitchA] vlan 2
Issue 01 (2011-10-26)
52
Step 3 Bind the user VLAN to multicast VLANs on GE 0/0/2 and GE 0/0/3.
[SwitchA] interface gigabitethernet 0/0/2
[SwitchA-GigabitEthernet0/0/2] l2-multicast-bind vlan 10 mvlan 2
[SwitchA-GigabitEthernet0/0/2] quit
[SwitchA] interface gigabitethernet 0/0/3
[SwitchA-GigabitEthernet0/0/3] l2-multicast-bind vlan 10 mvlan 3
[SwitchA-GigabitEthernet0/0/3] quit
Step 4 Add GE0/0/1 to the multicast VLANs, and add GE 0/0/2 and GE 0/0/3 to the user VLAN.
# Add GE0/0/1 to multicast VLANs 2 and 3 as a trunk interface.
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type trunk
[SwitchA-GigabitEthernet0/0/1] port trunk allow-pass vlan 2 3
[SwitchA-GigabitEthernet0/0/1] quit
0/0/2
hybrid pvid vlan 10
hybrid untagged vlan 10
0/0/3
hybrid pvid vlan 10
hybrid untagged vlan 10
----End
Configuration Files
l
Issue 01 (2011-10-26)
53
igmp-snooping enable
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 3
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 10
port hybrid untagged vlan 10
l2-multicast-bind vlan 10 mvlan 2
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 10
port hybrid untagged vlan 10
l2-multicast-bind vlan 10 mvlan 3
#
return
RouterA
S1
RouterB
MVLAN10
GE0/0/2
GE0/0/3
UVLAN100
MVLAN20
S2
GE0/0/1
Switch
Receiver
Configuration Roadmap
The configuration roadmap is as follows:
Issue 01 (2011-10-26)
54
1.
2.
Create multicast VLANs and enable IGMP snooping in the multicast VLAN.
3.
Create a user VLAN and enable IGMP snooping in the user VLAN. Enable the triggering
of the multicast flow in the user VLAN.
4.
Add the user VLAN to multiple multicast VLANs and configure the static multicast flow
in the multicast VLANs.
5.
Add the network-side interfaces and user-side interface to VLANs as hybrid interfaces.
Data Preparation
To complete the configuration, you need the following data:
l
Interfaces connected to the routers and the multicast VLANs that the interfaces belong to
Interfaces connected to the user and the multicast VLANs that the interfaces belong to
Procedure
Step 1 Enable IGMP snooping in the system view.
<Switch> system-view
[Switch] igmp-snooping enable
Step 2 Create multicast VLANs 10 and 20 and enable IGMP snooping in the multicast VLANs.
[Switch] igmp-snooping enable
[Switch] vlan 10
[Switch-vlan10] igmp-snooping enable
[Switch-vlan10] multicast-vlan enable
[Switch-vlan10] quit
[Switch] vlan 20
[Switch-vlan20] igmp-snooping enable
[Switch-vlan20] multicast-vlan enable
[Switch-vlan20] quit
Step 3 Create user VLAN 100 and enable IGMP snooping in the user VLAN. Enable the triggering of
the multicast flow in the user VLAN.
[Switch] vlan 100
[Switch-vlan100] igmp-snooping enable
[Switch-vlan100] multicast flow-trigger enable
[Switch-vlan100] quit
Step 4 Add user VLAN 100 to multicast VLANs10 and 20 and configure the static multicast flow in
the multicast VLANs.
[Switch] vlan 10
[Switch-vlan10] multicast-vlan user-vlan 100
[Switch-vlan10] multicast static-flow 225.1.1.1
[Switch-vlan10] quit
[Switch] vlan 20
[Switch-vlan20] multicast-vlan user-vlan 100
[Switch-vlan20] multicast static-flow 225.1.2.1
[Switch-vlan20] quit
Issue 01 (2011-10-26)
0/0/1
hybrid pvid vlan 20
hybrid untagged vlan 20
0/0/2
hybrid pvid vlan 10
55
# Run the display multicast static-flow command to view the static multicast flow in the
multicast VLANs. Users in the user VLAN can be added to the multicast group.
[Quidway] display multicast static-flow
------------------------------------------------------------------Vlan
(Source, Group)
------------------------------------------------------------------10
(*, 225.1.1.1)
20
(*, 225.1.2.1)
------------------------------------------------------------------Total Table(s) : 2
----End
Configuration File
l
Issue 01 (2011-10-26)
56
Issue 01 (2011-10-26)
57
Issue 01 (2011-10-26)
58
Multicast
Profile P1
Multicast Group
List L1
Multicast Group G1
Multicast Group G2
Multicast Group G3
Multicast Group
List L2
Multicast
Profile P2
Multicast Group G4
Multicast Group G5
Multicast Group
List L1
Multicast Group GN
Multicast Group
A multicast group corresponds to a multicast address such as 224.1.1.1. A multicast group can
be regarded as a channel or program of IPTV.
59
G4. A multicast group can be contained in several multicast group lists. For example, G3 is
contained in L1 and L2.
Multicast Profile
A multicast profile is a set of multicast group lists, and defines the frame of users' rights to join
related multicast groups. A multicast profile can contain several multicast group lists. For
example, in Figure 4-1, multicast profile P1 contains L1, L2, and L3. A multicast group list can
be contained in several multicast profiles. For example, L2 is contained in P1 and P2. Multicast
group lists that are added to a profile have their attributes, that is, preview and watch. If a
multicast group list is added to a multicast profile in watch mode, users of the multicast profile
can watch all multicast groups in the list. If a multicast group list is added to a multicast profile
in preview mode, users of the multicast profile can preview all multicast groups in the list.
Control Flow
The S5700 on which controllable multicast is applied can control the generation of Layer 2
multicast forwarding entries by intercepting IGMP Report messages. After receiving an IGMP
Report message from a user, the S5700 obtains the profile based on the VLAN to which the
message belongs. If the group is not in the list of the profile, the user cannot join the group. The
S5700 intercepts the IGMP Report message and do not generate the related forwarding entry.
Therefore, the user cannot receive data flows of this group. If the multicast group is in the list
of the profile, check the mode through which the list is added to the profile. If the list is added
to the profile in watch mode, the S5700 allows the IGMP Report message to pass through. If the
list is added to the profile in preview mode, the S5700 allows the IGMP Report message to pass
through and starts a timer at the same time. When the preview period expires, the S5700 deletes
the forwarding entry of the group and intercepts subsequent IGMP Report messages of the group.
The preview function is implemented.
Pre-configuration Tasks
Before configuring controllable multicast, complete the following task:
l
Configuring Layer 2 multicast, that is, IGMP snooping or IGMP proxy, to forward multicast
packets normally
NOTE
In the multicast VLAN, controllable multicast needs to be configured in the user VLAN.
Data Preparation
To configure controllable multicast, you need the following data.
Issue 01 (2011-10-26)
60
No.
Data
If the interface connected to the user device is configured IGMPv2, you do not need to specify the
source ipv4-source-address parameter; if the interface is configured with IGMPv3, you must specify
source ipv4-source-address.
If the configured multicast groups have the same address, you can use the group-name parameter to change
the names of multicast groups.
----End
Issue 01 (2011-10-26)
61
A multicast group list is created and the view of the multicast group list is displayed.
Step 4 Run:
add multicast-group { name group-name | index start-index to end-index }
A multicast profile is created and the view of the multicast profile is displayed.
Step 4 Run:
add multicast-list { name list-name | index start-index to end-index } { watch |
preview }
The maximum number is configured for multicast groups that users in the multicast profile can
simultaneously join.
NOTE
On the S5700, users in a multicast profile can simultaneously join a maximum of eight multicast groups.
This is also the default setting.
Step 6 Run:
multicast-preview interval interval
Set the interval between the first and second previews on a multicast group.
Step 7 Run:
Issue 01 (2011-10-26)
62
Set the period for a user to preview a multicast group each time.
Step 8 Run:
multicast-preview times times
Set the number of times for a user to preview a multicast group each day.
----End
The binding relationship is set between the VLAN and the multicast profile.
By default, the binding relationship between the VLAN and the multicast profile is not set in
S5700.
Multiple multicast profiles can be bound to users in a VLAN.
NOTE
The S5700 supports the port+VLAN multicast control mode. To configure the multicast service for multiple
user interfaces in the same VLAN, you need to specify a multicast profile for each interface individually
by specifying the interface interface-type interface-number parameter.
----End
63
Step 4 Run the display multicast-profile-apply command to information about a VLAN where a
multicast profile is applied.
----End
G1(10.1.1.1,225.0.0.1)
G3(12.1.1.1,225.0.0.1)
Network
G2(11.1.1.1,225.0.0.1)
G4(13.1.1.1,225.0.0.1)
Switch
VLAN1
VLAN2
VLAN3
VLAN4
Configuration Roadmap
The configuration roadmap is as follows:
Issue 01 (2011-10-26)
64
Data Preparation
To complete the configuration, you need the following data:
1.
2.
3.
Configuration Procedure
1.
Configure user VLANs and add the interface to the user VLANs. The configuration details
are not provided here.
2.
3.
multicast-group
multicast-group
multicast-group
multicast-group
G1
G2
G3
G4
ip-address
ip-address
ip-address
ip-address
225.0.0.1
225.0.0.2
225.0.0.3
225.0.0.4
name G1
name G2
name G3
name G4
Issue 01 (2011-10-26)
65
multicast-profile P1
multicast-profile P1
multicast-profile P2
multicast-profile P2
Profile-Name
Multicast-list
Attach-
----------------------------------------------------------------------------1
2
P1
P2
1
2
2
2
Total: 2
[Switch-btv] display multicast-list
------------------------------------------------------------------------Index
Multicast-list-name
Multicastgroup
------------------------------------------------------------------------1
L1
2
2
L2
2
Total: 2
[Switch-btv] display multicast-group
------------------------------------------------------------------------Index
Multicast-group-name
Address
------------------------------------------------------------------------1
G1
225.0.0.1
2
G2
225.0.0.2
3
G3
225.0.0.3
4
G4
225.0.0.4
Total: 4
Issue 01 (2011-10-26)
66
Configuration Files
sysname Switch
#
vlan batch 1 to 4
#
igmp-snooping enable
#
#
btv
multicast-group G1 ip-address 225.0.0.1
multicast-group G2 ip-address 225.0.0.2
multicast-group G3 ip-address 225.0.0.3
multicast-group G4 ip-address 225.0.0.4
#
multicast-list L1
add multicast-group name G1
add multicast-group name G2
multicast-list L2
add multicast-group name G3
add multicast-group name G4
#
multicast-profile P1
add multicast-list name L1 watch
multicast-profile P2
add multicast-list name L1 watch
add multicast-list name L2 watch
#
vlan 1
igmp-snooping enable
attach multicast-profile P1
#
vlan 2
igmp-snooping enable
attach multicast-profile P1
#
vlan 3
igmp-snooping enable
attach multicast-profile P2
#
vlan 4
igmp-snooping enable
attach multicast-profile P2
#
return
Issue 01 (2011-10-26)
67
5 IGMP Configuration
IGMP Configuration
Issue 01 (2011-10-26)
68
5 IGMP Configuration
In the TCP/IP protocol suite, the Internet Group Management Protocol (IGMP) manages IPv4
multicast members. It sets up and maintains the multicast membership between IP hosts and
adjacent multicast routers.
As a routing switch, the S5700 supports IP multicast. When IGMP is configured, the S5700 can
be used as a multicast switch. IGMP is the signaling mechanism of the host towards the
S5700, which is used by IP multicast in an end user network. IGMP needs to be enabled on hosts
and on S5700s.
NOTE
l Whether the host supports IGMP depends on the used operating system.
l The switch mentioned in the following contents is an S5700 supporting the Layer 3 multicast protocol
and multicast router function.
All receiver hosts that participate in multicast transmission must be enabled with IGMP.
A host can join or leave a multicast group at any time and from any position. The number
of members of a multicast group is not limited.
Through IGMP, a multicast L3 device can know whether there is a multicast group receiver,
namely, a group member, on the network segment to which an interface of the router is
connected. Each host needs to save only the information about the groups that the host itself
joins.
At present, IGMP has three versions: IGMPv1 (defined by RFC 1112), IGMPv2 (defined by
RFC 2236), and IGMPv3 (defined by RFC 3376). All IGMP versions support the Any-Source
Multicast (ASM) model. IGMPv3 can be directly applied to the Source-Specific Multicast
(SSM) model, while IGMPv1 and IGMPv2 require the support of SSM mapping.
Router-Alert Option
IGMPv2 and IGMPv3 have the Group-Specific and Source/Group-Specific Query messages.
The groups are varied and an S5700 cannot join all groups. Therefore, the IGMP needs to use
the Router-Alert option. Then the IGMP can send messages for the groups that the local
S5700 does not join to the upper-level protocol for processing.
Issue 01 (2011-10-26)
69
5 IGMP Configuration
You can determine whether to set the Router-Alert option in the IGMP messages to be sent and
whether the received IGMP messages must contain the Router-Alert option.
IGMPv1 does not support querier election. Therefore, you need to enable PIM for querier election.
For IGMPv2, you can set the interval for sending General Query messages, robustness variable,
maximum response duration of IGMP Query messages, and IGMP prompt leave.
For IGMPv3, you can set the interval for sending General Query messages, robustness variable,
and maximum response time of IGMP Query messages.
SSM-Mapping
An S5700 can serve hosts of IGMPv1 and IGMPv2 after you configure SSM-Mapping on the
S5700.
IGMP Limit
l
The function of IGMP Limit is applicable to IPv4 PIM-SM and IPv4 PIM-DM networks.
To limit the number of users accessing IP core networks, you can configure the IGMP limit
function.
Configure the maximum number of global IGMP group memberships on a S5700.
Configure the maximum number of IGMP group memberships on an interface.
NOTE
If the IGMP limit function is required to be configured globally, and for an interface on the same
S5700, it is recommended that the limits on the number of global IGMP group memberships, and the
number of IGMP group memberships on the interface should be in descending order.
70
5 IGMP Configuration
IGMP needs to be enabled on the VLANIF interface that is connected to the host. The matching
IGMP version needs to be configured on the S5700 and host because the IGMP messages vary
according to version. The later version on the S5700 side is compatible with the earlier version
on the host side. Other configurations can be performed only after IGMP is enabled.
The host where the IGMP is run responds to the IGMP Query message of the S5700. If the host
gives no response and the operation times out, the S5700 considers that the multicast group does
not contain any member on the network segment and cancels data forwarding.
To enable hosts on the network segment of the interface to join the specified groups and receive
packets from the groups, you can set an ACL on the related interface to limit the range of groups
that the interface serves.
Pre-configuration Tasks
Before configuring basic IGMP functions, complete the following tasks:
l
Configuring the parameters of the link layer protocol and the IP address of the interface to
enable the link-layer protocol
Configuring the unicast routing protocol to ensure that IP routes between nodes are
reachable
Data Preparation
To configure basic IGMP functions, you need the following data.
No.
Data
IGMP version
Procedure
Step 1 Run:
system-view
71
5 IGMP Configuration
Step 2 Run:
multicast routing-enable
CAUTION
Make sure that all the interfaces on S5700s are configured with IGMP of the same version on
one network segment. By default, IGMPv2 is adopted.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
72
5 IGMP Configuration
Procedure
Step 1 Run:
system-view
interface-number
The interface is added to the multicast group or multicast source group statically.
If a loopback interface is used, the S5700 forwards the received data only when a user demands
the data. In this case, the bandwidth usage is reduced. If a VLANIF interface is adopted, the
S5700 forwards the received data directly.
If a loopback interface is used, the S5700 forwards the received data only when a user requests
the data. This reduces the CPU usage. VLANIF interfaces forward multicast data immediately.
By default, an interface is not statically added to any multicast group.
----End
73
5 IGMP Configuration
interface to filter the received messages. In this case, the range of groups that the interface serves
can be limited.
Procedure
Step 1 Run:
system-view
interface-number
The range of multicast groups that the interface can join is configured.
By default, an interface can join any multicast group.
----End
Procedure
l
Run the display igmp group [ group-address | interface interface-type interfacenumber ] * static command to check the information about the members of the static IGMP
multicast group.
Run the display igmp group[ group-address | interface interface-type interfacenumber ] * [ verbose ] command to check the information about the members that
dynamically join the IGMP multicast group.
----End
Example
Run the display igmp interface vlanif 3 command to check the configuration of IGMP on
VLANIF 3.
<Quidway> display igmp interface vlanif 3
Interface information
Vlanif10
(100.0.0.3):
IGMP is enabled
Current IGMP version is 2
Issue 01 (2011-10-26)
74
5 IGMP Configuration
IGMP state: up
IGMP group policy: none
IGMP limit: Value of query interval for IGMP (negotiated): Value of query interval for IGMP (configured): 60 s
Value of other querier timeout for IGMP: Value of maximum query response time for IGMP: 10 s
Querier for IGMP: 100.0.0.3 (this router)
Run the display igmp group static command to check the information about the static IGMP
multicast group.
<Quidway> display igmp group static
Static join group information
Total 2 entries, Total 2 active entries
Group Address
Source Address Interface
225.0.0.10
0.0.0.0
Loop1
232.1.1.20
10.0.0.1
Vlanif3
Expires
never
never
Context
By default, IGMP can work normally. In the S5700, you can change the values of related
parameters according to the specific network environment. You can perform the following
configurations as required.
NOTE
l The configuration in the IGMP view is valid globally. The configuration in the interface view is valid
only for the specific interface.
l If this command is configured in the interface view and the IGMP view, the values set in the interface
view are preferred. If this command is not configured in the interface view, the values configured in
the IGMP view are valid.
75
5 IGMP Configuration
Pre-configuration Tasks
Before configuring IGMP message options and timers, complete the following tasks:
l
Configuring the unicast routing protocol to make the IP routes of nodes be reachable
Data Preparation
To configure IGMP message options and related timers, you need the following data.
No.
Data
The configuration on an interface is valid only for the specific interface. The configuration
on an interface takes precedence over the global configuration. If the Router-Alert option
is not configured on the interface, the global configuration is used.
Procedure
Issue 01 (2011-10-26)
76
1.
5 IGMP Configuration
Run:
system-view
Run:
igmp
Run:
require-router-alert
The S5700 is configured to ignore the IGMP messages that do not contain the RouterAlert option.
4.
Run:
send-router-alert
The S5700 is configured to add the Router-Alert option to the IGMP message header.
NOTE
After you run the send-router-alert command, information about the Router-Alert option will
not be displayed when you view the current configuration. To view information about the
Router-Alert option, run the undo send-router-alert command first.
Run:
system-view
Run:
interface interface-type interface-number
Run:
igmp require-router-alert
The S5700 is configured to ignore the IGMP messages that do not contain the RouterAlert option.
4.
Run:
igmp send-router-alert
The S5700 is configured to add the Router-Alert option to the IGMP message header.
NOTE
After you run the igmp send-router-alert command, information about the Router-Alert
option will not be displayed when you view the current configuration. To view information
about the Router-Alert option, run the undo igmp send-router-alert command first.
----End
77
5 IGMP Configuration
Context
The IGMP querier can be configured globally or on an interface.
l
The configuration on an interface is valid only for the specific interface. The configuration
on an interface takes precedence over the global configuration. If the IGMP querier is not
configured on the interface, the global configuration is used.
When the IGMP version is IGMPv1, the configurable parameters of the IGMP querier include
the interval for sending IGMP General Query messages and IGMP robustness variable.
Procedure
l
Run:
system-view
Run:
igmp
Run:
timer query interval
Run:
robust-count robust-value
Run:
system-view
Run:
interface interface-type interface-number
Run:
igmp timer query interval
78
4.
5 IGMP Configuration
Run:
igmp robust-count robust-value
The configuration on an interface is valid only for the specified interface. The configuration
on an interface takes precedence over the global configuration. If the IGMP querier is not
configured on the interface, the global configuration is used.
When the version of IGMP is IGMPv2 or IGMPv3, the configurable parameters of the IGMP
querier include the interval for sending IGMP General Query messages, interval for sending
IGMP Group-Specific Query messages, maximum response time for IGMP Query messages,
Keepalive period of other IGMP queriers, and IGMP robustness variable.
NOTE
In actual configuration, ensure that the interval for sending IGMP General Query messages is greater than
the maximum response time for IGMP Query messages and is smaller than the Keepalive period of other
IGMP queriers.
Procedure
l
Run:
system-view
Run:
igmp
Run:
timer query interval
Run:
robust-count robust-value
79
5 IGMP Configuration
General Query messages is 1/4 of the interval for sending IGMP General Query
messages.
When receiving a Leave message, the S5700 sends the IGMP Group-Specific
Query messages for the time specified by the value of the robustness variable at
the interval that you set.
By default, the robustness variable is 2.
5.
Run:
max-response-time interval
Run:
timer other-querier-present interval
Run:
lastmember-queryinterval interval
The interval at which S5700 sends IGMP Group-Specific Query messages is set.
By default, the interval for sending IGMP Group-Specific Query messages is 1 second.
l
Run:
system-view
Run:
interface interface-type interface-number
Run:
igmp timer query interval
Run:
igmp robust-count robust-value
80
5 IGMP Configuration
When receiving a Leave message, the S5700 sends IGMP Group-Specific Query
messages for the time specified by the value of the robustness variable at the
interval that you set.
By default, the robustness variable is 2.
5.
Run:
igmp max-response-time interval
Run:
igmp timer other-querier-present interval
Run:
igmp lastmember-queryinterval interval
The interval at which the S5700 sends IGMP Group-Specific Query messages is set.
By default, the interval for sending IGMP Group-Specific Query messages is 1 second.
8.
Run:
igmp on-demand
The (S, G) entry never times out. The interface does not send IGMP Query messages.
By default, the interface sends Query messages and participates in querier election.
NOTE
----End
Issue 01 (2011-10-26)
When the IGMP version is IGMPv1 or IGMPv3, the IGMP prompt leave does not take effect even
if there is information about this function in current configuration.
