CCIE版本组播部分汇总.docx

160Part-5: Multicast Routing5.1 Basic IP Multicast在下列接口启用multicastSw1：VLAN_AR3：VLAN_A，S0/0R4：VLAN_A，S0/0，Lo0R1：S0/0，VLAN_BR5：VLAN_B，S0/0R2：S0/0R4 Lo0 join Group: 224.30.30.30 224.40.40.40 224.50.50.50;R4 Lo0 as RP, only for Group 224.30.30.30 and 224.50.50.50(明确说不能用BSR);R4 mapping-agent prevent spoofing, only accept R4 Lo0 as RP for this group.All multicast routers should ping these group, no RP address allow on any router.明确要求的是SW1必须PING通三个组。没有要求SW2R1：IP multicast-routingInterface F0/1IP PIM sparse-dense-modeInterface S0/0IP PIM sparse-dense-modeR2:IP multicast-routingInterface S0/0IP PIM sparse-dense-modeR3:IP multicast-routingInterface F0/0IP PIM sparse-dense-modeInterface S0/0IP PIM sparse-dense-modeR4:IP multicast-routingInterface Lo0IP PIM sparse-dense-modeIP IGMP join-group 224.30.30.30IP IGMP join-group 224.40.40.40IP IGMP join-group 224.50.50.50Interface F0/0IP PIM sparse-dense-modeInterface S0/0IP PIM sparse-dense-mode全局下：IP PIM send-rp-announce Lo0 scope 16 group-list grpIP PIM send-rp-discovery Lo0 scope 16IP PIM rp-announce-filter rp-list rp group-list grpIp Access-list st rppermit YY.YY.4.4ip Access-list st grppermit 224.30.30.30permit 224.50.50.50R5:IP multicast-routingInterface F0/1IP PIM sparse-dense-modeInterface S0/0IP PIM sparse-dense-modeIP PIM dr-priority 255-一定要打，不然R2ping不同组播地址K：因为R2只能通过R5才能与RP通信。默认情况下，R2的s0/0的IP是13.2/30，比R5的13.1/30大，所以，默认R2会成为DR，这样的话，R2就无法与RP进行通信。所以，要修改R5的priority使R5成为DR 默认DR-priority为1，可以抢占，这与OSPF的DR非抢占是不一样的。Sw1:IP multicast-routingInterface VLAN 20IP PIM sparse-dense-modeSh ip pim int看接口的PIM信息：DR，邻居数，ver,mode,DR prior ,Query intvl Sh ip pim nei 看邻居信息。Ver, DR prio ,mode Sh ip igmp groups 看PIM group信息。/sw1#sh ip pim int vlan20Address Interface Ver/ Nbr Query DR DR Mode Count Intvl Prior11.11.10.7 Vlan20 v2/SD 2 30 1 11.11.10.7sw1#sh ip pim neiPIM Neighbor TableMode: B - Bidir Capable, DR - Designated Router, N - Default DR Priority, S - State Refresh CapableNeighbor Interface Uptime/Expires Ver DRAddress Prio/Mode11.11.10.3 Vlan20 00:03:31/00:01:40 v2 1 / S11.11.10.4 Vlan20 00:03:31/00:01:39 v2 1 / Ssw1#sh ip igmp int vlan 20Vlan20 is up, line protocol is up Internet address is 11.11.10.7/24 IGMP is enabled on interface Current IGMP host version is 2 Current IGMP router version is 2 IGMP query interval is 60 seconds IGMP querier timeout is 120 seconds IGMP max query response time is 10 seconds Last member query count is 2 Last member query response interval is 1000 ms Inbound IGMP access group is not set IGMP activity: 2 joins, 0 leaves Multicast routing is enabled on interface Multicast TTL threshold is 0 Multicast designated router (DR) is 11.11.10.7 (this system) IGMP querying router is 11.11.10.3 Multicast groups joined by this system (number of users): 224.0.1.40(1)明确要求的是SW1必须PING通三个组。没有要求SW2注：PING组播，默认只会发一个包，成功后会显示花了多少时间，失败则显示一个点号。这与PING单播不一样。sw1#ping 224.30.30.30Type escape sequence to abort.Sending 1, 100-byte ICMP Echos to 224.30.30.30, timeout is 2 seconds:Reply to request 0 from 11.11.10.4, 140 ms /ping成功，失败是一个点号sw1#ping 224.40.40.40Type escape sequence to abort.Sending 1, 100-byte ICMP Echos to 224.40.40.40, timeout is 2 seconds:Reply to request 0 from 11.11.10.4, 92 mssw1#ping 224.50.50.50Type escape sequence to abort.Sending 1, 100-byte ICMP Echos to 224.50.50.50, timeout is 2 seconds:Reply to request 0 from 11.11.10.4, 24 ms5.2Limiting Multicast TrafficThere are two multicast sources on Sw2.The address of the multicast sources are YY.YY.1.80 and YY.YY.1.120.These sources are sending to the multicast group 234.29.69.97. Configure R5 to limit the bandwidth for multicast traffic received from these sources to 2Mbits per second.