Multicast MSDP SA (Source Active) Filtering

MSDP uses SA (Source Active) messages that contain S,G (Source Group) information for RPs (Rendezvous Points) in PIM sparse domains. Thanks to MSDP, RPs can learn about multicast sources in remote PIM sparse domains. With a default MSDP configuration, all SA messages are advertised and received between MSDP peers.

On your network, there are probably a couple of S,G states that should stay within your network and that don’t have to be advertised to MSDP peers on remote networks. For example:

  • Local applications that use multicast and that are only used on the LAN.
  • Multicast traffic that uses private addresses as the source.
  • Multicast groups in the private 239.0.0.0/8.

By enabling MSDP SA filtering of some S,G states we:

  • Reduce the number of MSDP SA messages that are exchanged between MSDP peers.
  • Reduce the size of the MSDP SA cache.
  • Don’t leak information about S,G state information that remote peers shouldn’t know about.

Configuration

To demonstrate MSDP SA filtering, I use this topology:

Msdp Sa Filtering Topology

Here’s what we have:

  • R1 and H1 are one LAN1, R2 and H2 are on LAN2.
  • R1 and R2 are connected to each other with an Internet connection.
  • R1 is the RP in LAN1.
  • R2 is the RP in LAN2.
  • R1 and R2 are MSDP peers.
  • H1 and H2 are only used to ping different multicast groups to trigger MSDP SA messages.

Configurations

Want to take a look for yourself? Here you will find the startup configuration of each device.

H1

hostname H1
!
no ip routing
!
no ip cef
!
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
!
ip default-gateway 192.168.1.254
!
end

H2

hostname H2
!
no ip routing
!
no ip cef
!
interface GigabitEthernet0/1
 ip address 192.168.2.2 255.255.255.0
!
ip default-gateway 192.168.2.254
!
end

R1

hostname R1
!
no ip domain lookup
ip multicast-routing 
ip cef
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
 ip pim sparse-mode
!
interface GigabitEthernet0/1
 ip address 12.12.12.1 255.255.255.0
!
interface GigabitEthernet0/2
 ip address 192.168.1.254 255.255.255.0
 ip pim sparse-mode
!
ip pim rp-address 1.1.1.1
ip msdp peer 12.12.12.2 connect-source GigabitEthernet0/1
ip msdp originator-id GigabitEthernet0/1
!
end

R2

hostname R2
!
no ip domain lookup
ip multicast-routing 
ip cef
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 ip pim sparse-mode
!
interface GigabitEthernet0/1
 ip address 12.12.12.2 255.255.255.0
!
interface GigabitEthernet0/2
 ip address 192.168.2.254 255.255.255.0
 ip pim sparse-mode
!
ip pim rp-address 2.2.2.2
ip msdp peer 12.12.12.1 connect-source GigabitEthernet0/1
ip msdp originator-id GigabitEthernet0/1
!
end

Let’s take a look at our MSDP peering:

R1#show ip msdp peer 
MSDP Peer 12.12.12.2 (?), AS ?
  Connection status:
    State: Up, Resets: 0, Connection source: GigabitEthernet0/1 (12.12.12.1)
    Uptime(Downtime): 00:03:09, Messages sent/received: 4/4
    Output messages discarded: 0
    Connection and counters cleared 00:04:09 ago
  SA Filtering:
    Input (S,G) filter: none, route-map: none
    Input RP filter: none, route-map: none
    Output (S,G) filter: none, route-map: none
    Output RP filter: none, route-map: none
  SA-Requests: 
    Input filter: none
  Peer ttl threshold: 0
  SAs learned from this peer: 0
  Number of connection transitions to Established state: 1
    Input queue size: 0, Output queue size: 0
  MD5 signature protection on MSDP TCP connection: not enabled
  Message counters:
    RPF Failure count: 0
    SA Messages in/out: 0/0
    SA Requests in: 0
    SA Responses out: 0
    Data Packets in/out: 0/0

As you can see above, nothing is filtered at all. This means that all S,G state entries are exchanged through MSDP.  Let’s try a quick ping from H1 to see if this is true:

H1#ping 239.1.1.1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 239.1.1.1, timeout is 2 seconds:
.

The ping fails since there is no listener for this multicast group but it doesn’t matter. This adds an entry in the multicast routing table that will be exchanged through MSDP. Let’s check R2:

R2#show ip msdp sa-cache 
MSDP Source-Active Cache - 1 entries
(192.168.1.1, 239.1.1.1), RP 12.12.12.1, AS ?,00:00:23/00:05:41, Peer 12.12.12.1

Above, we see that R2 has received an entry for 239.1.1.1 with RP 1.1.1.1 in its MSDP SA cache.

Let’s try to filter some things. I’ll create the following access-list on both MSDP routers:

R1 & R2
(config)#ip access-list extended MSDP_SA_FILTER

Let’s look at some example of what we could filter now.

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 662 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

501 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags:


Forum Replies

  1. Thanks a lot Rene for your very easy to understand explanations. I just stumbled on your website and I use it as reference for my ccie study. Thanks for sharing.

  2. Hi Rene,

    I am not able to ping the mcast address 239.1.1.1 from R1 after all configs are done.
    Below are the o/p for msdp

    R2#sh ip msdp peer 
    MSDP Peer 3.3.3.3 (?), AS ?
      Connection status:
        State: Up, Resets: 0, Connection source: Loopback1 (2.2.2.2)
        Uptime(Downtime): 00:02:30, Messages sent/received: 4/3
        Output messages discarded: 0
        Connection and counters cleared 00:08:30 ago
      SA Filtering:
        Input (S,G) filter: none, route-map: none
        Input RP filter: none, route-map: none
        Output (S,G) filter: none, route-map: none
        Output RP fil
    ... Continue reading in our forum

  3. Hi rene,

    good article, i just noticed some mismatch :

    1. your show msdp peer is
    R2#show ip msdp peer 
    MSDP Peer 3.3.3.3 (?), AS ?
      Connection status:
        State: Up, Resets: 0, Connection source: Loopback1 (2.2.2.2)
    

    and your config is

    R2(config)#ip msdp originator-id Loopback 0
    R2(config)#ip msdp peer 3.3.3.3 connect-source Loopback 0
    

    it should be

    R2(config)#ip msdp originator-id Loopback 0
    R2(config)#ip msdp peer 3.3.3.3 connect-source Loopback 1
    

    I think you forgot to mention that ip pim sparse-mode should be enabled in the interface loopback0

    1. your pict
    ... Continue reading in our forum

  4. Hi Réné,
    Sometile I saw ip igmp join-group or ip igmp join simply. Same effect or different?

    Thank.
    Ulrich

  5. Late to the party, but this lesson shows:

    R2#:
    debug ip msdp detail
    

    but then you look on R3 for the debug output. I think debug was supposed to be on R3.

    Also, on the very last command:

    R3#show ip mroute 239.1.1.1

    I think the two interfaces are reversed for the (192.168.12.1, 239.1.1.1) route entry. My router showed them the other way around, which seems consistent with the diagram.

38 more replies! Ask a question or join the discussion by visiting our Community Forum