81
5 IGMP Configuration
Procedure
Step 1 Run:
system-view
The S5700 leaves the group immediately without sending the Last Member Query message.
By default, the S5700 sends the Last Member Query message after receiving a Leave message
from a host.
----End
Procedure
l
Run the display igmp group [ group-address | interface interface-type interfacenumber ] * [ static | verbose ] command to check the information about members of an
IGMP multicast group.
Run the display igmp routing-table [ group-address [ mask { group-mask | group-masklength } ] | source-address [ mask { source-mask | source-mask-length } ] ]* [ static ]
command to check the information about the IGMP routing table.
Run the preceding command, and you can obtain the following result:
The membership information of the IGMP multicast group is correct.
The configuration and running status of IGMP on an S5700 interface are correct.
A matched multicast forwarding interface exists in the downstream list of the (*, G) or
(S, G) entry.
----End
Example
Run the display igmp group interface vlanif 3 static command, and you can view the IGMP
configuration on VLANIF 3.
Issue 01 (2011-10-26)
82
5 IGMP Configuration
Source Address
10.0.0.1
0.0.0.0
Expires
never
never
Run the display igmp routing-table command, and you can view the IGMP routing table.
NOTE
Pre-configuration Tasks
Before configuring SSM mapping, complete the following tasks:
l
Configuring the unicast routing protocol to ensure that the IP routes between nodes are
reachable
Data Preparation
To configure SSM mapping, you need the following data.
Issue 01 (2011-10-26)
No.
Data
83
5 IGMP Configuration
84
5 IGMP Configuration
Procedure
l
Run the display igmp group [ group-address | interface interface-type interfacenumber ]* ssm-mapping [ verbose ] command to check the address of a specific source or
group.
Run the display igmp ssm-mapping { group [ group-address ] | interface [ interfacetype interface-number ] } command to check the information about SSM mapping of a
specific source or group.
----End
Example
Run the display igmp ssm-mapping group [ group-address ] command, and you can view the
information about SSM mapping of a specified group address.
<Quidway> display igmp ssm-mapping group 232.0.0.1
IGMP SSM-Mapping conversion table
Total 2 entries
2 entries matched
00001. (10.0.0.1, 232.0.0.1)
00002. (10.0.0.2, 232.0.0.1)
Total 2 entries matched
Run the display igmp ssm-mapping interface interface-type interface-number command, and
you can view information about SSM mapping on a specified interface.
<Quidway> display igmp ssm-mapping interface vlanif 3
Info: IGMP SSM-Mapping is enabled
Issue 01 (2011-10-26)
85
5 IGMP Configuration
Context
CAUTION
The IGMP group that an interface dynamically joins is deleted after you run the reset igmp
group command. Receivers may not receive multicast information normally. Therefore, confirm
the action before run the command.
You can run the following commands to clear the information about an IGMP group in the user
view.
Procedure
l
Run the reset igmp group { all | interface interface-type interface-number { all | groupaddress [ mask { group-mask | group-mask-length } ] [ source-address [ mask { sourcemask | source-mask-length } ] ] } } command to clear the IGMP group that the interface
already dynamically joins.
----End
Procedure
l
Run the display igmp group [ group-address | interface interface-type interfacenumber ] [ static | verbose ] command to check the information about the IGMP multicast
group.
Run the display igmp group ssm-mapping [ verbose ] command to check the information
about the multicast group that is already configured with SSM mapping.
Run the display igmp routing-table [ group-address [ mask { group-mask | group-masklength } ] | source-address [ mask { source-mask | source-mask-length } ] ]* [ static ]
command to check the information about the IGMP routing table.
Run the display igmp ssm-mapping { group [ group-address ] | interface [ interfacetype interface-number ] } command to check the information about SSM mapping of a
specific source or group.
----End
86
5 IGMP Configuration
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
Procedure
l
Run the debugging igmp { all | event | leave [ basic-acl-number ] | report [ advancedacl-number ] | query [ basic-acl-number ] | timer } command to enable the debugging of
IGMP.
----End
Issue 01 (2011-10-26)
87
5 IGMP Configuration
SwitchA
GE0/0/1
GE0/0/2
N1
Receiver
HostB
SwitchB
PIM Network
Leaf
network
GE0/0/1
GE0/0/2
HostC
Receiver
SwitchC
GE0/0/2
N2
GE0/0/1
HostD
Ethernet
Switch
Physical interface
VLANIF interface
IP address
Switch A
GE 0/0/1
VLANIF 10
10.110.1.1/24
GE 0/0/2
VLANIF 11
192.168.1.1/24
GE 0/0/1
VLANIF 20
10.110.2.1/24
GE 0/0/2
VLANIF 21
192.168.2.1/24
GE 0/0/1
VLANIF 30
10.110.3.1/24
GE 0/0/2
VLANIF 31
192.168.3.1/24
Switch B
Switch C
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
3.
4.
Data Preparation
To complete the configuration, you need the following data:
l
This configuration example describes only the commands used to configure IGMP.
Procedure
Step 1 Configure the IP addresses of interfaces and the unicast routing protocol on each switch.
Issue 01 (2011-10-26)
88
5 IGMP Configuration
Configure the IP address and mask of each interface according to Figure 5-1. Configure OSPF
to ensure the communication between Switch A, Switch B, and Switch C on the network layer,
and to ensure the dynamic update through the unicast routing protocol.
For details on how to configure IP addresses of interfaces, see Configuring IP Addresses for
Interfaces in the Quidway S5700 Series Ethernet Switches Configuration Guide - Basic
Configurations. For details on how to configure OSPF, see OSPF Configuration in the Quidway
S5700 Series Ethernet Switches Configuration Guide - IP Routing.
Step 2 Enable multicast on all switches and PIM-SM on all interfaces.
# Enable multicast on S5700A and enable PIM-SM on all interfaces. The configurations of
Switch B and Switch C are similar to the configuration of Switch A, and are not provided here.
[SwitchA] multicast routing-enable
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] pim sm
[SwitchA-Vlanif10] quit
[SwitchA] interface vlanif 11
[SwitchA-Vlanif11] pim sm
[SwitchA-Vlanif11] quit
By default, IGMPv2 is used and you do not need to set the IGMP version here. To use other IGMP versions,
run the igmp version command to set the version.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] igmp enable
[SwitchA-Vlanif10] igmp version 2
[SwitchA-Vlanif10] quit
Step 4 Add VLANIF 10 on Switch A to the multicast group 225.1.1.1 statically. In this manner, the
hosts connected to VLANIF 10 can steadily receive the multicast data sent to the multicast group
225.1.1.1.
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] igmp static-group 225.1.1.1
# Run the display igmp routing-table command on Switch A. You can check whether VLANIF
10 is added to the multicast group 225.1.1.1 statically. If the (*, 225.1.1.1) entry exists on Switch
Issue 01 (2011-10-26)
89
5 IGMP Configuration
A, the downstream interface is VLANIF 10, and the protocol type is STATIC, you can infer
that VLANIF 10 is added to the multicast group 225.1.1.1 statically.
[SwitchA] display igmp routing-table
Routing table of VPN-Instance: public net
Total 1 entry
00001. (*, 225.1.1.1)
List of 1 downstream interface
Vlanif10 (10.110.1.1),
Protocol: STATIC
----End
Configuration Files
l
Issue 01 (2011-10-26)
90
5 IGMP Configuration
#
ospf 1
area 0.0.0.0
network 10.110.2.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
Issue 01 (2011-10-26)
91
5 IGMP Configuration
S2
133.133.2.1/24 SwitchB
GE0/0/3
GE0/0/1
S3
SwitchC 133.133.3.1/24
GE0/0/3
GE0/0/1
GE0/0/2
GE0/0/2
S1
133.133.1.1/24
GE0/0/1
PIM-SM
GE0/0/2
SwitchA
GE0/0/3
GE0/0/2
Receiver
133.133.4.1/24
GE0/0/1
GE0/0/3
SwitchD
Switch
Physical interfaces
VLANIF interface
IP address
Switch A
GE0/0/1
VLANIF 10
133.133.1.2/24
GE0/0/2
VLANIF 20
192.168.1.1/24
GE0/0/3
VLANIF 30
192.168.4.2/24
GE0/0/1
VLANIF 11
133.133.2.2/24
GE0/0/2
VLANIF 20
192.168.1.2/24
GE0/0/3
VLANIF 31
192.168.2.1/24
GE0/0/1
VLANIF 12
133.133.3.2/24
GE0/0/2
VLANIF 21
192.168.3.1/24
GE0/0/3
VLANIF 31
192.168.2.2/24
GE0/0/1
VLANIF 13
133.133.4.2/24
GE0/0/2
VLANIF 21
192.168.3.2/24
GE0/0/3
VLANIF 30
192.168.4.1/24
Switch B
Switch C
Switch D
Configuration Roadmap
The configuration roadmap is as follows:
1.
2.
Set the range of SSM group addresses on all the switches in the PIM-SM domain.
3.
Configure the static SSM mapping rules on the switches where SSM mapping is enabled.
Data Preparation
To complete the configuration, you need the following data:
l
This configuration example describes only the commands used to configure SSM mapping.
Issue 01 (2011-10-26)
92
5 IGMP Configuration
Procedure
Step 1 Create VLANs and add interfaces to the VLANs.
Step 2 Configure the IP address of each VLANIF and the unicast routing protocol according to Figure
5-2.
Step 3 Enable IGMP and SSM mapping on the interfaces connected to hosts.
[SwitchD] multicast routing-enable
[SwitchD] interface vlanif 13
[SwitchD-Vlanif13] igmp enable
[SwitchD-Vlanif13] igmp version 3
[SwitchD-Vlanif13] igmp ssm-mapping enable
[SwitchD-Vlanif13] quit
Step 5 Configure static SSM mapping rules on the switches connected to hosts.
# Map the multicast group in the range of 232.1.1.0/24 to Source 1 and Source 3.
[SwitchD] igmp
[SwitchD-igmp] ssm-mapping 232.1.1.0 24 133.133.1.1
[SwitchD-igmp] ssm-mapping 232.1.1.0 24 133.133.3.1
# Check the information about SSM mapping of specific sources and group addresses on
switches.
[SwitchD] display igmp ssm-mapping group
IGMP SSM-Mapping conversion table of VPN-Instance: public net
Total 2 entries
Total 2 entries matched
00001. (133.133.1.1, 232.1.1.0)
00002. (133.133.3.1, 232.1.1.0)
Issue 01 (2011-10-26)
93
5 IGMP Configuration
Uptime: 00:01:52
Expires: 00:00:18
Last reporter: 133.133.4.1
Last-member-queryCounter: 0
Last-member-query-timer-expiry: off
Group mode: exclude
Version1-host-present-timer-expiry: off
Version2-host-present-timer-expiry: 00:00:17
# Run the display pim routing-table command to view the PIM-SM multicast routing table on
a switch. Take the information displayed on Switch D for example:
[SwitchD] display pim routing-table
VPN-Instance: public net
Total 2 (S, G) entries
(133.133.1.1, 232.1.1.1)
RP: 192.168.3.2
Protocol: pim-ssm, Flag:EXT NIIF
UpTime: 00:11:25
Upstream interface: Vlanif30
Upstream neighbor: 192.168.4.2
RPF prime neighbor: 192.168.4.2
Downstream interface(s) information :
Total number of downstreams: 1
1: Vlanif13
Protocol: igmp, UpTime: 00:11:25, Expires:(133.133.3.1, 232.1.1.1)
RP: 192.168.3.2
Protocol: pim-ssm, Flag:EXT NIIF
UpTime: 00:11:25
Upstream interface: Vlanif21
Upstream neighbor: 192.168.3.1
RPF prime neighbor: 192.168.3.1
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif13
Protocol: igmp, UpTime: 00:11:25, Expires:-
----End
Configuration Files
l
Issue 01 (2011-10-26)
94
5 IGMP Configuration
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 20
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 30
#
ospf 1
area 0.0.0.0
network 133.133.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.4.0 0.0.0.255
#
pim
ssm-policy 2000
#
return
Issue 01 (2011-10-26)
95
5 IGMP Configuration
Issue 01 (2011-10-26)
96
5 IGMP Configuration
Issue 01 (2011-10-26)
97
98
can enable the State-Refresh function. The multicast device then sends State-Refresh messages
periodically to refresh the prune state of the interface and maintain the SPT.
6.8 Adjusting Control Parameters for Graft
To make new members in a network to quickly receive multicast data, a multicast device actively
sends a Graft message through an upstream interface, requesting the upstream device to forward
multicast data to this network segment.
6.9 Adjusting Control Parameters for Assert
If a multicast device can receive multicast data through an downstream interface, this indicates
that other upstream devices exist in this network segment. The device then sends an Assert
message through the downstream interface to take part in the election of the unique upstream
device.
6.10 Configuring PIM Silent
The interface directly connecting a multicast device to a user host needs to be enabled with PIM.
In this case, some malicious hosts may simulate a large number of PIM Hello messages and send
the messages to the interface for processing. As a result, the multicast device is suspended. To
avoid the preceding case, you can set the interface to be in the PIM Silent state.
6.11 Maintaining PIM-DM (IPv4)
Maintaining PIM-DM involves resetting PIM statistics, and monitoring PIM running status.
6.12 Configuration Example
Configuration examples are provided to show how to construct a basic PIM-DM network.
Issue 01 (2011-10-26)
99
CAUTION
This chapter is concerned only about the PIM-DM configuration in an IPv4 network.
NOTE
The Protocol Independent Multicast (PIM) is a multicast protocol that is independent of unicast
routing protocol such as static route, RIP, OSPF, IS-IS, and BGP. Multicast routing is
independent of unicast routing protocols, except that unicast routing protocols are used to
generate related multicast routing entries.
Based on the Reverse Path Forwarding (RPF), PIM transmits multicast data across a network.
RPF constructs a multicast forwarding tree by using the existing unicast routing information.
When a multicast packet reaches a switch, the switch performs the RPF check first. If the packet
does not pass the RPF check, the switch directly discards the packet.
NOTE
IGMP
PIM-DM
Source
Multicast
Server
Receiver
UserA
Receiver
UserB
PIM-DM
PIM-DM
IGMP
Receiver
UserC
Receiver
UserD
Issue 01 (2011-10-26)
100
Whether the Hello messages without the Generation ID option are received
Neighbor filtering function: An interface sets up neighbor relationships with only the
addresses matching the filtering rules and deletes the neighbors unmatched with the filtering
rules
The interval for keeping the Prune state of the downstream interface
The delay from the time when the current switch receives a Prune message from a
downstream switch to the time when the current switch performs the prune action in the
LAN
101
Applicable Environment
PIM-DM is applicable to a small-scale network, and most network segments of the network have
receivers.
Pre-configuration Tasks
Before configuring basic PIM-DM functions, complete the following configuration tasks:
l
Data Preparation
To configure basic PIM-DM functions, you need the following data.
No.
Data
Context
Do as follows on the switch:
Issue 01 (2011-10-26)
102
Procedure
Step 1 Run:
system-view
Context
NOTE
When switchs are distributed in different PIM-DM domains, enable PIM-SM on all non-boundary
interfaces.
Procedure
Step 1 Run:
system-view
PIM-DM is enabled.
After PIM-DM is enabled on the interface and the PIM neighbor relationship is set up between
switches, the protocol packets sent by the PIM neighbors can be processed. You can run the
undo pim dm command to disable PIM-DM on the interface.
----End
103
Procedure
l
----End
Example
Run the display pim interface verbose command, and you can view the detailed information
about PIM on the interface in the public network instance.
<Quidway> display pim interface verbose
VPN-Instance: public net
Interface: Vlanif117, PIM version: 2
PIM mode: Dense
PIM state: down
PIM DR: PIM DR Priority (configured): 1
PIM neighbor count: PIM hello interval: 30 s
PIM LAN delay (negotiated): PIM LAN delay (configured): 500 ms
PIM hello override interval (negotiated): PIM hello override interval (configured): 2500 ms
PIM Silent: disabled
PIM neighbor tracking (negotiated): PIM neighbor tracking (configured): disabled
PIM generation ID: PIM require-GenID: disabled
PIM hello hold interval: 105 s
PIM assert hold interval: 180 s
PIM triggered hello delay: 5 s
PIM J/P interval: 60 s
PIM J/P hold interval: 210 s
PIM state-refresh processing: enabled
PIM state-refresh interval: 60 s
PIM graft retry interval: 3 s
PIM state-refresh capability on link: capable
PIM BFD: disabled
PIM dr-switch-delay timer : not configured
Number of routers on link not using DR priority: Number of routers on link not using LAN delay: Number of routers on link not using neighbor tracking: ACL of PIM neighbor policy: ACL of PIM ASM join policy: ACL of PIM SSM join policy: -
104
Applicable Environment
This configuration is applicable to all PIM-DM networks.
A PIM switch checks the passing multicast data. By checking whether the data matches the
filtering rule, the switch determines whether to forward the data. In this case, you can regard the
switch as the filter of the multicast data. The filter helps to control the data flow and limit the
information that downstream receivers can obtain. Network security is thus ensured.
Pre-configuration Tasks
Before configuring control parameters of a multicast source, complete the following tasks:
l
Data Preparation
To configure control parameters of a multicast source, you need the following data.
No.
Data
Context
Do as follows on the PIM switch:
NOTE
Procedure
Step 1 Run:
system-view
105
source-lifetime interval
Context
Do as follows on the PIM switch:
Procedure
Step 1 Run:
system-view
Procedure
l
Issue 01 (2011-10-26)
106
Applicable Environment
PIM switchs exchange Hello messages to set up neighbor relationships and negotiate various
control parameters.
The Switch under the control of default values can work normally. In the S5700, users can adjust
related parameters according to the specific network environment.
NOTE
Pre-configuration Tasks
Before adjusting control parameters for maintaining neighbor relationships, complete the
following tasks:
l
Data Preparation
To adjust control parameters for maintaining neighbor relationships, you need the following
data.
Issue 01 (2011-10-26)
107
No.
Data
Context
Do as follows on the PIM-DM switch:
NOTE
Procedure
l
Global Configuration
1.
Run:
system-view
Run:
pim
Run:
timer hello interval
Configuration on an Interface
1.
Run:
system-view
Run:
interface interface-type interface-number
108
3.
Run:
pim timer hello interval
Run:
pim triggered-hello-delay interval
Context
Do as follows on the PIM-DM switch:
NOTE
Procedure
l
Global Configuration
1.
Run:
system-view
Run:
pim
Run:
hello-option holdtime interval
Configuration on an Interface
1.
Run:
system-view
109
2.
Run:
interface interface-type interface-number
Run:
pim hello-option holdtime interval
Procedure
Step 1 Run:
system-view
110
Context
To prevent some switch from being involved in PIM, filtering PIM neighbors is required.
Do as follows on the switch running PIM-DM:
Procedure
Step 1 Run:
system-view
Procedure
l
Run the display pim neighbor [ neighbor-address | interface interface-type interfacenumber | verbose ] * command to check information about a PIM neighbor.
----End
111
Applicable Environment
When the last member leaves its group, the switch sends a Prune message through an upstream
interface. After receiving the Prune message, the upstream switch performs the prune action and
stops sending multicast packets to this network segment. If other downstream switchs exist in
the network, the switchs need to send a Join message to override the prune action.
Switchs can work normally under the control of the default parameter values. Users can adjust
related parameters according to the specific network environment.
NOTE
Pre-configuration Tasks
Before adjusting control parameters for prune, complete the following tasks:
l
Data Preparation
To adjust control parameters for prune, you need the following data.
No.
Data
6.6.2 Configuring the Period for an Interface to Keep the Prune State
The period for an interface to keep the prune state can be set either globally or on an interface.
After the period expires, the pruned interface starts to forward messages again. If the multicast
device receives a State-Refresh message before the period expires, it resets the timer, that is, it
refreshes the prune state.
Context
Do as follows on the PIM-DM switch:
Procedure
l
Global Configuration
1.
Run:
system-view
Issue 01 (2011-10-26)
112
Run:
pim
Run:
holdtime join-prune interval
The period during which the downstream interface is in the Prune state is set.
After the period expires, the pruned interface starts to forward packets again. Before
the period expires, the switch refreshes the Prune state when receiving a State-Refresh
message.
l
Configuration on an Interface
1.
Run:
system-view
Run:
interface interface-type interface-number
Run:
pim holdtime join-prune interval
The period during which the downstream interface is in the Prune state is set.
After the period is expired, the pruned interface starts to forward packets again.
Before the period expires, the switch refreshes the Prune state when receiving a StateRefresh message.
----End
Context
Do as follows on the PIM-DM switch:
Procedure
l
Global Configuration
1.
Run:
system-view
113
2.
Run:
pim
Run:
hello-option lan-delay interval
Configuration on an Interface
1.
Run:
system-view
Run:
interface interface-type interface-number
Run:
pim hello-option lan-delay interval
Context
Do as follows on the PIM-DM switch:
Procedure
l
Global Configuration
1.
Run:
system-view
Run:
pim
Run:
hello-option override-interval interval
114
data, it needs to send a Join message to the upstream switch in the override-interval
period.
l
Configuration on an Interface
1.
Run:
system-view
Run:
interface interface-type interface-number
Run:
pim hello-option override-interval interval
Procedure
l
Run the display pim control-message counters [ message-type { assert | graft | graftack |hello | join-prune | state-refresh | bsr } | interface interface-type interfacenumber ] * command to check the number of sent or received PIM control packets.
----End
Issue 01 (2011-10-26)
115
Applicable Environment
In a PIM-DM network, periodical flooding-prune wastes a lot of network resources. To prevent
a pruned interface from forwarding packets, you can enable the State-Refresh function.
Switch periodically send State-Refresh messages to refresh the prune state of interfaces and
maintain the SPT.
Switchs can work normally under the control of the default parameter values. Users can adjust
related parameters according to the specific network environment.
NOTE
Pre-configuration Tasks
Before adjusting control parameters for State-Refresh, complete the following tasks:
l
Data Preparation
To adjust control parameters for State-Refresh, you need the following data.
No.
Data
116
Context
Do as follows on all the switchs in the PIM-DM domain.
NOTE
Procedure
Step 1 Run:
system-view
You can run the pim state-refresh-capable command to re-enable PIM-DM State-Refresh on the interface.
----End
Context
Do as follows on all the switchs in the PIM-DM domain:
Procedure
Step 1 Run:
system-view
117
state-refresh-interval interval
l This command is applicable to the first-hop switch connecting with the multicast source.
l The interval for sending PIM State-Refresh messages should be shorter than the timeout period for
keeping the Prune state.
l You can run the holdtime join-prune command to set the timeout period for keeping the Prune state.
----End
Context
Do as follows on all the PIM-DM switchs in the PIM-DM domain:
Procedure
Step 1 Run:
system-view
The period for waiting to receive the next State-Refresh message is set.
----End
Context
Do as follows on all the PIM-DM switchs in the PIM-DM domain:
Issue 01 (2011-10-26)
118
Procedure
Step 1 Run:
system-view
This command is valid only on the switch directly connected to the source.
----End
Procedure
l
Run the display pim control-message counters [ message-type { assert | graft | graftack |hello | join-prune | state-refresh | bsr } | interface interface-type interfacenumber ] * command to check the number of the sent or received PIM control messages.
----End
Issue 01 (2011-10-26)
119
Applicable Environment
In a PIM-DM network, if State-Refresh is not enabled, a pruned interface can forward packets
after the Prune state times out. If State-Refresh is enabled, the pruned interface may never
forward packets.
To enable new members in the network to receive multicast data quickly, a PIM-DM switch
sends a Graft message through an upstream interface. After receiving the Graft message, the
upstream switch responds immediately with a Graft-Ack message and enables the interface that
receives the Graft message to forward packets.
Switchs can work normally under the control of the default parameter values. Users can adjust
the related parameters according to the specific network environment.
NOTE
Pre-configuration Task
Before configuring control parameters for graft, complete the following tasks:
l
Data Preparation
To configure control parameters for graft, you need the following data.
No.
Data
120
Context
Do as follows on the PIM-DM switch:
Procedure
Step 1 Run:
system-view
Procedure
l
Run the display pim control-message counters [ message-type { assert | graft | graftack |hello | join-prune | state-refresh | bsr } | interface interface-type interfacenumber ] * command to check the number of the sent or received PIM control messages.
Issue 01 (2011-10-26)
121
display pim routing-table brief [ group-address [ mask { group-mask-length | groupmask } ] | source-address [ mask { source-mask-length | source-mask } ] | incominginterface { interface-type interface-number | register } ] *
----End
Applicable Environment
When a PIM-DM switch receives multicast data through a downstream interface, it indicates
that other upstream switchs exist in the network segment. The switch sends Assert messages
through the interface to elect the unique upstream switch.
Switchs can work normally under the control of the default parameter values. Users can adjust
related parameters according to the specific network environment.
NOTE
Pre-configuration Tasks
Before adjusting control parameters for Assert, complete the following tasks:
l
Data Preparation
To adjust control parameters for Assert, you need the following data.
No.
Data
122
Context
Do as follows on the PIM-DM switch:
NOTE
Procedure
l
Global Configuration
1.
Run:
system-view
Run:
pim
Run:
holdtime assert interval
Configuration on an Interface
1.
Run:
system-view
Run:
interface interface-type interface-number
Run:
pim holdtime assert interval
123
Procedure
l
Run the display pim control-message counters [ message-type { assert | graft | graftack |hello | join-prune | state-refresh | bsr } | interface interface-type interfacenumber ] * command to check the number of sent or received PIM control messages.
----End
Applicable Environment
On the access layer, the interface directly connected to hosts needs to be enabled with PIM. You
can set up the PIM neighbor relationship on the interface to process various PIM packets. The
configuration, however, has the security vulnerability. When a host maliciously generates PIM
Hello messages and sends many packets to a switch, the switch may fail.
Issue 01 (2011-10-26)
124
To prevent the preceding case, you can set the status of the interface to PIM silent. When the
interface is in the PIM silent state, the interface is prevented from receiving and forwarding any
PIM packet. All PIM neighbor relationships and PIM state machines on the interface are deleted.
At the same time, IGMP and MLD on the interface are not affected.
To enable PIM silent, the network environment must meet the following conditions:
l
PIM silent is applicable only to the interface directly connected to the host network segment
that is connected only to this switch.
CAUTION
If PIM silent is enabled on the interface connected to a switch, the PIM neighbor relationship
cannot be established and a multicast fault may occur.
If the host network segment is connected to multiple switchs and PIM silent is enabled on
multiple interfaces of the switchs, these interfaces do not send Assert messages. Therefore,
multiple interfaces that forward multicast data exist in the user network segment. A multicast
fault thus occurs.
Pre-configuration Tasks
Before configuring PIM silent, complete the following tasks:
l
Configuring PIM-DM
Configuring IGMP
Data Preparation
To configure PIM silent, you need the following data.
No.
Data
Context
Do as follows on the interface connected to the host network segment:
Issue 01 (2011-10-26)
125
Procedure
Step 1 Run:
system-view
Prerequisite
All the configurations of PIM silent are complete.
Procedure
l
----End
Example
Run the display pim interface verbose command, and you can find that the configuration is
complete.
<Quidway> display pim interface Vlanif 10 verbose
VPN-Instance: public net
Interface: Vlanif10,
PIM version: 2
PIM mode: Dense
PIM state: down
PIM DR: PIM DR Priority (configured): 1
PIM neighbor count: PIM hello interval: 30 s
PIM LAN delay (negotiated): PIM LAN delay (configured): 500 ms
PIM hello override interval (negotiated): PIM hello override interval (configured): 2500 ms
PIM Silent: enabled
PIM neighbor tracking (negotiated): PIM neighbor tracking (configured): disabled
Issue 01 (2011-10-26)
126
Context
CAUTION
The statistics of the PIM control messages on the interface cannot be restored after you reset
them. Confirm the action before you run the command.
Procedure
l
Run the reset pim control-message counters [ interface interface-type interfacenumber ] command in the user view to clear the statistics of the PIM control messages on
an interface.
----End
Context
In routine maintenance, you can run the following commands in any view to check the running
status of PIM.
Issue 01 (2011-10-26)
127
Procedure
l
Run the display pim claimed-route [ source-address ] command in any view to check the
unicast routes used by PIM.
Run the display pim control-message counters [ message-type { assert | graft | graftack | hello | join-prune | state-refresh | bsr } | interface interface-type interfacenumber ] * command in any view to check the number of sent or received PIM control
messages.
Run the display pim neighbor [ neighbor-address | interface interface-type interfacenumber | verbose ] * command to check information about a PIM neighbor.
----End
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
all command to disable it immediately.
When a PIM fault occurs, run the following debugging command in the user view to debug PIM
and locate the fault.
For more information about debugging commands, refer to the Quidway S5700 Series Ethernet
Switches Debugging Reference.
Procedure
l
Run the debugging pim all command in the user view to enable all the debugging of PIM.
Run the debugging pim event [ advanced-acl-number ] command in the user view to enable
the debugging of PIM events.
Run the debugging pim routing-table [ advanced-acl-number ] command in the user view
to enable the debugging of PIM routes.
Issue 01 (2011-10-26)
128
----End
SwitchA
Ethernet
Ethernet
GE0/0/1
Source
Receiver
HostA
GE0/0/2
N1
PIM-DM
GE0/0/3
GE0/0/4
GE0/0/1
SwitchD
GE0/0/2 GE0/0/1
Leaf network
GE0/0/2
SwitchB
GE0/0/1
GE0/0/2
SwitchC
N2
Receiver
HostB
Ethernet
Switch
Physical interfaces
VLANIF interface
IP address
Switch A
GE0/0/1
VLANIF100
192.168.1.1/24
GE0/0/2
VLANIF101
10.110.1.1/24
GE0/0/1
VLANIF200
192.168.2.1/24
GE0/0/2
VLANIF102
10.110.2.1/24
GE0/0/1
VLANIF300
192.168.3.1/24
Switch B
Switch C
Issue 01 (2011-10-26)
129
Switch D
GE0/0/2
VLANIF102
10.110.2.2/24
GE0/0/1
VLANIF200
192.168.2.2/24
GE0/0/2
VLANIF300
192.168.3.2/24
GE0/0/3
VLANIF100
192.168.1.2/24
GE0/0/4
VLANIF103
10.110.5.1/24
Configuration Roadmap
In a small-scale experiment network, PIM-DM is adopted to configure multicast. Enable PIM
silent on the VLANIF interfaces of Switch A to protect Switch A from Hello message attacks.
The configuration roadmap is as follows:
1.
Configure the IP addresses of interfaces and the unicast routing protocol. PIM is an intradomain multicast routing protocol that depends on a unicast routing protocol. The multicast
routing protocol can work normally after the unicast routing protocol works normally.
2.
3.
Data Preparation
To complete the configuration, you need the following data:
l
Version of the IGMP protocol running between routers and hosts: IGMPv2
NOTE
This configuration example describes only the commands used to configure PIM-DM.
Procedure
Step 1 Configure the IP address of each interface and the unicast routing protocol.
# Configure IP addresses and masks of interfaces on the switches according to Figure 6-2.
Configure OSPF between switches to ensure that the switches can communicate at the network
layer and update routes through the unicast routing protocol.
For details on how to configure IP addresses of interfaces, see Configuring IP Addresses for
Interfaces in the Quidway S5700 Series Ethernet Switches Configuration Guide - Basic
Configuration. For details on how to configure OSPF, see OSPF Configuration in the Quidway
S5700 Series Ethernet Switches Configuration Guide - IP Routing.
Step 2 Enable multicast on all switches and enable PIM-DM on all interfaces.
# Enable multicast on Switch A and enable PIM-DM on each interface. The configurations of
Switch B, Switch C, and Switch D are similar to the configuration of Switch A, and are not
provided here.
[SwitchA] multicast
[SwitchA] interface
[SwitchA-Vlanif100]
[SwitchA-Vlanif100]
[SwitchA] interface
Issue 01 (2011-10-26)
routing-enable
vlanif 100
pim dm
quit
vlanif 101
130
[SwitchA-Vlanif101] pim dm
[SwitchA-Vlanif101] quit
Step 3 Configure the interfaces connected to hosts to be PIM silent and configure IGMP on the interface.
# On Switch A, configure the vlanif interfaces connected to hosts to be PIM silent, and configure
IGMP on the interface. The configurations of Switch B, Switch C, and Switch D are similar to
configuration of Switch A, and are not provided here.
[SwitchA] interface
[SwitchA-Vlanif101]
[SwitchA-Vlanif101]
[SwitchA-Vlanif101]
vlanif 101
pim silent
igmp enable
quit
DR-Pri
1
1
1
1
DR-Address
10.110.5.1(local)
192.168.1.2(local)
192.168.2.2(local)
192.168.3.2(local)
# Run the display pim neighbor command to check the PIM neighbor relationship between the
switches. The display of the PIM neighbor relationship on Switch D is as follows:
[SwitchD] display pim neighbor
VPN-Instance: public net
Total Number of Neighbors = 3
Neighbor
Session
192.168.1.1
N
192.168.2.1
N
192.168.3.1
Interface
Uptime
Expires
Dr-Priority
Vlanif100
00:02:22
00:01:27
Vlanif200
00:00:22
00:01:29
Vlanif300
00:00:23
00:01:31
BFD-
# Run the display pim routing-table command to view the PIM multicast routing table on the
switch. Assume that HostA needs to receive the information about multicast group G
225.1.1.1/24. When sending multicast packets to multicast group G, multicast source S
10.110.5.100/24 generates an SPT through flooding and the (S, G) entries exist on Switch A and
Switch D that are in the SPT. When HostA joins multicast group G, an (*, G) entry is generated
on Switch A. The information displayed on Switch B and Switch C is similar to the information
displayed on Switch A. The displayed information is as follows:
[SwitchA] display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry
(*, 225.1.1.1)
Protocol: pim-dm, Flag: WC
UpTime: 03:54:19
Upstream interface: NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif101
Protocol: igmp, UpTime: 01:38:19, Expires: never
(10.110.5.100, 225.1.1.1)
Protocol: pim-dm, Flag: ACT
Issue 01 (2011-10-26)
131
UpTime: 00:00:44
Upstream interface: Vlanif100
Upstream neighbor: 192.168.1.2
RPF prime neighbor: 192.168.1.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif101
Protocol: pim-dm, UpTime: 00:00:44, Expires: never
[SwitchD] display pim routing-table
VPN-Instance: public net
Total 0 (*, G) entry; 1 (S, G) entry
(10.110.5.100, 225.1.1.1)
Protocol: pim-dm, Flag: LOC ACT
UpTime: 01:35:25
Upstream interface: Vlanif103
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 2
1: Vlanif100
Protocol: pim-dm, UpTime: 00:03:27, Expires: never
2: Vlanif200
Protocol: pim-dm, UpTime: 00:03:27, Expires: never
----End
Configuration Files
l
Issue 01 (2011-10-26)
132
multicast routing-enable
#
vlan batch 200 102
#
interface Vlanif102
ip address 10.110.2.1 255.255.255.0
pim dm
igmp enable
#
interface Vlanif200
ip address 192.168.2.1 255.255.255.0
pim dm
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 102
port hybrid untagged vlan 102
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 10.110.2.0 0.0.0.255
#
return
Issue 01 (2011-10-26)
133
pim dm
#
interface Vlanif 103
ip address 10.110.5.1 255.255.255.0
pim dm
#
interface Vlanif 200
ip address 192.168.2.2 255.255.255.0
pim dm
#
interface Vlanif 300
ip address 192.168.3.2 255.255.255.0
pim dm
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 300
port hybrid untagged vlan 300
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 100
port hybrid tagged vlan 100
#
interface GigabitEthernet0/0/4
port hybrid pvid vlan 103
port hybrid untagged vlan 103
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 10.110.5.0 0.0.0.255
#
return
Issue 01 (2011-10-26)
134
135
Multicast devices establish PIM neighbor relationships and negotiate various control parameters
by exchanging Hello messages. You can adjust the parameters carried in Hello messages as
required. If there is no special requirement, adopt default values.
7.8 Adjusting Control Parameters for Source Registering
In a PIM-SM network, the DR directly connected to the multicast source encapsulates multicast
data in a Register message and sends it to the RP in unicast mode. The RP then decapsulates the
message, and forwards the multicast data to receivers along the RPT. The system supports the
Register message filtering and suppression functions.
7.9 Adjusting Control Parameters for Forwarding
A multicast device sends Join messages upstream to require to forward multicast data and Prune
messages upstream for requiring to stop forwarding multicast data. You can adjust control
parameters for multicast data forwarding as required. If there is no special requirement, adopt
default values.
7.10 Adjusting Control Parameters for Assert
If a multicast device can receive multicast data through the downstream interface, this indicates
that other upstream devices exist in this network segment. The device then sends an Assert
message through the downstream interface to take part in the election of the unique upstream
device.
7.11 Configuring the SPT Switchover
A high volume of multicast data traffic increases the load of an RP, and may result in a fault.
To solve this problem, PIM-SM allows the RP or the DR at the group member side to trigger
the SPT switchover when the rate of multicast packets is high.
7.12 Configuring PIM BFD
After detecting a fault on the peer, BFD immediately notifies the PIM module to trigger a new
DR election rather than waits until the neighbor relationship times out. This shortens the period
during which multicast data transmission is discontinued and thus improves the reliability of
multicast data transmission.
7.13 Configuring PIM Silent
The interface directly connecting a multicast device to a user host needs to be enabled with PIM.
In this case, some malicious hosts may simulate a large number of PIM Hello messages and send
the messages to the interface for processing. As a result, the multicast device is suspended. To
avoid the preceding case, you can set the interface to be in the PIM Silent state.
7.14 Maintaining PIM-SM (IPv4)
Maintaining PIM-SM involves resetting PIM statistics, and monitoring PIM running status.
7.15 Configuration Examples
Configuration examples are provided to show how to construct a basic PIM-SM network and
configure basic functions of PIM-SM.
Issue 01 (2011-10-26)
136
The Protocol Independent Multicast (PIM) indicates that any unicast routing protocol, such as
static route, RIP, OSPF, IS-IS, or BGP, can provide the routing information for IP multicast.
multicast routing is independent of unicast routing protocols, except that the unicast routing table
is used to generated multicast routing entries.
PIM forwards multicast packets by using the Reverse Path Forwarding (RPF) mechanism. The
RPF mechanism is used to create the multicast forwarding tree through the existing unicast
routing information. When a multicast packet arrives at a switch, the switch performs the RPF
check on the packet. If the RPF check succeeds, a multicast routing entry is created for
forwarding the multicast packet. If the RPF check fails, the packet is discarded.
NOTE
For details of RPF, refer to the chapter IPv4 Multicast Routing Management.
The working process of the Protocol Independent Multicast-Sparse Mode (PIM-SM) consists
of neighbor discovery, assert, DR election, RP discovery, join, prune, register, and SPT
switchover.
As shown in Figure 7-1, PIM-SM is used in a large-scale network with sparsely distributed
group members.
Figure 7-1 Application of PIM-SM a the multicast network
Receiver
IGMP
Source
PIM-SM
PIM-SM
Multicast
Server
PIM-SM
UserA
PIM-SM
PIM-SM
Receiver
IGMP
UserB
PIM-SM
Receiver
PIM-SM
IGMP
UserC
Issue 01 (2011-10-26)
137
NOTE
l The Protocol Independent Multicast Dense Mode (PIM-DM) is applicable to a small-scale network
with densely distributed members.
l PIM-SM can be used to construct the Any-Source Multicast (ASM) and Source-Specific Multicast
(SSM) models.
Static RP
You can specify a static RP on all the switchs in a PIM-SM domain. When a dynamic RP exists
in the domain, the dynamic RP is preferred by default, but you can configure the static RP to be
preferred.
Dynamic RP
You can configure C-RPs and C-BSRs in a PIM-SM domain and set the unified rules used to
dynamically generated the BSR and the RP. You can adjust the priority for C-RP election, adjust
the lifetime of the advertisement message on the BSR received from the C-RP, adjust the interval
for the C-RP to send advertisement messages, and specify an Access Control List (ACL) to limit
the range of the multicast groups served by the C-RP.
BSR
You can specify the C-BSR in the BSR domain, adjust the hash length used by the RP for C-RP
election, adjust the priority used for BSR election, and adjust the legal BSR address range. To
limit the transmission of BSR messages, you can configure the BSR service boundary on an
interface of the switch on the boundary of the BSR domain.
138
DR switching delay
Neighbor filtering function: An interface sets up neighbor relationships with only the
addresses matching the filtering rules.
Time period for the downstream interface to keep the forwarding state
Neighbor check function: checks whether the Join/Prune and Assert messages are sent to
or received from a PIM neighbor. If not, these messages are not processed.
PIM BFD
In the S5700, you can dynamically set up the BFD session to detect the status of the link between
PIM neighbors. Once a fault occurs on the link, BFD reports the fault to PIM.
PIM GR
The S5700 supports the PIM GR function on the switch with double MPUs. PIM GR ensures
normal multicast data forwarding during master-slave switchover of the switch.
139
any PIM packet. Then all PIM neighbors and PIM state machines on the interface are deleted.
The interface acts as the static DR and immediately takes effect. At the same time, IGMP on the
interface are not affected.
Applicable Environment
A PIM-SM network can adopt the ASM and SSM models to provide multicast services for user
hosts. The integrated components (including the RP) of the ASM model must be configured in
the network first. The SSM group address range is then adjusted as required.
NOTE
The SSM model is only supported in IGMPv3. If user hosts must run IGMPv1 or IGMPv2, configure IGMP
SSM mapping on switch interfaces.
Through IGMP, a switch knows the multicast group G that a user wants to join.
l
If G is in the SSM group address range and the source S is specified when the user joins G
through IGMPv3, the SSM model is used to provide multicast services.
If G is in the SSM group address range and the switch is configured with the (S, G) SSM
mapping rules, the SSM model is used to provide multicast services.
If G is not in the SSM group address range, the ASM model is used to provide multicast
services.
In the PIM-SM network, the ASM model supports the following methods to obtain an RP. You
can select the method as required.
l
dynamic RP: To obtain the dynamic RP, select several switchs in the PIM-SM domain and
configure them as C-RPs and C-BSRs, and then configure the BSR boundary on the
interface on the boundary of the domain. Each switch in the PIM-SM domain can then
automatically obtain the RP.
Static RP: To obtain a static RP, manually configure RP on each switch in the PIM-SM
domain. For the large-scale PIM network, configuring the static RP is complicated. To
enhance the robustness and the operating management of the multicast network, the static
RP is usually used as the backup of the BSR-RP.
A multicast group may be in the service range of the dynamic RP and the static RP
simultaneously. By default, The switch prefers the dynamic RP. If the static RP precedence is
configured, the static RP is preferred.
Different multicast groups correspond to different RPs. Compared with all groups corresponding
to an RP, this can reduce the burden of an RP and enhance the robustness of the network.
Issue 01 (2011-10-26)
140
Pre-configuration Tasks
Before configuring basic PIM-SM functions, complete the following tasks:
l
Data Preparation
To configure basic PIM-SM functions, you need the following data.
No.
Data
Static RP address
C-RP priority
Timeout of the period during which BSR waits to receive the Advertisement message
from C-RP.
C-BSR priority
Procedure
Step 1 Run:
system-view
141
Context
NOTE
When the switch is distributed in the PIM-SM domain, enable PIM-SM on all non-boundary interfaces.
Procedure
Step 1 Run:
system-view
PIM SM is enabled.
After PIM SM is enabled on the interface and PIM neighbor relationships are set up between
switches, the packets from the PIM neighbors can be processed.
----End
Context
CAUTION
When the static RP and the dynamic RP are configured in the PIM-SM at the same time, faults
may occur in the network. So, confirm the action before you run the command. If you want to
use only the dynamic RP in the PIM-SM network, skip the configuration.
Do as follows on all switchs in a PIM-SM domain. The switchs where static RP is not configured
cannot participate in multicast forwarding in this PIM-SM domain.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
142
----End
Context
CAUTION
The configuration is applicable only to the dynamic RP. If you want to use the static RP in the
network, skip the configuration.
Do as follows on the switch that may become RP in the PIM-SM area:
Procedure
Step 1 Run:
system-view
143
NOTE
l holdtime hold-interval: specifies the interval during which the BSR waits for the
Advertisement message from the C-RP. By default, the interval is 150 seconds.
l advertisement-interval adv-interval: specifies the interval during which the C-RP sends the
Advertisement message. By default, the interval is 60 seconds.
Step 4 Run:
c-bsr interface-type interface-number [ hash-length [ priority ] ]
Context
This configuration is optional. By default, the SSM group address range is 232.0.0.0/8.
Issue 01 (2011-10-26)
144
Procedure
Step 1 Run:
system-view
Ensure that the SSM group address range of all switchs in the network is consistent.
----End
Procedure
l
Run the display pim neighbor [ neighbor-address | interface interface-type interfacenumber | verbose ] * command to check a PIM neighbor.
Issue 01 (2011-10-26)
145
Run the display pim rp-info [ group-address ] command to check the RP in a PIM-SM
domain.
----End
Applicable Environment
All the configurations in this section are applicable to the ASM and SSM models.
PIM switchs check the multicast data that passes by. By checking whether the data matches the
filtering rule, the switchs determine whether to forward the data. That is, the switchs in the PIM
domain function as filters. The filters help to control the data flow, and to limit the information
that the downstream receiver can obtain.
Switchs can work normally under the control of default values. The S5700 allows users to adjust
the parameters as required.
NOTE
Pre-configuration Tasks
Before adjusting control parameters for a multicast source, complete the following tasks:
l
Data Preparation
To adjust control parameters for a multicast source, you need the following data.
Issue 01 (2011-10-26)
No.
Data
146
Context
Do as follows on the switch:
Procedure
Step 1 Run:
system-view
Context
Do as follows on the switch:
Procedure
Step 1 Run:
system-view
A filter is configured.
Issue 01 (2011-10-26)
147
If the basic ACL is configured, only the packets with the source addresses that pass the filtering
are forwarded.
If the advanced ACL is configured, only the packets with the source addresses and group
addresses that pass the filtering are forwarded.
----End
Procedure
l
----End
Applicable Environment
This section describes how to adjust control parameters of the C-RP and the C-BSR by using
commands in the ASM model.
NOTE
The configuration is applicable only to a BSR-RP. If you want to use only a static RP in the network, skip
the configuration.
The switch can work properly by using default values of control parameters. The S5700 allows
users to adjust parameters.
NOTE
Issue 01 (2011-10-26)
148
Pre-configuration Tasks
Before adjusting control parameters of the C-RP and C-BSR, complete the following tasks:
l
Data Preparation
To adjust various control parameters of the C-RP and C-BSR, you need the following data.
No.
Data
C-RP priority
Timeout of the period during which a BSR waits to receive Advertisement messages
from a C-RP
Priority of a C-BSR
Context
Do as follows on the switch configured with the C-RP:
NOTE
You can re-set various parameters of a C-RP. This configuration is optional. If there is no specific
requirement, default values of parameters are recommended.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
149
The interval during which the C-RP sends Advertisement messages is set.
Step 5 Run:
c-rp holdtime interval
The time for holding the Advertisement message from a C-RP is set. The value must be greater
than the interval for a C-RP to send advertisement messages.
The C-RP periodically sends advertisement messages to the BSR. After receiving the
advertisement messages, the BSR obtains the Holdtime of the C-RP from the message. During
the Holdtime, the C-RP is valid. When the Holdtime expires, the C-RP ages out.
----End
Context
Do as follows on the switch configured with the C-BSR:
NOTE
You can re-set various parameters of a C-BSR. This configuration is optional. If there is no specific
requirement, the default values of parameters are recommended.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
150
The time of holding the Bootstrap message received from a BSR is set.
The BSR periodically sends a Bootstrap message to the network. After receiving the Bootstrap
message, the switchs keep the message for a certain time. During the period, the BSR election
stops temporarily. If the Holdtime timer times out, a new round of BSR election is triggered
among C-BSRs.
NOTE
Ensure that the value of c-bsr holdtime is greater than the value of c-bsr interval. Otherwise, the winner
of BSR election cannot be fixed.
----End
Context
Do as follows on the switch that may become the BSR boundary:
Procedure
Step 1 Run:
system-view
The BSR boundary is configured. Bootstrap messages cannot pass the BSR boundary.
By default, all the PIM-SM switchs on the network can receive Bootstrap messages.
----End
Issue 01 (2011-10-26)
151
Context
Do as follows on all switches in the PIM-SM domain:
NOTE
By default, all BSR packets are received without the BSR source address check.
Procedure
Step 1 Run:
system-view
Context
Do as follows on all the C-BSRs in the PIM-SM domain:
NOTE
This configuration is optional. By default, a switch does not check the C-RP address and the group address
contained in a received Advertisement message and adds them to the RP-set.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
152
The range of the valid C-RP addresses and the range of the multicast group addresses that a
switch serves are specified. When receiving an Advertisement message, the switch checks the
C-RP address and the addresses of the groups that the C-RP serves in the message. The C-RP
address and the addresses of the groups that the C-RP serves are added to the RP-Set only when
they are in the valid address range. The C-RP spoofing can thus be prevented.
----End
Procedure
l
Run the display pim bsr-info command to check the BSR in a PIM-SM domain.
Run the display pim rp-info [ group-address ] command to check the RP in a PIM-SM
domain.
----End
Applicable Environment
This section describes how to configure a BSR administrative domain in the ASM model through
commands.
In the traditional mode, a PIM-SM network maintains only one BSR and all multicast groups in
the network are in the administrative range of the BSR. To better manage the domains, the PIMSM network is divided into multiple BSR administrative domains. Each BSR administrative
domain maintains only one BSR that serves specified multicast groups. BSR administrative
Issue 01 (2011-10-26)
153
domains are geographically isolated. Multicast packets of a BSR administrative domain cannot
pass the border of the domain.
The address of a multicast group served by a BSR administrative domain is valid only in the
BSR administrative domain. The addresses of multicast groups served by different BSR
administrative domains can be identical and these addresses are equal to private multicast group
addresses.
Multicast groups that do not belong to any BSR administrative domain are served by the global
domain. Global domain maintains only one BSR that serves the remaining multicast groups.
Dividing a PIM-SM network into multiple BSR administrative domains and a global domain
effectively reduces the load of a single BSR, and provides a special service for specific multicast
groups.
The switch can work normally under the control of default values. The S5700 allows users to
adjust the parameters.
NOTE
Pre-configuration Tasks
Before configuring a BSR administrative domain, complete the following tasks:
l
Data Preparation
To configure a BSR administrative domain, you need the following data.
No.
Data
Priority and hash mask length for electing a BSR in a BSR domain
Priority and hash mask length of electing the global domain BSR
Context
Do as follows on all switchs in the PIM-SM network:
Procedure
Step 1 Run:
system-view
154
Step 2 Run:
pim
Context
Do as follows on all switchs at the boundary of a BSR administrative domain:
NOTE
The switchs outside the BSR administrative domain cannot forward the multicast packets of the BSR
administrative domain.
Procedure
Step 1 Run:
system-view
The BSR administrative domain boundary is configured. Multicast packets that belong to the
BSR administrative domain cannot traverse the boundary.
----End
Context
Do as follows on all C-BSRs:
Issue 01 (2011-10-26)
155
NOTE
Procedure
l
Run:
system-view
Run:
pim
Run:
c-bsr group group-address { mask | mask-length } [ hash-length hashlength | priority priority ] *
Run:
system-view
Run:
pim
Run:
c-bsr global [ hash-length hash-length | priority priority ] *
156
Procedure
l
Run the display pim bsr-info command to check the BSR in a PIM-SM domain.
Run the display pim rp-info [ group-address ] command to check the RP in a PIM-SM
domain.
----End
Applicable Environment
The configuration in this section is applicable to both the ASM model and the SSM model.
The PIM switchs send Hello messages to each other to establish the neighbor relationship,
negotiate the control parameters, and elect a DR.
The switch can work normally by default. The S5700 allows the users to adjust the parameters
as required.
NOTE
Pre-configuration Tasks
Before configuring control parameters for establishing the neighbor relationship, complete the
following tasks:
l
Data Preparation
To adjust the control parameters for establishing the neighbor relationship, you need the
following data.
Issue 01 (2011-10-26)
157
No.
Data
DR switchover delay, that is, the period during which the original entries are still
valid when the interface changes from a DR to a non-DR.
Context
Do as follows on the PIM-SM switch.
NOTE
Procedure
l
Global Configuration
1.
Run:
system-view
Run:
pim
Run:
timer hello interval
Run:
hello-option holdtime interval
158
If no Hello message is received after the interval expires, the neighbor is considered
unreachable.
l
Configuration on an Interface
1.
Run:
system-view
Run:
interface interface-type interface-number
Run:
pim timer hello interval
Run:
pim triggered-hello-delay interval
Run:
pim hello-option holdtime interval
Run:
pim require-genid
The Generation ID option is contained in a received Hello message. The Hello message
without the Generation ID option is rejected.
By default, the switch handles the Hello message without the Generation option.
----End
Context
Do as follows on the PIM-SM switch:
NOTE
Issue 01 (2011-10-26)
159
Procedure
l
Global Configuration
1.
Run:
system-view
Run:
pim
Run:
hello-option dr-priority priority
Configuration on an Interface
1.
Run:
system-view
Run:
interface interface-type interface-number
Run:
pim hello-option dr-priority priority
Run:
pim timer dr-switch-delay interval
160
Context
Do as follows on the PIM-SM switch:
NOTE
Procedure
l
Global configuration
1.
Run:
system-view
Run:
pim
Run:
hello-option neighbor-tracking
The function of tracking downstream neighbors cannot be implemented unless all the PIM
switchs in the shared network segment are enabled with this function.
Configuration on an interface
1.
Run:
system-view
Run:
interface interface-type interface-number
Run:
pim hello-option neighbor-tracking
161
After this function is enabled, information about the downstream neighbor who has
sent a Join message and whose Join state does not times out is recorded.
NOTE
The function of tracking downstream neighbors cannot be implemented unless all PIM
switchs in the shared network segment are enabled with this function.
----End
Context
To prevent some switch from being involved in the PIM protocol and prevent the switch from
becoming the DR, filtering PIM neighbors is required.
Do as follows on the switch enabled with PIM-SM:
Procedure
Step 1 Run:
system-view
Procedure
l
Run the display pim neighbor [ neighbor-address | interface interface-type interfacenumber | verbose ] * command to check a PIM neighbor.
----End
Issue 01 (2011-10-26)
162
Applicable Environment
This section describes how to configure the control parameters of the source registering through
commands.
In a PIM-SM network, the DR directly connected to the source S encapsulates multicast data in
a Register message and sends it to the RP in unicast mode. The RP then decapsulates the message,
and forwards it along the RPT.
After the SPT switchover on the RP is complete, the multicast data reaches the RP along the
SPT tree in the multicast mode. The RP sends a Register-stop message to the DR at the source
side. The SDR stops sending Register messages and enters the suppressed state. During the
register suppression, the SDR periodically sends null-register packets to inform that the source
is still in the active state. After the timeout of the register suppression, the SDR starts to send
Register message again.
The switch can work normally under the control of default values. The S5700 allows the users
to adjust the parameters as required.
NOTE
Pre-configuration Tasks
Before adjusting control parameters for source registering, complete the following tasks:
l
Data Preparation
To adjust control parameters for source registering, you need the following data.
Issue 01 (2011-10-26)
No.
Data
163
No.
Data
Context
Do as follows on all switchs that may become an RP:
Procedure
Step 1 Run:
system-view
Context
Do as follows on all the switchs that may become the DR at the multicast source side:
Issue 01 (2011-10-26)
164
Procedure
Step 1 Run:
system-view
Procedure
l
----End
Applicable Environment
The configurations in this section are applicable to the ASM model and the SSM model.
When the first member of a group appears in the network segment, the switch sends a Join
message through an upstream interface, requiring the upstream switch to forward packets to the
network segment.
Issue 01 (2011-10-26)
165
When the last member of the group leaves, the switch sends a Prune message through an upstream
interface, requiring the upstream switch to perform the Prune action and to stop forwarding
packets to this network segment. If other downstream switchs in this network segment still want
to receive data of this group, they must send a Join message to override the Prune action.
In the ASM model, a switch periodically sends Join messages to the RP to prevent RPT branches
from being deleted due to timeout.
The switch can work normally under the control of default values. The S5700 allows users to
adjust the parameters as required.
NOTE
Pre-configuration Tasks
Before adjusting control parameters for forwarding, complete the following tasks:
l
Data Preparation
To adjust control parameters for forwarding, you need the following data.
No.
Data
Number or name of the ACL used to filter join information in the Join/Prune messages
Whether neighbor check needs to be performed after Join/Prune message and Assert
messages are sent or received
Context
Do as follows on the PIM-SM switch:
Issue 01 (2011-10-26)
166
NOTE
Procedure
l
Global Configuration
1.
Run:
system-view
Run:
pim
Run:
timer join-prune interval
Run:
holdtime join-prune interval
The interval for holding the forwarding state of a downstream interface is set.
l
Configuration on an Interface
1.
Run:
system-view
Run:
interface interface-type interface-number
Run:
pim timer join-prune interval
Run:
pim holdtime join-prune interval
The interval for holding the forwarding state of a downstream interface is set.
5.
Run:
pim require-genid
The Generation ID option is contained in a received Hello message. The Hello message
without the Generation ID option is rejected.
By default, the switch handles the Hello message without the Generation option.
The change of the Generation ID in the Hello message received from an upstream
neighbor indicates that the upstream neighbor is lost or the status of the upstream
Issue 01 (2011-10-26)
167
neighbor has changed. The switch immediately sends the Join/Prune message to the
upstream switch to refresh the status.
----End
Context
Do as follows on the PIM-SM switch:
NOTE
Procedure
l
Global Configuration
1.
Run:
system-view
Run:
pim
Run:
hello-option lan-delay interval
Run:
hello-option override-interval interval
Configuration on an Interface
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
168
1.
Run:
system-view
Run:
interface interface-type interface-number
Run:
pim hello-option lan-delay interval
Run:
pim hello-option override-interval interval
Context
A Join/Prune message received by an interface may contain both join information and prune
information. You can configure the switch to filter join information based on ACL rules. The
switch then creates PIM entries for only the join information matching ACL rules, which can
avoid access of illegal users.
Do as follows on the switch enabled with PIM-SM:
Procedure
Step 1 Run:
system-view
169
Context
By default, checking whether the Join/Prune message and Assert messages are sent to or received
from a PIM neighbor is not enabled.
If PIM neighbor checking is required, it is recommended to configure the neighbor checking
function on the devices connected with user devices rather than on the internal devices of the
network. Then, the switch checks whether the Join/Prune and Assert messages are sent to or
received from a PIM neighbor. If not, the switch drops the messages.
Do as follows on the switch enabled with PIM-SM:
Procedure
Step 1 Run:
system-view
Procedure
l
Run the display pim control-message counters [ message-type { assert | graft | graftack | hello | join-prune | state-refresh | bsr } | interface interface-type interfacenumber ] * command to check the number of sent or received PIM control messages.
Issue 01 (2011-10-26)
170
Applicable Environment
The configurations in this section ares applicable to the ASM model and the SSM model.
If a PIM-SM switch receives multicast data through a downstream interface, it indicates that
other upstream switchs exist in this network segment. switchs send Assert messages to elect the
unique upstream switch.
The switch can work normally under the control of default values. The S5700 allows users to
adjust the parameters as required.
NOTE
Pre-configuration Tasks
Before adjusting control parameters for assert, complete the following tasks:
l
Data Preparation
To adjust control parameters for assert, you need the following data.
Issue 01 (2011-10-26)
171
No.
Data
Context
Do as follows on all the switchs in the PIM-SM domain:
NOTE
Procedure
l
Global Configuration
1.
Run:
system-view
Run:
pim
Run:
holdtime assert interval
Run:
system-view
Run:
interface interface-type interface-number
Run:
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
172
Procedure
l
Run the display pim control-message counters [ message-type { assert | graft | graftack | hello | join-prune | state-refresh | bsr } | interface interface-type interfacenumber ] * command to check the number of sent or received PIM control messages.
----End
173
Applicable Environment
This section describes how to configure the control parameters of the SPT switchover through
commands.
In a PIM-SM network, each multicast group corresponds to an RPT. At first, all multicast sources
encapsulate data in Register messages, and send them to the RP in the unicast mode. The RP
decapsulates the messages and forwards them along the RPT.
Forwarding multicast data by using the RPT has the following defects:
l
The DR at the source side and the RP need to encapsulate and decapsulate packets.
Forwarding path may not be the shortest path from the source to receivers.
Large-volume data flow increases the load of the RP, and may cause a fault.
SPT switchover triggered by the RP: The RP sends a Join message to the source, and
establishes a multicast route along the shortest path from the source to the RP. The
subsequent packets are forwarded along the path.
SPT switchover triggered by the DR at the member side: The DR at the member side checks
the forwarding rate of multicast data. If the DR finds that the rate exceeds the threshold,
the DR tiggers the SPT switchover immediately. The DR sends a Join message to the source,
and establishes a multicast route along the shortest path from the source to the DR. The
subsequent packets are forwarded along the path.
Switchs can work normally under the control of default values. The S5700 allows users to adjust
the parameters as required.
NOTE
Pre-configuration Tasks
Before configuring the SPT switchover, complete the following tasks:
l
Data Preparation
To configure the SPT switchover, you need the following data.
Issue 01 (2011-10-26)
No.
Data
Rate threshold that a leaf PIM switch switches packets from the RPT to the SPT
Group filtering policy and sequence policy for the switchover from the RPT to the
SPT
Interval for checking the rate threshold of multicast data before the RPT-to-SPT
switchover
174
Context
Do as follows on all the switchs that may become a DR at the member side:
Procedure
Step 1 Run:
system-view
The interval for checking the forwarding rate of multicast data is set.
----End
Procedure
l
Issue 01 (2011-10-26)
175
Networking Requirements
Generally, if the current DR in a shared network segment is faulty, other PIM neighbors triggers
a new round of DR election only after the neighbor relationship times out. The duration that data
transmission is interrupted is not shorter than the timeout period of the neighbor relationship.
Generally, it is of second level.
BFD features fast detection of faults, and is up to the millisecond level. BFD can detect statuses
of PIM neighbors in the shared network segment. When BFD detects that a peer is faulty, BFD
immediately reports it to PIM. PIM then triggers a new round of DR election without waiting
for the timeout of the neighbor relationship. This shortens the duration of interruption of data
transmission and enhances the reliability of the network.
PIM BFD is also applicable to the assert election in a shared network segment. It can fast respond
to the fault of the interface that wins the assert election.
Pre-configuration Tasks
Before configuring PIM BFD, complete the following task:
l
Data Preparation
To configure PIM BFD, you need the following data.
Issue 01 (2011-10-26)
No.
Data
Minimum intervals for sending and receiving BFD detection messages, and local
detection multiple
176
Context
NOTE
This function is applicable to NBMA interfaces and broadcast interfaces rather than MTunnel interfaces.
Procedure
Step 1 Run:
system-view
Context
Do as follows on two PIM switchs that set up the neighbor relationship:
Procedure
Step 1 Run:
system-view
177
Step 3 Run:
pim bfd { min-tx-interval tx-value | min-rx-interval rx-value | detect-multiplier
multiplier-value }*
Procedure
l
Run the following commands to check information about a PIM BFD session.
display pim bfd session statistics
display pim bfd session [ interface interface-type interface-number | neighbor
neighbor-address ] *
----End
Applicable Environment
On the access layer, the interface directly connected to hosts needs to be enabled with PIM. You
can establish the PIM neighbor relationship on the interface to process various PIM packets. The
configuration, however, has potential risks of security. When a host maliciously generates PIM
Hello packets and sends the packets in large quantity, the switch may fail.
To solve the problem, set the status of the interface to PIM silent. When the interface is in PIM
silent state, the interface is prevented from receiving and forwarding any PIM packet. All PIM
neighbors and PIM state machines on the interface are deleted. The interface acts as the static
DR and immediately takes effect. At the same time, IGMP and MLD on the interface are not
affected.
Issue 01 (2011-10-26)
178
PIM silent is applicable only to the interface directly connected to the host network segment that
is connected only to this switch.
CAUTION
If PIM silent is enabled on the interface connected to a switch, the PIM neighbor relationship
cannot be set up and a multicast fault may occur.
If the host network segment is connected to multiple switchs and PIM silent is enabled on
multiple interfaces, the interfaces become static DRs. Therefore, multiple DRs exist in this
network segment, and a fault occurs.
Pre-configuration Tasks
Before configuring PIM silent, complete the following tasks:
l
Configuring PIM-SM
Configuring IGMP
Data Preparation
To configure PIM silent, you need the following data.
No.
Data
Context
Do as follows on the interface connected to the host network segment:
Procedure
Step 1 Run:
system-view
179
Prerequisite
All the configurations of PIM silent are complete.
Procedure
l
----End
Example
Run the display pim interface verbose command, and you can find that the configuration is
complete.
<SwitchA> display pim interface verbose
VPN-Instance: public net
Interface: Vlanif10, 2.2.2.2
PIM version: 2
PIM mode: Sparse
PIM DR: 2.2.2.2 (local)
PIM DR Priority (configured): 1
PIM neighbor count: 0
PIM hello interval: 30 s
PIM LAN delay (negotiated): 500 ms
PIM LAN delay (configured): 500 ms
PIM hello override interval (negotiated): 2500 ms
PIM hello override interval (configured): 2500 ms
PIM Silent: enabled
PIM neighbor tracking (negotiated): disabled
PIM neighbor tracking (configured): disabled
PIM generation ID: 0X2649E5DA
PIM require-genid: disabled
PIM hello hold interval: 105 s
PIM assert hold interval: 180 s
PIM triggered hello delay: 5 s
PIM J/P interval: 60 s
PIM J/P hold interval: 210 s
PIM BSR domain border: disabled
PIM BFD: disabled
PIM dr-switch-delay timer : not configured
Number of routers on link not using DR priority: 0
Number of routers on link not using LAN delay: 0
Number of routers on link not using neighbor tracking: 1
ACL of PIM neighbor policy: ACL of PIM ASM join policy: -
Issue 01 (2011-10-26)
180
Context
CAUTION
The statistics of PIM control messages on an interface cannot be restored after you clear it. So,
confirm the action before you use the command.
Procedure
l
Run the reset pim control-message counters [ interface interface-type interfacenumber ] command in the user view to clear the statistics of PIM control messages on an
interface.
----End
Context
CAUTION
Clearing PIM status of the downstream interfaces may trigger the sending of corresponding Join/
Prune messages, which affects multicast services.
Using the following command can clear join information about illegal users, and clear the PIM
status of the specified interface in a specified entry, such as PIM Join/Prune status and Assert
status.
The command cannot be used to clear the IGMP or static group join status on a specified
interface.
Issue 01 (2011-10-26)
181
Procedure
Step 1 After confirming that PIM status of the specified downstream interfaces of the specified PIM
entry need to be cleared, run the reset pim routing-table group group-address mask { groupmask-length | group-mask } source source-address interface interface-type interface-number
command in the user view.
----End
Context
In routine maintenance, you can run the following commands in any view to check the running
status of PIM-SM.
Procedure
l
Run the display pim claimed-route [ source-address ] command in any view to check the
unicast routes used by PIM.
Run the display pim bfd session [ interface interface-type interface-number | neighbor
neighbor-address ] * command in any view to check information about a PIM BFD session.
Run the display pim control-message counters [ message-type { assert | graft | graftack | hello | join-prune | state-refresh | bsr } | interface interface-type interfacenumber ] * command in any view to check the number of sent or received PIM control
messages.
Run the following commands in any view to check the PIM routing table.
display pim routing-table [ group-address [ mask { group-mask-length | groupmask } ] | source-address [ mask { source-mask-length | source-mask } ] | incominginterface { interface-type interface-number | register } | outgoing-interface
{ include | exclude | match } { interface-type interface-number | register | none } |
mode { dm |sm | ssm } | flags flag-value | fsm ] * [ outgoing-interface-number
[ number ] ]
display pim routing-table [ group-address [ mask { group-mask-length | groupmask } ] | source-address [ mask { source-mask-length | source-mask } ] | incominginterface { interface-type interface-number | register } | outgoing-interface
{ include | exclude | match } { interface-type interface-number | register | none } |
mode { dm | sm | ssm } | flags flag-value | fsm ] * [ outgoing-interface-number
[ number ] ]
display pim routing-table brief [ group-address [ mask { group-mask-length | groupmask } ] | source-address [ mask { source-mask-length | source-mask } ] | incominginterface { interface-type interface-number | register } ] *
Issue 01 (2011-10-26)
182
Run the display pim rp-info [ group-address ] command in any view to check information
about the RP to which a multicast group corresponds.
----End
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, execute the undo
debugging all command to disable it immediately.
When a PIM fault occurs, run the following debugging command in the user view to debug PIM
and locate the fault.
Procedure
l
Run the debugging pim all command in the user view to enable all the debugging of PIM.
Run the debugging pim event [ advanced-acl-number ] command in the user view to enable
the debugging of PIM events.
Run the debugging pim routing-table [ advanced-acl-number ] command in the user view
to enable the debugging of PIM routes.
Run the debugging pim rp [ receive | send ] command in the user view to enable the
debugging of the PIM BSR and the debugging of PIM RP.
Run the debugging pim register [ advanced-acl-number ] command in the user view to
enable the debugging of PIM Register.
Run the debugging pim msdp [ advanced-acl-number ] command in the user view to
enable the debugging of the information exchanged between PIM and MSDP.
Run the debugging pim bfd { all | create | delete | event } command in the user view to
enable the debugging of PIM BFD.
----End
183
Ethernet
SwitchA
GE0/0/3
Ethernet
GE0/0/2
N1
Receiver
GE0/0/1
HostA
SwitchE
GE0/0/2
GE0/0/3 PIM-SM
Leaf networks
Source GE0/0/3
GE0/0/1
GE0/0/2
GE0/0/2
GE0/0/4
Receiver
SwitchD
GE0/0/1
GE0/0/4 GE0/0/1
SwitchB
GE0/0/2
HostB
GE0/0/1
SwitchC
N2
Ethernet
Switch
Physical interface
VLANIF interface
IP address
Switch A
GE 0/0/1
VLANIF 100
192.168.9.1/24
GE 0/0/2
VLANIF 101
10.110.1.1/24
GE 0/0/3
VLANIF 200
192.168.1.1/24
GE 0/0/1
VLANIF 300
192.168.2.1/24
GE 0/0/2
VLANIF 102
10.110.2.1/24
GE 0/0/1
VLANIF 102
10.110.2.2/24
GE 0/0/2
VLANIF 400
192.168.3.1/24
GE 0/0/1
VLANIF 500
192.168.4.2/24
GE 0/0/2
VLANIF 200
192.168.1.2/24
GE 0/0/3
VLANIF 103
10.110.5.1/24
GE 0/0/4
VLANIF 104
10.110.4.1/24
GE 0/0/1
VLANIF 400
192.168.3.2/24
GE 0/0/2
VLANIF 300
192.168.2.2/24
GE 0/0/3
VLANIF 100
192.168.9.2/24
GE 0/0/4
VLANIF 500
192.168.4.1/24
Switch B
Switch C
Switch D
Switch E
Issue 01 (2011-10-26)
184
Configuration Roadmap
The ISP network connects to the Internet. The PIM-SM protocol is used to configure the
multicast function, which facilitates service expansion. The ASM and SSM models provide
multicast services. The configuration roadmap is as follows:
1.
Configure the IP addresses of interfaces and the unicast routing protocol. PIM is an intradomain multicast routing protocol that depends on a unicast routing protocol. The multicast
routing protocol can work normally after the unicast routing protocol works normally.
2.
Enable multicast on all switches providing multicast services. Before configuring other
PIM-SM functions, you must enable the multicast function.
3.
Enable PIM-SM on all the interfaces of switches. After PIM-SM is enabled, you can
configure other PIM-SM functions.
NOTE
If IGMP is also required on this interface, PIM-SM must be enabled before IGMP is enabled. The
configuration order cannot be reversed; otherwise, the configuration of PIM fails.
4.
Enable IGMP on the interfaces of switches connected to hosts. A receiver can join and
leave a multicast group freely by sending an IGMP message. The leaf switches maintain
the multicast membership through IGMP.
5.
Enable the PIM silent function on interface that is directly connected to hosts. In this
manner, malicious hosts are prevented from simulating PIM Hello messages and security
of multicast routers is ensured.
NOTE
PIM silent is applicable only to the interfaces of a switch directly connected to the host network
segment that is connected only to this switch.
6.
Configure the RP. The RP is a root node of an RPT on the PIM-SM network. It is
recommended that you configure the RP on a device that has more multicast flows, for
example, Switch E in Figure 7-2.
NOTE
l After creating an (*, G) entry according to the new multicast membership, the DR on the user
side sends Join/Prune messages towards the RP and updates the shared tree on the path.
l When a multicast data source starts to send data to groups, the DR unicasts the Register message
to the RP. After receiving the Register message, the RP decapsulates it and then forwards it to
other multicast members along the shared tree. At the same time, the RP sends a Register-Stop
message to the DR on the multicast source side. After the Register-Stop is performed, the RPT
can be switched to the SPT.
7.
(Optional) Set the BSR boundary on the interfaces connected to the Internet. The Bootstrap
message cannot pass through the BSR boundary; therefore, the BSR serves only this PIMSM domain. In this manner, multicast services can be controlled effectively.
8.
(Optional) Configure range of SSM group addresses on each Switch . Ensure that switches
in the PIM-SM domain provide services only for multicast groups in the range of SSM
group addresses. In this manner, multicast can be controlled effectively.
NOTE
This configuration example describes only the commands used to configure PIM-SM.
Data Preparation
To complete the configuration, you need the following data:
Issue 01 (2011-10-26)
185
Version of the IGMP protocol running between routers and hosts: IGMPv3
Procedure
Step 1 Configure the IP address of each interface and the unicast routing protocol.
# Configure IP addresses and masks of interfaces on the switches according to Figure 7-2.
Configure OSPF between switches to ensure that the switches can communicate at the network
layer and update routes through the unicast routing protocol.
For details on how to configure IP addresses of interfaces, see IP Addresses Configuration in
the Quidway S5700 Series Ethernet Switches Configuration Guide - IP Service. For details on
how to configure OSPF, see OSPF Configuration in the Quidway S5700 Series Ethernet Switches
Configuration Guide - IP Routing.
Step 2 Enable multicast on all switches and PIM-SM on all interfaces.
# Enable multicast on all the switches and enable PIM-SM on all interfaces. The configurations
of Switch B, Switch C, and Switch D are similar to the configuration of Switch A, and are not
provided here.
[SwitchA] multicast
[SwitchA] interface
[SwitchA-Vlanif101]
[SwitchA-Vlanif101]
[SwitchA] interface
[SwitchA-Vlanif100]
[SwitchA-Vlanif100]
[SwitchA] interface
[SwitchA-Vlanif200]
[SwitchA-Vlanif200]
routing-enable
vlanif 101
pim sm
quit
vlanif 100
pim sm
quit
vlanif 200
pim sm
quit
The RP can be configured in two modes: the static RP and the dynamic RP. The static RP can be configured
together with the dynamic RP. You can also configure only the static RP or the dynamic RP. When the
static RP and the dynamic RP are configured simultaneously, you can change the parameter values to
specify which RP is preferred.
This example shows how to configure the static RP and the dynamic RP and to specify the
dynamic RP as the preferred RP and the static RP as the standby RP.
Issue 01 (2011-10-26)
186
# Configure the dynamic RP on one or more switches in the PIM-SM domain. In this example,
set the service range of the RP and specify the locations of the C-BSR and the C-RP on Switch
E.
[SwitchE] acl number 2008
[SwitchE-acl-basic-2008] rule permit source 225.1.1.0 0.0.0.255
[SwitchE-acl-basic-2008] quit
[SwitchE] pim
[SwitchE-pim] c-bsr vlanif 100
[SwitchE-pim] c-rp vlanif 100 group-policy 2008 priority 0
# Configure static RPs on all switches. The configurations of Switch B, Switch C, Switch D,
and Switch E are similar to configuration on Switch A, and are not provided here.
NOTE
If you enter preferred to the right of static-rp X.X.X.X, the static RP is selected as the RP in the PIM-SM
domain.
[SwitchA] pim
[SwitchA-pim] static-rp 192.168.2.2
Step 6 Configure the BSR boundary on the interface connecting Switch D to the Internet.
[SwitchD] interface vlanif 104
[SwitchD-Vlanif104] pim bsr-boundary
[SwitchD-Vlanif104] quit
DR-Pri
1
1
DR-Address
10.110.2.2
192.168.3.1
(local)
# Run the display pim bsr-info command to view information about BSR election on the
switches. For example, the BSR information on Switch A and Switch E (including the C-BSR
information on Switch E) is as follows:
[SwitchA] display pim bsr-info
VPN-Instance: public net
Elected AdminScoped BSR Count: 0
Elected BSR Address: 192.168.9.2
Priority: 0
Hash mask length: 30
State: Accept Preferred
Scope: Not scoped
Uptime: 01:40:40
Expires: 00:01:42
C-RP Count: 1
[SwitchE] display pim bsr-info
Issue 01 (2011-10-26)
187
# Run the display pim rp-info command to view the RP information on the switches. For
example, the RP information displayed on Switch A is as follows:
[SwitchA] display pim rp-info
VPN-Instance: public net
PIM-SM BSR RP information:
Group/MaskLen: 225.1.1.0/24
RP: 192.168.9.2
Priority: 0
Uptime: 00:45:13
Expires: 00:02:17
PIM SM static RP information:
Static RP: 192.168.2.2
# Run the display pim routing-table command. You can view the PIM multicast routing table.
Host A needs to receive the information from group 225.1.1.1/24, and HostB needs to receive
the information sent by the source 10.110.5.100/24 to the group 232.1.1.1/24. The displayed
information is as follows:
[SwitchA] display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry
(*, 225.1.1.1)
RP: 192.168.9.2
Protocol: pim-sm, Flag: WC
UpTime: 00:13:46
Upstream interface: Vlanif 100,
Upstream neighbor: 192.168.9.2
RPF neighbor: 192.168.9.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif 101
Protocol: igmp, UpTime: 00:13:46, Expires:(10.110.5.100, 225.1.1.1)
RP: 192.168.9.2
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:00:42
Upstream interface: Vlanif 200
Upstream neighbor: 192.168.1.2
RPF neighbor: 192.168.1.2
Downstream interface(s) information:
Total number of downstreams: 1
1: vlanif101
Protocol: pim-sm, UpTime: 00:00:42, Expires:[SwitchD] display pim routing-table
VPN-Instance: public net
Total 0 (*, G) entry; 2 (S, G) entry
Issue 01 (2011-10-26)
188
(10.110.5.100, 225.1.1.1)
RP: 192.168.9.2
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:00:42
Upstream interface: vlanif103
Upstream neighbor: 10.110.5.100
RPF neighbor: 10.110.5.100
Downstream interface(s) information:
Total number of downstreams: 1
1: vlanif200
Protocol: pim-sm, UpTime: 00:00:42, Expires:(10.110.5.100, 232.1.1.1)
Protocol: pim-ssm, Flag:
UpTime: 00:01:20
Upstream interface: vlanif103
Upstream neighbor: 10.110.5.100
RPF neighbor: 10.110.5.100
Downstream interface(s) information:
Total number of downstreams: 1
1: vlanif500
Protocol: pim-ssm, UpTime: 00:01:20, Expires:[SwitchE] display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry
(*, 225.1.1.1)
RP: 192.168.9.2 (local)
Protocol: pim-sm, Flag: WC
UpTime: 00:13:16
Upstream interface: Register
Upstream neighbor: 192.168.4.2
RPF neighbor: 192.168.4.2
Downstream interface(s) information:
Total number of downstreams: 1
1: vlanif100
Protocol: pim-sm, UpTime: 00:13:16, Expires: 00:03:22
(10.110.5.100, 232.1.1.1)
Protocol: pim-ssm, Flag:
UpTime: 00:01:22
Upstream interface: vlanif500
Upstream neighbor: 192.168.4.2
RPF neighbor: 192.168.4.2
Downstream interface(s) information:
Total number of downstreams: 1
1: vlanif400
Protocol: pim-ssm, UpTime: 00:01:22, Expires:[SwitchC] display pim routing-table
VPN-Instance: public net
Total 1 (S, G) entry
(10.110.5.100, 232.1.1.1)
Protocol: pim-ssm, Flag:
UpTime: 00:01:25
Upstream interface: vlanif400
Upstream neighbor: 192.168.3.2
RPF neighbor: 192.168.3.2
Downstream interface(s) information:
Total number of downstreams: 1
1: vlanif102
Protocol: igmp, UpTime: 00:01:25, Expires:-
----End
Issue 01 (2011-10-26)
189
Configuration Files
l
Issue 01 (2011-10-26)
190
interface Vlanif300
ip address 192.168.2.1 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 300
port hybrid untagged vlan 300
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 102
port hybrid untagged vlan 102
#
ospf 1
area 0.0.0.0
network 10.110.2.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
pim
static-rp 192.168.2.2
ssm-policy 2000
#
return
Issue 01 (2011-10-26)
191
#
acl number 2000
rule 5 permit source 232.1.1.0 0.0.0.255
#
interface Vlanif103
ip address 10.110.5.1 255.255.255.0
pim sm
#
interface Vlanif104
ip address 10.110.4.1 255.255.255.0
pim sm
pim bsr-boundary
#
interface Vlanif200
ip address 192.168.1.2 255.255.255.0
pim sm
#
interface Vlanif500
ip address 192.168.4.2 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 500
port hybrid untagged vlan 500
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 103
port hybrid untagged vlan 103
#
interface GigabitEthernet0/0/4
port hybrid pvid vlan 104
port hybrid untagged vlan 104
#
ospf 1
area 0.0.0.0
network 10.110.4.0 0.0.0.255
network 10.110.5.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.4.0 0.0.0.255
#
pim
static-rp 192.168.2.2
ssm-policy 2000
#
return
Issue 01 (2011-10-26)
192
pim sm
#
interface Vlanif400
ip address 192.168.3.2 255.255.255.0
pim sm
#
interface Vlanif500
ip address 192.168.4.1 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 400
port hybrid untagged vlan 400
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 300
port hybrid untagged vlan 300
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
interface GigabitEthernet0/0/4
port hybrid pvid vlan 500
port hybrid untagged vlan 500
#
ospf 1
area 0.0.0.0
network 192.168.3.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 192.168.9.0 0.0.0.255
network 192.168.4.0 0.0.0.255
#
pim
c-bsr vlanif 100
c-rp vlanif 100 group-policy 2008 priority 0
static-rp 192.168.2.2
ssm-policy 2000
#
return
After the delay of PIM DR switchover is set, the downstream receiver may receive two copies of the same
data during the DR switchover and the assert mechanism will be triggered. If you do not want to trigger
the assert mechanism, you do not need to set the DR switchover delay.
Issue 01 (2011-10-26)
193
Figure 7-3 Configuring the PIM BFD networking in the shared network segment
SwitchA
Source
10.1.7.1/24
PIM-SM
GE0/0/1
SwitchC
GE0/0/1
GE0/0/2
SwitchB
GE0/0/2
VLAN100
User1
User2
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure PIM BFD on the interfaces that connect switches to the network segment where
the host is located.
2.
Set the PIM DR switchover delay on the interfaces that connect switches to the network
segment where the host is located.
Data Preparation
To complete the configuration, you need the following data:
l
This configuration example describes only the commands used to configure PIM-SM BFD.
Procedure
Step 1 Configure the IP address of each interface and the unicast routing protocol.
# Configure IP addresses and masks of interfaces on the switches according to Figure 7-3.
Configure OSPF between switches to ensure that the switches can communicate at the network
layer and update routes through the unicast routing protocol.
For details on how to configure IP addresses of interfaces, see IP Addresses Configuration in
the Quidway S5700 Series Ethernet Switches Configuration Guide - IP Service. For details on
how to configure OSPF, see OSPF Configuration in the Quidway S5700 Series Ethernet Switches
Configuration Guide - IP Routing.
Issue 01 (2011-10-26)
194
Step 2 Enable BFD globally and configure PIM BFD in the interface view.
# Enable BFD globally on Switch B and Switch C, enable PIM BFD on the interfaces that are
connected to the network segment where the host resides, and set PIM BFD parameters. The
configuration on Switch C is similar to the configuration on Switch B and is not provided here.
[SwitchB] bfd
[SwitchB-bfd] quit
[SwitchB] interface vlanif 100
[SwitchB-Vlanif100] pim bfd enable
[SwitchB-Vlanif100] pim bfd min-tx-interval 200 min-rx-interval 200 detectmultiplier 3
# Run the display pim bfd session command to display information about the BFD session on
each switch. You can check whether the BFD session is set up on each switch.
[SwitchB] display pim bfd session
VPN-Instance: public net
Issue 01 (2011-10-26)
195
ActTx(ms)
200
ActRx(ms)
200
ActMulti
3
Local/Remote
8192/8192
State
Up
# Run the display pim routing-table command to view the PLM routing table. SwitchC
functions as the DR. The (S, G) and (*, G) entries exist. The displayed information is as follows:
[SwitchC] display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry
(*, 225.1.1.1)
RP: 10.1.5.2
Protocol: pim-sm, Flag: WC
UpTime: 00:13:46
Upstream interface:
vlanif200,
Upstream neighbor: 10.1.2.2
RPF neighbor: 10.1.2.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif100,
Protocol: igmp, UpTime: 00:13:46, Expires:(10.1.7.1, 225.1.1.1)
RP: 10.1.5.2
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:00:42
Upstream interface: vlanif200
Upstream neighbor: 10.1.2.2
RPF neighbor: 10.1.2.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif100
Protocol: pim-sm, UpTime: 00:00:42, Expires:-
----End
Configuration Files
l
SwitchA needs to be configured with only basic PIM SM functions. The configuration file
is not provided here.
The following is the configuration file of Switch B. The configuration file of Switch C is
similar to the configuration file of Switch B, and is not provided here.
#
sysname SwitchB
#
vlan batch 100 200
#
multicast routing-enable
#
bfd
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
pim sm
igmp enable
pim bfd enable
pim bfd min-tx-interval 200 min-rx-interval 200 detect-multiplier 3
pim timer dr-switch-delay 20
#
interface Vlanif200
ip address 10.1.2.1 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/1
Issue 01 (2011-10-26)
196
Issue 01 (2011-10-26)
197
8 MSDP Configuration
MSDP Configuration
198
8 MSDP Configuration
obtain multicast source information. You can configure filtering rules for receiving SA Request
messages on a specified remote MSDP peer.
8.8 Configuring the Filtering Rules for SA Messages
By default, a device receives all SA messages that pass the RPF check, and forwards the SA
messages to all MSDP peers. To control the transmission of SA messages among MSDP peers,
you can configure rules to filter the constructing, receiving, and forwarding SA messages.
8.9 Configuring MSDP Authentication
MSDP peer authentication contains MSDP MD5 authentication and Key-Chain authentication.
You can choose either authentication mode.
8.10 Maintaining MSDP
Maintaining MSDP involves clearing MSDP peer statistics and (S, G) information in the SA
cache, and monitoring MSDP running status.
8.11 Configuration Examples
Configuration examples are provided to show how to implement PIM-SM inter-domain
multicast through MBGP, how to implement inter-AS multicast through static RPF peers, and
how to configure anycast RP in a PIM-SM domain.
Issue 01 (2011-10-26)
199
8 MSDP Configuration
In the general PIM-SM mode, a multicast source registers only with the local rendezvous point
(RP). The information on the inter-domain multicast sources is isolated. The RP knows only the
source in its domain, establishes a multicast distribution tree (MDT) in its domain, and distributes
the data sent by the source to the local users.
A mechanism is required to enable the local RP to share the information on the multicast sources
of other domains. With the mechanism, the local RP can send Join messages to the multicast
sources of other domains and establish MDTs. Therefore, multicast packets can be transmitted
across domains, and hosts in the local domain can receive data sent by multicast sources in other
domains.
The Multicast Source Discovery Protocol (MSDP) is an inter-area multicast solution based on
multiple interconnected PIM-SM domains, and can solve the preceding problem.
MSDP achieves this objective by setting up the MSDP peer relationship between RPs of different
domains. MSDP peers share the information on multicast sources by sending Source Active
(SA) messages. They transmit the (S, G) information from the RP that the source S registers
with to other RPs connected to members of G.
MSDP peers are connected through the TCP connection. MSDP peers perform the RPF check
on received SA messages.
NOTE
MSDP is applicable only to PIM-SM domains, and useful only for the Any-Source Multicast (ASM) mode.
200
8 MSDP Configuration
Configuring SA Cache
By default, SA-Cache is enabled on switchs. Therefore, switchs can locally store the (S, G)
information carried in SA messages. When required to receive the multicast data, the switchs
can obtain the (S, G) information from the SA-Cache.
You can set the maximum number of cached (S, G) entries, which can effectively prevent the
Denial of Service (DoS) attack.
You can disable SA-Cache on a switch. After the SA-Cache on a switch is disabled, the
switch does not locally store the (S, G) information carried in SA messages. When the switch
needs to receive multicast data, it needs to wait for the SA message to be sent by its MSDP peer
in the next period. This causes a delay for receivers to obtain multicast source information.
Controlling SA Requests
Certain switchs cannot be enabled with SA Cache or the capacity of SA Cache on these
switchs is too small. When these switchs need to receive multicast data, they cannot immediately
obtain the valid (S, G) information but need to wait for the SA message to be sent by their MSDP
peers in the next period.
If SA Cache is enabled on the remote MSDP peer and the capacity of the SA Cache is large, you
can configure "sending SA request messages" on the local switch to reduce the period during
which receivers obtain multicast source information.
At the same time, you can also configure the filtering rules for receiving SA request messages
on the remote MSDP peers.
201
8 MSDP Configuration
Setting the TTL threshold can limit the transmission scope of a multicast data packet contained
in an SA message. After receiving an SA message containing a multicast data packet, an MSDP
peer checks the TTL value in the IP header of the multicast packet. If the TTL value is equal to
or smaller than the threshold, the MSDP peer does not forward the SA message to the specific
remote peers. If the TTL value is greater than the threshold, the MSDP peer reduces the TTL
value in the IP header of the multicast packet by 1, and then encapsulates the multicast packet
in an SA message and sends the message out.
Setting rules for filtering SA messages based on multicast sources on the source RP
The source RP filters active multicast sources that register with the local switch, and then
determines whether to send (S, G) entries based on the rules.
Setting rules for filtering SA messages received from remote MSDP peers
When an SA message sent by a remote MSDP peer reaches the local switch, the switch
determines whether to receive the message based on the rules.
MSDP Authentication
Configuring MSDP MD5 or Key-Chain authentication can improve the security of TCP
connections set up between MSDP peers. Note that the MSDP peers must be configured with
the same authentication password; otherwise, the TCP connection cannot be set up between
MSDP peers and MSDP messages cannot be transmitted.
Applicable Environment
When a large multicast network is divided into multiple PIM-SM domains, MSDP is used to
connect RPs of various domains to share the source information. In this manner, hosts in a domain
can receive multicast data sent by multicast sources in other domains.
To ensure that all RPs in the network can share the source information, reduce the scale of an
MSDP connected graph. It is recommended to configure MSDP peer relationships between all
RPs, including static RPs and C-RPs, in the network.
Issue 01 (2011-10-26)
202
8 MSDP Configuration
To ensure that SA messages transmitted between MSDP peers are not interrupted by RPF rules
and to reduce redundant traffic, the following solutions are recommended:
l
If MSDP peers are in different ASs, select either of the following solutions:
Establish an MBGP peer relationship and use the same interface address.
Configure each other as a static RPF peer.
NOTE
Both BGP and MBGP can be used to set up inter-AS EBGP peer relationships. MBGP is recommended
because MBGP does not affect the unicast topology of a network.
Pre-configuration Tasks
Before configuring PIM-SM inter-domain multicast, complete the following tasks:
l
Enabling IP multicast
Data Preparation
To configure PIM-SM inter-domain multicast, you need the following data.
No.
Data
Context
Do as follows on the RPs of all PIM-SM domains that belong to the same AS:
Procedure
Step 1 Run:
system-view
203
8 MSDP Configuration
msdp
MSDP is enabled in the public network instance and the MSDP view is displayed.
Step 3 Run:
peer peer-address connect-interface interface-type interface-number
The system does not advertise routes on MTIs to VPNs; therefore, it is not allowed to use MTIs to set up
an MSDP peer connection.
204
8 MSDP Configuration
Context
Establish the MBGP peer relationship between two RPs of different ASs and do as follows on
the MBGP peers:
NOTE
If the two RPs set up the BGP peer relationship, it is not necessary to set up the MBGP peer relationship
between them.
Procedure
Step 1 Run:
system-view
MSDP is enabled in the public network instance, and the MSDP view is displayed.
Step 3 Run:
peer peer-address connect-interface interface-type interface-number
Context
NOTE
If Configuring Inter-AS MSDP Peers on MBGP Peers is complete, skip the configuration.
Issue 01 (2011-10-26)
205
8 MSDP Configuration
Procedure
Step 1 Run:
system-view
MSDP is enabled in the public network instance, and the MSDP view is displayed.
Step 3 Run:
peer peer-address connect-interface interface-type interface-number
Procedure
l
Issue 01 (2011-10-26)
Run the display msdp brief command to check the brief information about the statuses of
all remote peers that establish MSDP peer relationships with the local host.
Huawei Proprietary and Confidential
Copyright Huawei Technologies Co., Ltd.
206
8 MSDP Configuration
Run the display msdp peer-status [ peer-address ] to check the detailed information about
the statuses of the specified remote peers that establish the MSDP peer relationships with
the local host.
----End
Example
<Quidway> display msdp brief
MSDP Peer Brief Information
Configured
Up
Listen
2
2
0
Peer's Address
192.168.2.1
192.168.4.2
State
UP
UP
Connect
0
Up/Down time
01:07:08
00:06:39
AS
200
100
Shutdown
0
SA Count
8
13
Down
0
Reset Count
0
0
Run the display msdp brief command. If the brief information about the remote MSDP peer
status is displayed, it means that the configuration succeeds. For example:
<Quidway> display msdp brief
MSDP Peer Brief Information
Configured
Up
Listen
2
2
0
Peer's Address
192.168.2.1
192.168.4.2
State
UP
UP
Connect
0
Up/Down time
01:07:08
00:06:39
AS
200
100
Shutdown
0
SA Count
8
13
Down
0
Reset Count
0
0
Applicable Environment
In a traditional PIM-SM domain, each multicast group can be mapped to only one RP. When
the network is overloaded or the traffic is too concentrated, many network problems are caused.
For example, the pressure of the RP is too heavy, switchs converge slowly after the RP fails,
and the multicast forwarding path is not optimal.
After anycast RPs are applied in a PIM-SM domain, the source registers with the nearest RP and
hosts sends Join messages to the nearest RP. That is, the load of a single RP is abated, the RP
backup is implemented, and the forwarding path is optimized.
The recommended configuration solutions are as follows:
l
Issue 01 (2011-10-26)
207
8 MSDP Configuration
Configure the loopback interfaces on the switchs as C-RPs or configure the address of the
loopback interface as a static RP on all switchs in the PIM-SM domain.
Set up the MSDP peer relationship between the switchs. If the number of switchs is greater
than three, it is recommended to set up the MSDP peer relationship between the switchs
and configure them to join the same mesh group.
Specify the logical RP address to transmit SA messages between the MSDP peers.
Pre-configuration Tasks
Before configuring an anycast RP in a PIM-SM domain, complete the following tasks:
l
Enabling IP multicast
Data Preparation
To configure an anycast RP in a PIM-SM domain, you need the following data.
No.
Data
RP address
Context
Use a unicast routing protocol in the current network to advertise the address of the newly
configured RP interface. Ensure that all switchs in the network have a route to the RP.
In the PIM-SM domain, do as follows on multiple switchs on which the anycast RP is to be
configured:
Procedure
Step 1 Run:
system-view
208
8 MSDP Configuration
Step 2 Run:
interface loopback interface-number
Before configuring a dynamic RP, you need to run this command. This command is not required when you
configure a static RP.
----End
Context
NOTE
l If the PIM-SM network uses a static RP, the configuration is not necessary.
l If the PIM-SM network uses a BSR-RP, the configuration is mandatory. Before configuring a C-RP,
configure a BSR and BSP boundary. The BSR address cannot be the same as the C-RP address.
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
209
8 MSDP Configuration
Context
NOTE
l When the PIM-SM network uses a BSR-RP, the configuration is not necessary.
l When the PIM-SM network uses a static RP, the configuration is mandatory.
Procedure
Step 1 Run:
system-view
Context
Do as follows on multiple switchs on which an anycast RP is to be created:
NOTE
If the number of switchs configured with the RPs that have the same IP address exceeds two, ensure the
interconnection between the switchs that set up MSDP peer relationship.
Procedure
Step 1 Run:
system-view
210
8 MSDP Configuration
Step 2 Run:
msdp
MSDP is enabled in the public network instance, and the MSDP view is displayed.
Step 3 Run:
peer peer-address connect-interface interface-type interface-number
211
8 MSDP Configuration
Context
After receiving an SA message, an MSDP peer performs the RPF check on the message. If the
remote RP address carried in the SA message is the same as the local RP address, the SA message
is discarded.
Do as follows on the switchs on which the anycast RP is to be configured:
Procedure
Step 1 Run:
system-view
The logical RP interface is configured. The logical RP interface cannot be the same as the actual
RP interface. It is recommended to configure the logical interface as the MSDP peer interface.
After the originating-rp command is used, the logical RP address carried in the SA message
sent by the switch replaces the RP address in the IP header of the SA message, and the SA
message can pass the RPF check after reaching the remote switch.
NOTE
The system does not advertise routes on the MTIs to VPNs; therefore, the MTIs cannot be used as logical
RPs.
----End
Procedure
l
Run the display msdp brief command to check the the brief information of the MSDP peer
status.
Run the display pim routing-table command to check the information about the RP
corresponding to the PIM routing table.
----End
Example
Run the display msdp [ vpn-instance vpn-instance-name | all-instance ] brief command. If the
brief information about the remote MSDP peer status is displayed, it means that the configuration
succeeds. For example:
Issue 01 (2011-10-26)
212
8 MSDP Configuration
State
UP
Connect
0
Up/Down time
00:10:17
AS
?
Shutdown
0
SA Count
0
Down
0
Reset Count
0
Run the display pim routing-table command. If the RP information corresponding to the
routing table is displayed, it means that the configuration succeeds. For example:
<Quidway> display pim routing-table
Total 0 (*, G) entry; 1 (S, G) entry
(10.11.1.2, 225.1.1.1)
RP: 7.7.7.7 (local)
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:01:57
Upstream interface: Vlanif10
Upstream neighbor: 10.3.1.2
RPF prime neighbor: 10.3.1.2
Downstream interface(s) information:
Total number of downstreams: 1
1: Vlanif20
Protocol: pim-sm, UpTime: - , Expires:
Applicable Environment
MSDP peers are connected by the TCP connection (the port number is 639). Users can close or
reestablish a TCP connection, and flexibly control the sessions set up between MSDP peers.
When a new MSDP peer is created, or when a closed MSDP peer connection is restarted, or
when a faulty MSDP peer tries recovering, the TCP connection needs to be immediately set up
between MSDP peers. Users can flexibly adjust the interval for retrying setting up an MSDP
peer connection.
Pre-configuration Tasks
Before managing MSDP peer connections, complete the following tasks:
l
Enabling IP multicast
Data Preparation
To manage MSDP peer connections, you need the following data.
Issue 01 (2011-10-26)
213
No.
Data
8 MSDP Configuration
Context
Do as follows on the switch on which the MSDP peer is created:
Procedure
Step 1 Run:
system-view
214
8 MSDP Configuration
Context
Do as follows on the switch on which the MSDP peer is created:
Procedure
Step 1 Run:
system-view
The period for retrying sending the TCP connection request to the remote MSDP peer is set
----End
Procedure
l
Run the display msdp brief command to check the brief information about the statuses of
all remote peers that establish MSDP peer relationships with the local host.
Run the display msdp peer-status [ peer-address ] to check the detailed information about
the statuses of the specified remote peers that establish the MSDP peer relationships with
the local host.
----End
Example
<Quidway> display msdp brief
MSDP Peer Brief Information
Configured
Up
Listen
2
2
0
Peer's Address
192.168.2.1
192.168.4.2
State
UP
UP
Connect
0
Up/Down time
01:07:08
00:06:39
AS
200
100
Shutdown
0
SA Count
8
13
Down
0
Reset Count
0
0
215
8 MSDP Configuration
Applicable Environment
By default, SA Cache is enabled on switchs on which MSDP peers are configured. The
switchs can locally store the (S, G) information carried in SA messages. When the switchs need
to receive (S, G) information, the switchs can obtain the (S, G) information from the SA Cache.
Setting the maximum number of (S, G) entries can prevent the Denial of Service (DoS) attack.
Users can disable the SA Cache of a switch. After the SA Cache of a switch is disabled, the
switch does not locally store the (S, G) information carried in SA messages. When a switch
wants to receive (S, G) data, it needs to waits for the SA message to be sent by its MSDP peer
in the next period. This delays receivers from obtaining multicast data.
Pre-configuration Tasks
Before configuring SA Cache, complete the following tasks:
l
Enabling IP multicast
Data Preparation
To configure SA Cache, you need the following data.
No.
Data
Context
Do as follows on the switch on which the MSDP peer is configured:
NOTE
Issue 01 (2011-10-26)
216
8 MSDP Configuration
Procedure
Step 1 Run:
system-view
Context
Do as follows on the switch on which the MSDP peer is configured:
Procedure
Step 1 Run:
system-view
----End
Issue 01 (2011-10-26)
217
8 MSDP Configuration
Procedure
l
----End
Example
Run the display msdp sa-cache command to check (S, G) entries in SA Cache.
<Quidway> display msdp sa-cache
MSDP Source-Active Cache Information: public net
MSDP Total Source-Active Cache - 3 entries
MSDP matched 3 entries
(8.8.8.8, 225.0.0.200)
Origin RP: 4.4.4.4
Pro: BGP, AS: 10
Uptime: 00:00:33, Expires: 00:05:27
(8.8.8.8, 225.0.0.201)
Origin RP: 4.4.4.4
Pro: BGP, AS: 1.0
Uptime: 00:00:33, Expires: 00:05:27
(8.8.8.8, 225.0.0.202)
Origin RP: 4.4.4.4
Pro: BGP, AS: 65535.65535
Uptime: 00:00:33, Expires: 00:05:27
Run the display msdp sa-count command to check the number of (S, G) entries in SA Cache.
<Quidway> display msdp sa-count
MSDP Source-Active Count Information: public net
Number of cached Source-Active entries, counted by Peer
Peer's Address
Number of SA
10.10.10.10
5
Number of source and group, counted by AS
AS
Number of source
Number of group
?
3
3
Total 5 Source-Active entries matched
218
8 MSDP Configuration
Applicable Environment
The capacity of SA Cache on certain switchs is small. When these switchs need to receive
multicast data, they cannot immediately obtain the valid (S, G) information and need to wait for
the SA message sent by their MSDP peers in the next period.
If SA Cache is enabled on the remote MSDP peer and the capacity of the SA Cache is large,
configuring "sending SA Request message" on the local switch can shorten the period during
which receivers obtain multicast source information.
l
When the local switch wants to receive (S, G) information, it sends an SA Request message
to a specified remote MSDP peer.
On receiving the SA Request message, the MSDP peer responds to the SA Request message
with the required (S, G) information. If the "filtering rule of SA Request message" is
configured on the remote MSDP peer, it checks the SA Request messages received from a
specified peers and determines whether to respond according to the checking results.
Pre-configuration Tasks
Before configuring an SA request, complete the following tasks:
l
Enabling IP multicast
Data Preparation
To configure an SA request, you need the following data.
No.
Data
Context
Do as follows on the local switch:
Issue 01 (2011-10-26)
219
8 MSDP Configuration
Procedure
Step 1 Run:
system-view
Context
Do as follows on the remote MSDP peer specified by using the peer peer-address request-saenable command. If the configuration is not done, once an SA message reaches, the switch
immediately responds to it with an SA message containing the required (S, G) information.
Procedure
Step 1 Run:
system-view
220
8 MSDP Configuration
Procedure
l
Run the display msdp peer-status [ peer-address ] command to check detailed information
about the MSDP peer status.
----End
Example
Run the display msdp peer-status [ peer-address ] command, and you can view the SARequests field and check whether the configuration is valid. For example:
<Quidway> display msdp peer-status
MSDP Peer 172.40.41.1, AS ?
Description:
Information about connection status:
State: Up
Up/down time: 00:26:41
Resets: 0
Connection interface: Vlanif10 (172.40.41.2)
Number of sent/received messages: 27/28
Number of discarded output messages: 0
Elapsed time since last connection or counters clear: 00:26:56
Information about (Source, Group)-based SA filtering policy:
Import policy: none
Export policy: none
Information about SA-Requests:
Policy to accept SA-Request messages: 2000
Sending SA-Requests status: enable
Minimum TTL to forward SA with encapsulated data: 0
SAs learned from this peer: 0, SA Cache maximum for the peer: none
Input queue size: 0, Output queue size: 0
Counters for MSDP message:
Count of RPF check failure: 0
Incoming/outgoing SA messages: 16/0
Incoming/outgoing SA requests: 0/0
Incoming/outgoing SA responses: 0/0
Incoming/outgoing data packets: 0/0
Peer authentication: configured
Peer authentication type: Key-Chain
221
8 MSDP Configuration
Applicable Environment
By default, MSDP switchs receive all SA messages that pass the RPF check and forward them
to all MSDP peers. To control of the transmission of SA messages among MSDP peers, users
can configure various filtering rules by using the following methods:
l
Setting the rules for filtering the multicast source of an SA message on the source RP. The
source RP filters active multicast sources that register with the local switch, and determines
the (S, G) entries to be sent according to the rules.
Setting the rules for filtering an SA message received from a remote MSDP peer. When an
SA message sent by a remote MSDP peer reaches a switch, the switch determines whether
to receive the message based on the rules.
Setting the rules for filtering an SA message forwarded to a remote MSDP peer. Before
forwarding the SA message to the remote MSDP peer, the switch determines whether to
forward it based on the rules.
Pre-configuration Tasks
Before configuring the filtering rules for SA messages, complete the following tasks:
l
Enabling IP multicast
Data Preparation
To configure the filtering rules for SA messages, you need the following data.
No.
Data
Context
Do as follows on the source RP configured with an MSDP peer:
Issue 01 (2011-10-26)
222
8 MSDP Configuration
NOTE
If the configuration is not done, an SA message created by the source RP contains the information of all
local active sources.
Procedure
Step 1 Run:
system-view
The rules for filtering the multicast source of an SA message are set.
The parameters of the command are explained as follows:
l acl: specifies the filtering list based on multicast sources. The SA message created by an
MSDP peer contains the local source information that match the filtering rules. The MSDP
peer can thus control the local (S, G) information.
l If the import-source command with acl is used, the SA message does not advertise any
information about the local active source.
----End
Context
Do as follows on the switch configured with MSDP:
NOTE
If the configuration is not done, the switch receives all SA messages that pass the RPF check.
Procedure
Step 1 Run:
system-view
223
8 MSDP Configuration
Step 3 Run:
peer peer-address sa-policy import [ acl { advanced-acl-number
} ]
The rules for filtering an SA message received from a remote MSDP peer are set.
The parameters of the command are explained as follows:
l peer-address: specifies the address of a remote MSDP peer.
l acl: specifies the advanced filtering list. Only the (S, G) information that passes the filtering
of the ACL is received. The (S, G) information is contained in an SA message sent by the
peer specified by peer-address .
l If the peer peer-address sa-policy import command without acl is used, the switch does not
receive any (S, G) information from the peer specified by peer-address.
----End
Context
Do as follows on the switch enabled with MSDP:
NOTE
If the configuration is not done, the switch forwards all SA messages that pass the RPF check.
Procedure
Step 1 Run:
system-view
The rules for filtering an SA message forwarded to a remote MSDP peer is set.
The parameters of the command are explained as follows:
l peer-address: specifies the address of a remote MSDP peer.
l acl: specifies the advanced filtering list. Only the (S, G) information that matches the ACL
rule is forwarded to the peer specified by peer-address.
l If the peer peer-address sa-policy export command without acl is used, the switch does not
forward any (S, G) information to the peer specified by peer-address.
----End
Issue 01 (2011-10-26)
224
8 MSDP Configuration
Procedure
l
Run the display msdp peer-status [ peer-address ] command to check detailed information
about the MSDP peer status.
----End
Example
Run the display msdp [ vpn-instance vpn-instance-name | all-instance ] peer-status [ peeraddress ] command, and you can view information about the (Source, Group)-based SA filtering
policy field and check whether the configuration is valid. For example:
<Quidway> display msdp peer-status
MSDP Peer 172.40.41.1, AS ?
Description:
Information about connection status:
State: Up
Up/down time: 00:26:41
Resets: 0
Connection interface: Vlanif10 (172.40.41.2)
Number of sent/received messages: 27/28
Number of discarded output messages: 0
Elapsed time since last connection or counters clear: 00:26:56
Information about (Source, Group)-based SA filtering policy:
Import policy: 3000
Export policy: 3002
Information about SA-Requests:
Policy to accept SA-Request messages: 2000
Sending SA-Requests status: enable
Minimum TTL to forward SA with encapsulated data: 10
SAs learned from this peer: 0, SA Cache maximum for the peer: none
Input queue size: 0, Output queue size: 0
Counters for MSDP message:
Count of RPF check failure: 0
Incoming/outgoing SA messages: 16/0
Incoming/outgoing SA requests: 0/0
Incoming/outgoing SA responses: 0/0
Incoming/outgoing data packets: 0/0
Peer authentication: unconfigured
Peer authentication type: none
Run the display msdp sa-cache command to check the information about (S, G) entries in SA
Cache.
l
Issue 01 (2011-10-26)
225
8 MSDP Configuration
(8.8.8.8, 225.0.0.200)
Origin RP: 4.4.4.4
Pro: BGP, AS: 10
Uptime: 00:00:33, Expires: 00:05:27
(8.8.8.8, 225.0.0.201)
Origin RP: 4.4.4.4
Pro: BGP, AS: 1.0
Uptime: 00:00:33, Expires: 00:05:27
(8.8.8.8, 225.0.0.202)
Origin RP: 4.4.4.4
Pro: BGP, AS: 65535.65535
Uptime: 00:00:33, Expires: 00:05:27
Applicable Environment
Configuring MSDP authentication can enhance the security of the TCP connections between
MSDP peers.
Pre-configuration Tasks
Before configuring MSDP authentication, complete the following tasks:
l
Enabling IP multicast
Data Preparation
Before configuring MSDP authentication, prepare the following data:
Issue 01 (2011-10-26)
No.
Data
226
8 MSDP Configuration
Context
By default, MSDP MD5 authentication is not configured.
Do as follows on the switch configured with MSDP peers:
Procedure
Step 1 Run:
system-view
MSDP MD5 authentication and MSDP Key-Chain authentication are mutually exclusive.
Characters $@$@ are used as the prefix and suffix of passwords with variable lengths, and they cannot be
both configured at the beginning and end of a plain text password.
----End
Context
By default, MSDP Key-Chain authentication is not configured.
Do as follows on the switch configured with MSDP peers:
Issue 01 (2011-10-26)
227
8 MSDP Configuration
Procedure
Step 1 Run:
system-view
MSDP MD5 authentication and MSDP Key-Chain authentication are mutually exclusive.
----End
Procedure
l
Run the display msdp brief command to check brief information about MSDP peers.
Run the display msdp peer-status [ peer-address ] command to check detailed information
about MSDP peers.
----End
Example
Run the display msdp peer-status [ peer-address ] command, and you can find the Peer
authentication and Peer authentication type fields in the command output. For example:
<Quidway> display msdp peer-status
MSDP Peer 172.40.41.1, AS ?
Description:
Information about connection status:
State: Up
Up/down time: 00:26:41
Resets: 0
Connection interface: Vlanif10 (172.40.41.2)
Number of sent/received messages: 27/28
Number of discarded output messages: 0
Elapsed time since last connection or counters clear: 00:26:56
Information about (Source, Group)-based SA filtering policy:
Issue 01 (2011-10-26)
228
8 MSDP Configuration
Context
CAUTION
The statistics of MSDP peers cannot be restored after you clear it. So, confirm the action before
you use the command.
Procedure
l
Run the reset msdp peer [ peer-address ] command in the user view to clear the TCP
connection with a specified MSDP peer and all statistics of the specified MSDP peer.
Run the reset msdp statistics [ peer-address ] command in the user view to clear the
statistics of an MSDP peer or multiple MSDP peers of the public network instance, if MSDP
peers are not reset.
Run the reset msdp control-message counters [ peer peer-address ] command in the user
view to clear the statistics about the received, sent, and discarded MSDP messages.
----End
229
8 MSDP Configuration
Context
CAUTION
The (S, G) information in SA Cache cannot be restored after you clear it. So, confirm the action
before you use the command.
Procedure
l
Run the reset msdp sa-cache [ group-address ] command in the user view to clear the
entries in MSDP SA Cache.
----End
Context
In routine maintenance, you can run the following commands in any view to check the running
status of MSDP.
Procedure
l
Run the display msdp brief [ state { connect | down | listen | shutdown | up } ] command
in any view to check brief information about the MSDP peer status.
Run the display msdp peer-status [ peer-address ] command in any view to check detailed
information about the status of an MSDP peer of the public network instance.
----End
Issue 01 (2011-10-26)
230
8 MSDP Configuration
Context
CAUTION
Debugging affects the performance of the system. So, after debugging, execute the undo
debugging all command to disable it immediately.
When an MSDP fault occurs, run the following debugging commands in the user view to debug
MSDP and locate the fault.
Procedure
l
Run the debugging msdp all command in the user view to enable all the debugging of
MSDP.
Run the debugging msdp connect command in the user view to enable the debugging of
the resetting of the MSDP peer connection.
Run the debugging msdp event command in the user view to enable the debugging of
MSDP events.
Run the debugging msdp packet command in the user view to enable the debugging of
MSDP packets.
Run the debugging msdp source-active command in the user view to enable the debugging
of MSDP active sources.
----End
Issue 01 (2011-10-26)
231
8 MSDP Configuration
AS200
AS100
Loopback0
1.1.1.1/32
SwitchA
GE0/0/2
GE0/0/2
GE0/0/1
PIM-SM1
Loopback0
2.2.2.2/32
GE0/0/1 GE0/0/1
SwitchB
PIM-SM2
SwitchC GE0/0/1
GE0/0/2
GE0/0/2
SwitchD
GE0/0/3
GE0/0/3
S1
Receiver
SwitchF
GE0/0/2
GE0/0/2
GE0/0/1
SwitchE
PIM-SM3
Loopback0
3.3.3.3/32
S3
MSDP peer
Switch
Physical interface
VLANIF interface
IP address
Switch A
GE 0/0/1
VLANIF 101
10.110.1.1/24
GE 0/0/2
VLANIF 100
192.168.1.1/24
GE 0/0/1
VLANIF 200
192.168.2.1/24
GE 0/0/2
VLANIF 100
192.168.1.2/24
GE 0/0/1
VLANIF 200
192.168.2.2/24
GE 0/0/2
VLANIF 300
192.168.3.1/24
GE 0/0/3
VLANIF 400
192.168.4.1/24
GE 0/0/1
VLANIF 102
10.110.2.1/24
GE 0/0/2
VLANIF 300
192.168.3.2/24
GE 0/0/2
VLANIF 500
192.168.5.1/24
GE 0/0/3
VLANIF 400
192.168.4.2/24
GE 0/0/1
VLANIF 103
10.110.3.1/24
GE 0/0/2
VLANIF 500
192.168.5.2/24
Switch B
Switch C
Switch D
Switch E
Switch F
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the IP addresses of the interfaces on each switch and configure OSPF in the AS
to ensure that the unicast routes within the AS are reachable.
2.
Configure EBGP peers and import BGP and OSPF routes into each other's routing table to
ensure that the unicast routes between ASs are reachable.
Issue 01 (2011-10-26)
232
8 MSDP Configuration
3.
Enable multicast and PIM-SM on each interface, configure the boundary domain, and
enable the IGMP function on the interfaces connected to hosts.
4.
Configure the CBSR and C-RP. Configure the RPs of PIM-SM1 and PIM-SM2 on the
ASBR.
5.
Establish MSDP peer relationship between RPs of each domain. The MSDP peers and the
EBGP peers between ASs use the same interface addresses. According to the RPF rule, the
switches receive SA messages from the next hop toward the source RP.
Data Preparation
To complete the configuration, you need the following data:
l
Number of the AS that Switch A and Switch B belong to, namely 100, and router ID of
Switch B, namely, 1.1.1.1
Number of the AS that Switch C and Switch D belong to, namely 200, and Router ID of
Switch C, namely, 2.2.2.2
Number of the AS that Switch E and Switch F belong to, namely 200
NOTE
This configuration example describes only the commands related to MSDP configuration.
Procedure
Step 1 Configure the IP addresses of interfaces and the unicast routing protocol.
# According to Figure 8-1, configure IP addresses and masks for the interfaces on each switch.
Configure the OSPF protocol between switches. Ensure the communication on the network layer
within an AS. Ensure the dynamic route update between switches through unicast routing
protocol. The configuration procedure is not provided here.
Step 2 Configure EBGP peer relationship between ASs and import routes of BGP and OSPF into each
other's routing table.
# Configure EBGP on Switch B and import OSPF routes.
[SwitchB] bgp
[SwitchB-bgp]
[SwitchB-bgp]
[SwitchB-bgp]
[SwitchB-bgp]
100
router-id 1.1.1.1
peer 192.168.2.2 as-number 200
import-route ospf 1
quit
200
router-id 2.2.2.2
peer 192.168.2.1 as-number 100
import-route ospf 1
quit
# Import BGP routes to OSPF on Switch B. The configuration on Switch C is similar to the
configuration on Switch B, and is not provided here.
[SwitchB] ospf 1
[SwitchB-ospf-1] import-route bgp
[SwitchB-ospf-1] quit
Step 3 Enable multicast, enable PIM-SM on all interfaces, configure the domain boundary, and enable
IGMP on the interface connecting to the host.
Issue 01 (2011-10-26)
233
8 MSDP Configuration
# Enable multicast on Switch B and enable PIM-SM on each interface. The configurations of
other switches are similar to the configuration of Switch B, and are not provided here.
[SwitchB] multicast
[SwitchB] interface
[SwitchB-Vlanif100]
[SwitchB-Vlanif100]
[SwitchB] interface
[SwitchB-Vlanif200]
routing-enable
vlanif 100
pim sm
quit
vlanif 200
pim sm
# Configure the domain boundary on VLANIF 200 and VLANIF 400 of Switch C. Configure
the service boundary of BSR on VLANIF 400 of Switch E. The configuration on Switch E is
similar to the configuration on Switch B, and is not provided here.
# Enable IGMP on the interface connecting Switch D to the leaf network.
[SwitchD] interface vlanif 102
[SwitchD-Vlanif102] igmp enable
Issue 01 (2011-10-26)
234
8 MSDP Configuration
AS
200
192.168.2.2
MsgRcvd
24
MsgSent
OutQ
21
Up/Down
00:13:09
State
Established
AS
MsgRcvd
MsgSent
OutQ
Up/Down
State
100
18
16
00:12:04
Established
192.168.2.1
# Run the display bgp routing-table command to view the BGP routing table on a switch. For
example, the BGP routing table displayed on Switch C is as follows:
[SwitchC] display bgp routing-table
Total Number of Routes: 5
BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Network
NextHop
MED
LocPrf
PrefVal Path/Ogn
*>
1.1.1.1/32
192.168.2.1
0
0
100?
*>i
2.2.2.2/32
0.0.0.0
0
0
?
*>
192.168.2.0
0.0.0.0
0
0
?
*>
192.168.2.1/32
0.0.0.0
0
0
?
*>
192.168.2.2/32
0.0.0.0
0
0
?
# Run the display msdp brief command to view the status of the MSDP peer relationship
between switches. The information about establishing MSDP peer relationship among Switch
B, Switch C and Switch E is as follows:
[SwitchB] display msdp brief
MSDP Peer Brief Information
Configured
Up
Listen
1
1
0
Peer's Address
192.168.2.2
State
UP
Connect
0
Up/Down time
00:12:27
AS
200
Shutdown
0
SA Count
13
Down
0
Reset Count
0
State
UP
UP
Connect
0
Up/Down time
01:07:08
00:06:39
Shutdown
0
Down
0
AS
100
200
SA Count
8
13
Reset Count
0
0
Shutdown
0
SA Count
8
Down
0
Reset Count
0
Issue 01 (2011-10-26)
235
8 MSDP Configuration
# Run the display msdp peer-status command to view the details about MSDP peer relations
between switches. The details displayed on Switch B are as follows:
[SwitchB] display msdp peer-status
MSDP Peer 192.168.2.2, AS 200
Description:
Information about connection status:
State: Up
Up/down time: 00:15:47
Resets: 0
Connection interface: vlanif200 (192.168.2.1)
Number of sent/received messages: 16/16
Number of discarded output messages: 0
Elapsed time since last connection or counters clear: 00:17:51
Information about (Source, Group)Based SA filtering policy:
Import policy: none
Export policy: none
Information about SA-Requests:
Policy to accept SA-Request messages: none
Sending SA-Requests status: disable
Minimum TTL to forward SA with encapsulated data: 0
SAs learned from this peer: 0, SACache maximum for the peer: none
Input queue size: 0, Output queue size: 0
Counters for MSDP message:
Count of RPF check failure: 0
Incoming/outgoing SA messages: 0/0
Incoming/outgoing SA requests: 0/0
Incoming/outgoing SA responses: 0/0
Incoming/outgoing data packets: 0/0
Peer authentication: unconfigured
Peer authentication type: none
# Run the display pim routing-table command to view the PIM routing table on a switch. When
multicast sources S1 (10.110.1.2/24) in PIM-SM1 and S3 (10.110.3.2/24) in PIM-SM3 send
multicast data to multicast group G (225.1.1.1/24), Receiver (10.110.2.2/24) in PIM-SM2 can
receive the multicast data. The PIM routing tables displayed on Switch B and Switch C are as
follows:
[SwitchB] display pim routing-table
VPN-Instance: public net
Total 0 (*, G) entry; 1 (S, G) entry
(10.110.1.2, 225.1.1.1)
RP: 1.1.1.1(local)
Protocol: pim-sm, Flag: SPT EXT ACT
UpTime: 00:00:42
Upstream interface: vlanif200
Upstream neighbor: 192.168.1.1
RPF neighbor: 192.168.1.1
Downstream interface(s) information:
Total number of downstreams: 1
1: vlanif100
Protocol: pim-sm, UpTime: 00:00:42, Expires:[SwitchC] display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 2 (S, G) entries
(*, 225.1.1.1)
RP: 2.2.2.2(local)
Protocol: pim-sm, Flag: WC RPT
UpTime: 00:13:46
Upstream interface: NULL,
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 1
Issue 01 (2011-10-26)
236
8 MSDP Configuration
1: vlanif300,
Protocol: pim-sm, UpTime: 00:13:46, Expires:(10.110.1.2, 225.1.1.1)
RP: 2.2.2.2
Protocol: pim-sm, Flag: SPT MSDP ACT
UpTime: 00:00:42
Upstream interface: vlanif200
Upstream neighbor: 192.168.2.1
RPF neighbor: 192.168.2.1
Downstream interface(s) information:
Total number of downstreams: 1
1: vlanif300
Protocol: pim-sm, UpTime: 00:00:42, Expires:(10.110.3.2, 225.1.1.1)
RP: 2.2.2.2
Protocol: pim-sm, Flag: SPT MSDP ACT
UpTime: 00:00:42
Upstream interface: vlanif400
Upstream neighbor: 192.168.4.2
RPF neighbor: 192.168.4.2
Downstream interface(s) information:
Total number of downstreams: 1
1: vlanif300
Protocol: pim-sm, UpTime: 00:00:42, Expires:-
----End
Configuration Files
l
Issue 01 (2011-10-26)
237
8 MSDP Configuration
interface Vlanif100
ip address 192.168.1.2 255.255.255.0
pim sm
#
interface Vlanif200
ip address 192.168.2.1 255.255.255.0
pim sm
pim bsr-boundary
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
pim sm
#
interface GigabitEthernet0/0/1
port hybrid pvid vlan 200
port hybrid untagged vlan 200
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 100
port hybrid untagged vlan 100
#
bgp 100
router-id 1.1.1.1
peer 192.168.2.2 as-number 200
import-route ospf 1
#
ospf 1
import-route bgp
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 1.1.1.1 0.0.0.0
#
pim
c-bsr LoopBack0
c-rp LoopBack0
#
msdp
peer 192.168.2.2 connect-interface vlanif200
#
return
Issue 01 (2011-10-26)
238
8 MSDP Configuration
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 400
port hybrid untagged vlan 400
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
pim sm
#
bgp 200
router-id 2.2.2.2
peer 192.168.2.1 as-number 100
import-route ospf 1
#
ospf 1
import-route bgp
area 0.0.0.0
network 192.168.3.0 0.0.0.255
network 192.168.4.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
pim
c-bsr LoopBack0
c-rp LoopBack0
#
msdp
peer 192.168.2.1 connect-interface vlanif200
peer 192.168.4.2 connect-interface vlanif400
#
return
Issue 01 (2011-10-26)
239
8 MSDP Configuration
#
interface Vlanif 400
ip address 192.168.4.2 255.255.255.0
pim sm
pim bsr-boundary
#
interface Vlanif 500
ip address 192.168.5.1 255.255.255.0
pim sm
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 500
port hybrid untagged vlan 500
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 400
port hybrid untagged vlan 400
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 192.168.4.0 0.0.0.255
network 192.168.5.0 0.0.0.255
network 3.3.3.3 0.0.0.0
#
pim
c-bsr LoopBack0
c-rp LoopBack0
#
msdp
peer 192.168.4.1 connect-interface vlanif400
#
return
Issue 01 (2011-10-26)
240
Issue 01 (2011-10-26)
241
Maintaining IPv4 multicast routing management involves testing multicast routing, checking
the RPF path and multicast path, clearing multicast forwarding and routing entries, and
monitoring multicast routing and forwarding.
9.8 Configuration Examples
Examples for configuring static multicast routes and multicast load splitting are provided.
Issue 01 (2011-10-26)
242
The S5700SI and S5706 do not support IPv4 Multicast Route Management.
In the S5700, multicast routing and forwarding consist of the following three aspects:
l
Each multicast routing protocol has its routing table, such as PIM routing table.
The multicast routing information of each multicast routing protocol forms a general
multicast routing table.
The multicast routing table resides in the multicast route management module. It is
composed of (S, G) entries. (S, G) indicates that S sends multicast data to G. If the multicast
route management module supports multiple multicast protocols, the routing table contains
multicast routes that are generated by the protocols. The routing entries are copied to the
forwarding table.
The multicast forwarding table controls the forwarding of multicast data packets.
The multicast forwarding table guides the forwarding of multicast data packets. It remains
consistent with the multicast routing table.
To ensure that multicast data is transmitted along the correct path, multicast routing protocols
use the Reverse Path Forwarding (RPF) to create multicast routing entries.
The system performs RPF check based on the following types of routes:
l
Unicast routes
The unicast routing table collects the shortest paths to each destination.
MBGP routes
The MBGP routing table provides multicast routing information.
MIGP routes
The MIGP routing table provides the routing information calculated based on physical
interfaces of the TE tunnel to guide the forwarding of multicast packets.
243
By default, the switch chooses the route with the largest next-hop address.
According to the longest match, the switch selects the route longest matching the address
of the source of the packet.
Load splitting is configured among equal-cost routes. Performing load splitting of multicast
traffic according to different policies can optimize network traffic transmission in the
scenario where multiple multicast data flows exist.
There are five multicast load splitting policies: stable-preferred, balance-preferred, source
address-based, group address-based, and source and group addresses-based. The five load
splitting policies are mutually exclusive. In stable-preferred mode and balance-preferred
mode, you can configure load splitting weights on the interfaces to achieve unbalanced
multicast load splitting.
Issue 01 (2011-10-26)
244
The mtrace command can be used to trace the following paths and output the hop information:
l
You can ping multicast addresses by using the Network Quality Analysis (NQA) test instances or related
commands. For detailed configurations of NQA test instances, refer to the chapter " NQA Configuration
" in Quidway S5700 Series Ethernet Switches Configuration Guide - Network Management.
245
Applicable Environment
Static multicast route has the following functions:
l
Pre-configuration Tasks
Before configuring a static multicast route, complete the following tasks:
l
Data Preparation
To configure a static multicast route, you need the following data.
No.
Data
Context
CAUTION
When configuring a static multicast route, configure the outgoing interface through the command
if the next hop is in the point-to-point format. If the next hop is not in the point-to-point format,
you must use the next hop.
Do as follows on the multicast switch:
Issue 01 (2011-10-26)
246
Procedure
Step 1 Run:
system-view
Procedure
l
Run the display multicast routing-table static [ config ] [ source-address { mask | masklength } ] command to check the static multicast routing table.
Run the display multicast rpf-info source-address [ group-address ] [ rpt | spt ] command
to check RPF routing information of a specified multicast source.
----End
247
Applicable Environment
If multiple equal-cost unicast routes exist when a multicast switch select an upstream interface,
you can configure the switch to the RPF switch by using one of the following methods:
l
By default, the switch chooses the route with the largest next-hop address.
According to the longest match rules, you can configure the switch to select the route with
the destination address that longest matches the address of the source of the packet.
You can configure load splitting among these switchs. Performing load splitting of
multicast traffic according to different policies can optimize network traffic when multiple
multicast data flows exist.
Pre-configuration Tasks
Before configuring the multicast routing policy, complete the following tasks:
l
Data Preparation
To configure the multicast routing policy, you need the following data.
No.
Data
Context
By default, routes are selected in the order of routing entries.
Do as follows on the multicast switch:
Procedure
l
Run:
system-view
Run:
multicast longest-match
Issue 01 (2011-10-26)
248
Context
The multicast load splitting function extends multicast routing rules, which does not fully depend
on the RPF check. If multiple equal-cost optimal routes exist over the network, they all can be
used for multicast data forwarding and multicast traffic is load split among multiple equal-cost
routes.
By default, load splitting is not performed.
Do as follows on the multicast router switch:
Procedure
l
Run:
system-view
Run:
multicast load-splitting { source | group | source-group }
(Optional) Run:
interface interface-type interface-number
(Optional) Run:
multicast load-splitting weight weight-value
249
splitting cannot meet network requirements in some scenarios. In such a case, you can configure
a load splitting weight on an interface to achieve unbalanced multicast load splitting.
Context
When stable-preferred or balance-preferred load splitting is configured, because the forwarding
capabilities of equal-cost routes are different from the actual load bearing situation on the equalcost routes, balanced load splitting cannot meet network requirements in some scenarios. In such
a case, you can configure a load splitting weight on an interface to achieve unbalanced multicast
load splitting.
Do as follows on the switch enabled with multicast:
Procedure
Step 1 Run:
system-view
Procedure
l
l
Issue 01 (2011-10-26)
250
Applicable Environment
Multicast information to which each multicast group corresponds is forwarded in a certain scope
in network. Uers can define the multicast forwarding scope by using the following methods:
l
Configuring the multicast forwarding boundary to form a close multicast forwarding area.
The interface configured with a forwarding boundary of a multicast group cannot send or
receive packets of the multicast group.
Pre-configuration Tasks
Before configuring the multicast forwarding scope, complete the following tasks:
l
Data Preparation
To configure the multicast forwarding scope, you need the following data.
No.
Data
Group address, mask, and mask length of the multicast forwarding boundary
Context
By default, no multicast forwarding boundary is configured on the interface.
Do as follows on the multicast switch:
Issue 01 (2011-10-26)
251
Procedure
Step 1 Run:
system-view
Procedure
l
----End
252
Applicable Environment
To plan a network according to the services, the ISP needs to perform the following configuration
policies:
l
Pre-configuration Tasks
Before configuring control parameters of the multicast forwarding table, complete the following
tasks:
l
Data Preparation
To configure control parameters of the multicast forwarding table, you need the following data.
No.
Data
Matching policy, switch sequence, and route preference of the multicast routes
253
Context
By default, the maximum number supported by the system is used.
Do as follows on the multicast switch:
Procedure
l
Run:
system-view
Run:
multicast forwarding-table route-limit limit
Context
CAUTION
This configuration becomes valid only after the reset multicast forwarding-table command is
used. Multicast services are interrupted after you run the reset multicast forwarding-table
command. So, confirm the action before you use the command.
Do as follows on the multicast switch:
Procedure
l
Run:
system-view
Run:
multicast forwarding-table downstream-limit limit
254
Procedure
l
----End
Context
When data transmission is abnormal, you can ping related multicast addresses to check the
multicast routing.
Procedure
l
----End
Issue 01 (2011-10-26)
255
Context
NOTE
When checking the RPF path or multicast path from a source to a destination host, run the mtrace querypolicy [ acl-number ] command on the switch connected to hosts to configure the filtering policy for
queriers. The ACL defines the address scope of reliable queriers. Based on the ACL, the last-hop switch
refuses the IGMP-Tracert-Query messages sent by illegal queriers. Note the following when using this
command:
l This command is valid only for the last-hop switch, and the querier is not the last-hop switch.
l This command is used to filter only the IGMP-Tracert-Query message encapsulated in a unicast IP
packet.
l This command is not applicable to the trace that is initiated by the local querier.
When a fault occurs during data transmission, you can run the following commands in any view
to check RPF paths and multicast paths.
Procedure
l
Run the mtrace [ -ur resp-dest | -l [ stat-times ] [ -st stat-int ] | -m max-ttl | -q nqueries | ts ttl | -tr ttl | -v | -w timeout | -vpn-instance vpn-name ] * source source-address command
in any view to check the RPF path from a source to a querier.
Run the mtrace -g group [ { -mr | -ur resp-dest } | -l [ stat-times ] [ -st stat-int ] | -m maxttl | -q nqueries | -ts ttl | -tr ttl | -v | -w timeout | -vpn-instance vpn-name ] * source sourceaddress command in any view to check the multicast path from a source to a querier.
Run the mtrace { -gw last-hop-router | -d } -r receiver [ -ur resp-dest | -a source-ipaddress | -l [ stat-times ] [ -st stat-int ] | -m max-ttl | -q nqueries | -ts ttl | -tr ttl | -v | -w
timeout | -vpn-instance vpn-name ] * source source-address command in any view to
check the RPF path from a source to a destination host.
Run the mtrace { -gw last-hop-router | -b | -d } -r receiver -g group [ { -mr | -ur respdest } | -a source-ip-address | -l [ stat-times ] [ -st stat-int ] | -m max-ttl | -q nqueries | -ts
ttl | -tr ttl | -v | -w timeout | -vpn-instance vpn-name ] * source source-address command
in any view to check the multicast path from a source to a destination host.
----End
Procedure
l
Run the following commands to clear the forwarding entries in the multicast forwarding
table.
reset multicast forwarding-table all
reset multicast forwarding-table { group-address [ mask { group-mask | group-masklength } ] | source-address [ mask { source-mask | source-mask-length } ] | incominginterface { interface-type interface-number | register } } *
Run the following commands to clear the routing entries in the multicast routing table.
reset multicast routing-table all
Issue 01 (2011-10-26)
256
reset multicast routing-table { group-address [ mask { group-mask | group-masklength } ] | source-address [ mask { source-mask | source-mask-length } ] | incominginterface { interface-type interface-number | register } } *
----End
Context
In routine maintenance, you can run the following commands in any view to check the status of
multicast routing and forwarding.
Procedure
l
Run the following commands in any view to check the multicast routing table.
display multicast routing-table [ group-address [ mask { group-mask | group-masklength } ] | source-address [ mask { source-mask | source-mask-length } ] | incominginterface { interface-type interface-number | register } | outgoing-interface
{ include | exclude | match } { interface-type interface-number | register | none } ] *
[ outgoing-interface-number [ number ] ]
display multicast routing-table [ group-address [ mask { group-mask | group-masklength } ] | source-address [ mask { source-mask | source-mask-length } ] | incominginterface { interface-type interface-number | register } | outgoing-interface
{ include | exclude | match } { interface-type interface-number | register | none } ] *
[ outgoing-interface-number [ number ] ]
Run the display multicast routing-table static [ config ] [ source-address { masklength | mask } ] command in any view to check the static multicast routing table.
Run the display multicast rpf-info source-address [ group-address ] [ rpt | spt ] command
in any view to check the RPF routing information.
----End
Issue 01 (2011-10-26)
257
Context
CAUTION
Debugging affects the performance of the system. After debugging, run the undo debugging
all command to disable it immediately.
When a fault occurs when multicast is enabled, run the following debugging commands in the
user view to debug multicast routes and to locate the fault.
Procedure
l
Run the following commands in the user view to enable the debugging of multicast
forwarding.
debugging mfib all
debugging mfib { no-cache | module | packet | register | route | sync | upcall | wrongiif } [ advanced-acl-number ]
Run the debugging mrm { all | event | packet [ advanced-acl-number ] | route [ advancedacl-number ] } command in the user view to enable the debugging of multicast routing
management.
----End
Issue 01 (2011-10-26)
258
Figure 9-1 Networking diagram for changing static multicast routes to RPF routes
SwitchC
GE0/0/3
GE0/0/3
GE0/0/2
PIM-DM
GE0/0/2
SwitchB
SwitchA
GE0/0/2
GE0/0/1 GE0/0/1
8.1.1.2/24
GE0/0/3
7.1.1.2/24
Receiver
Source
Physical interface
VLANIF interface
IP address
Switch A
GE 0/0/1
VLANIF 10
9.1.1.1/24
GE 0/0/2
VLANIF 20
8.1.1.1/24
GE 0/0/3
VLANIF 30
12.1.1.1/24
GE 0/0/1
VLANIF 10
9.1.1.2/24
GE 0/0/2
VLANIF 40
13.1.1.1/24
GE 0/0/3
VLANIF 50
7.1.1.1/24
GE 0/0/2
VLANIF 40
13.1.1.2/24
GE 0/0/3
VLANIF 30
12.1.1.2/24
Switch B
Switch C
Configuration Roadmap
The configuration roadmap is as follows:
1.
Configure the IP addresses of interfaces and the unicast routing protocol on each switch.
2.
Enable the multicast function on all switches, PIM-SM on all interfaces, and IGMP on the
interfaces at the host side.
3.
Configure static multicast RPF routes on Switch B, and configure Switch C as the RPF
neighbor.
Data Preparation
To complete the configuration, you need the following data:
l
Issue 01 (2011-10-26)
259
NOTE
This configuration example describes only the commands used to configure static multicast routes.
Procedure
Step 1 Configure the IP addresses of interfaces and the unicast routing protocol on each switch.
# Configure the IP addresses and masks on the interfaces on each switch according to Figure
9-1. IP addresses must be configured on the VLANIF interfaces. OSPF runs between Switch A,
Switch B and Switch C, and the switches can update routes among them through the unicast
routing protocol. The configuration procedure is not provided here.
Step 2 Enable multicast on all switches and PIM-DM on all interfaces.
# Enable multicast on all switches, and PIM-SM on all interfaces. Enable the IGMP function on
the interfaces at the host side. The configurations of other switches are similar to configuration
of Switch B, and are not provided here.
[SwitchB] multicast routing-enable
[SwitchB] interface vlanif 10
[SwitchB-Vlanif10] pim dm
[SwitchB-Vlanif10] quit
[SwitchB] interface vlanif 40
[SwitchB-Vlanif40] pim dm
[SwitchB-Vlanif40] quit
[SwitchB] interface vlanif 50
[SwitchB-Vlanif50] pim dm
[SwitchB-Vlanif50] igmp enable
[SwitchB-Vlanif50] quit
# Run the display multicast rpf-info command on Switch B to view the RPF information of
the source. The RPF routes are unicast routes, and the RPF neighbor is Switch A. The following
information is displayed:
[SwitchB] display multicast rpf-info 8.1.1.2
VPN-Instance: public net
RPF information about source 8.1.1.2:
RPF interface: vlanif10, RPF neighbor: 9.1.1.1
Referenced route/mask: 8.1.1.0/24
Referenced route type: unicast
Route selection rule: preference-preferred
Load splitting rule: disable
Issue 01 (2011-10-26)
260
----End
Configuration Files
l
Issue 01 (2011-10-26)
261
interface GigabitEthernet0/0/1
port hybrid pvid vlan 10
port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
port hybrid pvid vlan 40
port hybrid untagged vlan 40
#
interface GigabitEthernet0/0/3
port hybrid pvid vlan 50
port hybrid untagged vlan 50
#
ospf 1
area 0.0.0.0
network 7.1.1.0 0.0.0.255
network 9.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
#
ip rpf-route-static 8.1.1.0 255.255.255.0 13.1.1.2
#
return
Issue 01 (2011-10-26)
262
10
263
Issue 01 (2011-10-26)
264
Configuring VLAN-based multicast policies and multicast entries to control the access
from hosts in a VLAN to an IP multicast group
Responding to changes of the Layer 2 network and forwarding multicast data correctly
based on the new network topology
Maximum response time of MLD messages. This timer controls the deadline for a host to
report the membership.
Robustness variable of MLD snooping in a VLAN. When sending the MLD Query
messages, the S5700 determines the retransmission count of an MLD message according
to the robustness variable.
Interval for sending the MLD General Query messages. This timer helps the S5700 adapt
to the change of load on the network.
Issue 01 (2011-10-26)
265
Interval for sending the MLD Last Member Query messages. This timer helps the S5700
adapt to the change of load on the network.
Duration for suppressing the Report messages. This timer saves network bandwidth and
reduces loads on the network.
Pre-configuration Tasks
Before enabling MLD snooping, complete the following tasks:
l
Creating a VLAN
Data Preparation
To enable MLD snooping, you need the following data.
Issue 01 (2011-10-26)
No.
Data
266
No.
Data
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
267
Procedure
Step 1 Run:
system-view
l Before using the mld-snooping static-group command, ensure that the interface is added to the VLAN
specified by vlan-id; otherwise, the configuration fails.
l If the source-address parameter is specified in the mld-snooping static-group command, the MLD
version must be V2; otherwise, the configuration does not take effect even though the command can
be run.
----End
Procedure
Step 1 Run:
system-view
Issue 01 (2011-10-26)
268
Before using the mld-snooping static-router-port vlan vlan-id command, ensure that the interface is
added to the VLAN specified by vlan-id; otherwise, the configuration fails.
----End
Procedure
Step 1 Run:
system-view
The maximum number of multicast groups that hosts attached to the interface can join.
If vlan-id is specified, the maximum number of multicast groups that hosts attached to the
interface in a specified VLAN can join is set.
----End
269
Procedure
Step 1 Run:
system-view
The version is configured for MLD protocol packets that can be processed by MLD snooping.
The version can be set to 1 or 2.
By default, the S5700 can process MLDv1 packets.
----End
The display mld-snooping port-info command displays only the information about the static member
interface or static router interface in Up state. If the static member interface or static router interface in
Down state, you can run the display mld-snooping configuration command to check the configuration
of the interface.
----End
Issue 01 (2011-10-26)
270
Pre-configuration Tasks
Before configuring a multicast group policy for a VLAN, complete the following task:
l
Data Preparation
To configure a multicast group policy for a VLAN, you need the following data.
No.
Data
Procedure
Step 1 Run:
system-view
271
NOTE
l When a multicast policy is configured for a VLAN, the multicast policy does not take effect if the
ACL6 specified by the ACL number does not exist; therefore, the hosts in the VLAN can join any
multicast group.
l If you run the undo acl ipv6 command to delete the ACL6 used by the multicast policy, hosts in the
VLAN can join any multicast group.
l A multicast policy is invalid for static multicast entries.
----End
Pre-configuration Tasks
Before configuring the prompt leave function for interfaces in a VLAN, complete the following
tasks:
l
Creating an ACL6
Data Preparation
To configure the prompt leave function for interfaces in a VLAN, you need the following data.
Issue 01 (2011-10-26)
No.
Data
272
Procedure
Step 1 Run:
system-view
----End
273
the IPv6 multicast forwarding entries at the data link layer. In this way, the IPv6 multicast data
can be forwarded at the data link layer.
Pre-configuration Tasks
Before configuring the MLD snooping querier on the VLAN, complete the following task:
l
Data Preparation
To configure the MLD snooping querier in a VLAN, you need the following data.
No.
Data
Procedure
Step 1 Run:
system-view
274
NOTE
----End
Procedure
Step 1 Run:
system-view
The interval for sending the MLD Snooping General Query messages is set.
Step 4 Run:
mld-snooping max-response-time max-response-time
The maximum response time of the MLD Snooping General Query messages is set.
Step 5 Run:
mld-snooping last-listener-query-interval time-value
The interval for sending the MLD Snooping Specific-Group Query messages is set.
----End
Issue 01 (2011-10-26)
275
Procedure
Step 1 Run:
system-view
Step 2 Run the display mld-snooping configuration command to view the global configuration of
MLD snooping.
[Quidway] display mld-snooping configuration
MLD Snooping Configuration for VLAN 11
mld-snooping enable
mld-snooping group-policy 2000 2
MLD Snooping Configuration for VLAN 12
mld-snooping enable
----End
276
Pre-configuration Tasks
Before modifying parameters of MLD snooping, complete the following task:
l
Data Preparation
To modify parameters of MLD snooping, you need the following data.
Issue 01 (2011-10-26)
No.
Procedure
10
277
Procedure
Step 1 Run:
system-view
Procedure
Step 1 Run:
system-view
The interval for sending the General Query messages is set. The default value is 60 seconds.
Step 4 Run:
mld-snooping max-response-time max-response-time
Issue 01 (2011-10-26)
278
The maximum response time of MLD messages is set. The default value is 10 seconds.
Step 5 Run:
mld-snooping robust-count robust-count
Procedure
Step 1 Run:
system-view
The S5700 is configured to process only the MLD messages that contain the Router Alert option
in the IP header.
Step 4 Run:
mld-snooping send-router-alert
The S5700 is configured to send only the MLD messages that contain the Router Alert option
in the IP header.
By default, the S5700 processes all MLD messages and sends the MLD messages with the Router
Alert to the VLAN.
Step 3 and Step 4 are optional and can be performed in a random order.
----End
279
Procedure
Step 1 Run:
system-view
The MLD snooping module of the S5700 is enabled to respond to changes of the Layer 2 network
topology.
Step 3 Run:
mld-snooping send-query source-address ipv6-address
The source IPv6 address of the MLD General Query messages that the MLD snooping module
sends to respond to changes of the Layer 2 network topology is set.
By default, the source IPv6 address of the MLD General Query message sent by the S5700 is
FE80::.
Step 3 is optional. After the S5700 is enabled to respond to changes of the Layer 2 network
topology, it sends an MLD General Query message to the downstream S5700 when receiving a
Topology Change message. Then the downstream S5700 can learn the new router interface.
When a member interface receives the MLD General Query message, the member interface
responds with an MLD Report message. Then the S5700 and its downstream S5700 can learn
the new multicast forwarding entry. This function enables the S5700 to forward multicast data
correctly after the Layer 2 topology changes.
----End
Procedure
Step 1 Run:
system-view
The duration for suppressing the same MLD Report messages is set.
Issue 01 (2011-10-26)
280
NOTE
l By default, the duration for suppressing the same MLD Report messages is 10 seconds.
l The MLD snooping function is applicable to only the MLDv1 packets, but is invalid for the MLDv2
packets.
----End
Example
If the preceding configurations are successful, the following information is displayed:
<Quidway> display mld-snooping vlan 10
MLD Snooping Vlan Information for VLAN 10
MLD Snooping is Enable
MLD Version is Set to default 1
MLD Query Interval is Set to default 125
MLD Max Response Interval is Set to default 10
MLD Robustness is Set to default 2
MLD Last Member Query Interval is Set to default 1
MLD Router Port Aging Interval is Set to 180s or holdtime in hello
MLD Filter Group-Policy is Set to default : Permit All
MLD Prompt Leave Disable
MLD Router Alert is Not Required
MLD Send Router Alert Enable
MLD Snooping Querier Disable
CAUTION
Use this command with caution. After the MLD snooping entries, that is, the dynamic forwarding
entries, of a VLAN are deleted from the multicast forwarding table, the multicast flows sent to
hosts in the VLAN are interrupted. The hosts can receive multicast flows again only after the
S5700 receives the MLD Membership Report messages from the hosts and generates new
forwarding entries.
Issue 01 (2011-10-26)
281
To clear the dynamic forwarding entries from the multicast forwarding table, run the following
command in the user view.
Procedure
Step 1 Run the reset mld-snooping group { vlan { vlan-id | all } | all } command to clear the dynamic
forwarding entries from the multicast forwarding table.
----End
CAUTION
The statistics on MLD snooping cannot be restored after you clear them. So, confirm the action
before you use the command. To clear the statistics on MLD snooping, run the following
command in the user view.
Procedure
Step 1 Run the reset mld-snooping statistics [ vlan vlan-id ] command to clear the statistics on MLD
snooping in a VLAN.
----End
CAUTION
Debugging affects the performance of the system. So, after debugging, run the undo debugging
mld-snooping all command to disable it immediately.
When a fault occurs in MLD Snooping, you can run the following debugging command in the
user view to debug MLD snooping and locate the fault.
Procedure
Step 1 Run the debugging mld-snooping [ all | event | done [ basic-acl-number ] | packet [advanceacl-number ] | query [ advance-acl-number ] | report [ advance-acl-number ] | timer |
general ] command in the user view to enable debugging of MLD snooping.
----End
Issue 01 (2011-10-26)
282
multicast source
DHCP server
IP/MPLS
core
SwitchA
GE0/0/1
VLAN 3
Host1
Host2
GE0/0/3
GE0/0/2
Configuration Roadmap
The configuration roadmap is as follows:
1.
Create VLAN 3 on Switch A and add GE 0/0/1, GE 0/0/2, and GE 0/0/3 to VLAN 3.
2.
3.
4.
Issue 01 (2011-10-26)
283
Data Preparation
To complete the configuration, you need the following data:
l
Procedure
Step 1 Create VLAN 3 on Switch A and add GE 0/0/1, GE 0/0/2, and GE 0/0/3 to VLAN 3. The
configuration procedure is not provided here.
Step 2 Enable MLD snooping globally on Switch A.
[SwitchA] mld-snooping enable
Step 5 Verify the configuration. Run the display mld-snooping command on Switch A.
[SwitchA] display mld-snooping vlan 3
MLD Snooping Vlan Information for VLAN 3
MLD Snooping is Enable
MLD Version is Set to default 1
MLD Query Interval is Set to default 125
MLD Max Response Interval is Set to default 10
MLD Robustness is Set to default 2
MLD Last Member Query Interval is Set to default 1
MLD Router Port Aging Interval is Set to 180s or holdtime in hello
MLD Filter Group-Policy is Set to default : Permit All
MLD Prompt Leave Enable
MLD Router Alert is Not Required
MLD Send Router Alert Enable
MLD Snooping Querier Disable
As shown in the preceding output, "MLD Prompt Leave enable" indicates that the configuration
of prompt leave for interfaces in VLAN 3 is successful.
----End
Configuration Files
#
sysname SwitchA
#
mld-snooping enable
#
vlan batch 3
#
vlan 3
mld-snooping enable
mld-snooping prompt-leave
#
interface GigabitEthernet0/0/1
port hybrid tagged vlan 3
#
interface GigabitEthernet0/0/2
port hybrid tagged vlan 3
#
interface GigabitEthernet0/0/3
port hybrid tagged vlan 3
Issue 01 (2011-10-26)
284
#
return
Issue 01 (2011-10-26)
285