注意看题。R5:Interface F0/1IP multicast rate-limit in group-list group source-list source 2000IP access-list standard grouppermit 234.29.69.97IP access-list standard sourcePermit YY.YY.1.80Permit YY.YY.1.120N1五、 Multicast Routing (point 8) R1: Loopback 200: 200.1YY.101.1/32R2: Loopback 200: 200.1YY.102.1/32R3: Loopback 200: 200.YY.3.1/32R4: Loopback 200: 200.YY.4.1/32R5: Loopback 200: 200.YY.5.1/32R6: Loopback 200: 200.1YY.106.1/325.1 Base Configuration （注意组播不要被T了）There is a multicast source for group 224.2.2.2 located at VLAN_BB2 andanother source for group 224.3.3.3 located at VLAN_BB3. There are clients onVLAN_55 at would like to access these two groups;Configure R5, R3, SW1, R1, R6 to meet the following questions:_ All devices using sparse-mode._ R1 will be PIM-RP for both multicast group and R3 will be the backup PIMRP._ Use the most reliable way to achieve the objective and dont configure RPinformation statically. _ R5 needs to be able to ping both 224.YY.YY.2 and 224.3.3.3;新需求要求不能使用BSR和静态RP，要求用loopback口做，其他需求没变化RackYYR6: ip multicast routing ip pim autorp listener int g0/1 ip pim sparse-mode ip igmp join-group 224.2.2.2 (这是预配置) int g0/0 ip pim sparse-mode ip igmp join-group 224.3.3.3 (这是预配置) int s0/0/0 ip pim sparse-mode =RackYYR1: ip multicast routingip pim autorp listener int s0/0/0 ip pim sparse-mode int g0/0 ip pim sparse-mode int lo200 ip pim sparse-mode ip pim send-rp-announce Loopback200 scope 16 group-list 1ip pim send-rp-discovery Loopback200 scope 16 /代理RP的loop口可以总是为sparse-mode，尽管其他的为sparse-dense-modeaccess-list 1 per 224.2.2.2 acces-slist 1 per 224.3.3.3= RackYYsw1: ip multicast routingip pim autorp listener int vlan 100 ip pim sparse-mode int fa0/3 ip pim sparse-mode =RackYYR3: ip pim autorp listenerip multicast-routing int g0/0 ip pim sparse-mode int s0/0/0.3 (子接口上)ip pim sparse-mode ip pim dr-priority 255 /防止组播信息的不稳定ip pim nbma-mode /最好打上int lo200 ip pim sparse-mode ip pim send-rp-an Loopback200 sco 16 group-list 3ip pim send-rp-dis Loopback200 sco 16 access-list 3 permit 224.2.2.2 access-list 3 permit 224.3.3.3 =RackYYR5: ip multicast routingip pim auto-rp listener int s0/0/0.5 (子接口上)ip pim sparse-mode ip pim nbma-mode /最好打上int g0/0 ip pim sparse-mode (做完这些,先不要验证它的正确性,等把BGP做完再回过头来看，因为所有的lo200都是在BGP中通告的。) 5.2 defense against multicast dos attackthere is a concern（担虑） that hacker may launch Dos attack again r5 withmuticast group membership traffic .configure r5 so that it will acceptonly 110 igmp reports at any time but this limit dont apply to thegroup 224.3.3.3RackYYR5:ip access-list extend DOSpermit ip any host 224.3.3.3int g0/0ip igmp limit 110 except DOSN2Section 6 :Multicast routing6.1组播,已配好是混合模式,在所有的路由器和交换机SW1-SW3上；r1 r2 r3 r4 r5 r6 sw1 sw2 sw3设备都启动了ip multicast-routing。而且物理接口都使用ip pim sparse-dense-mode。混合模式,在R1R6、SW1SW3上 R1加入224.111.1.1的组,R2加入224.222.2.2的组要求所有的设备show出来的结果为:group(s) 224.111.1.0/24 RP yy.yy.7.7(?)v2v1.via auto-RPgroup(s) 224.222.2.0/24 RP yy.yy.8.8(?)v2v1.via auto-RPR1ip multicast-routinginterface F0/1ip pim sparse-dense-modeip igmp join-group 224.111.1.1R2ip multicast-routing interface F0/0ip pim sparse-dense-modeip igmp join-group 224.222.2.2Sw1:Ip multicast-routinginterface loopback0ip pim sparse-dense-modeaccess-list 20 permit 224.111.1.0 0.0.0.255ip pim send-rp-announce Loopback0 scope 16 group-list 20ip pim send-rp-discovery lo 0 sc 16Sw2:Ip multcast-routinginterface loopback0ip pim sparse-dense-modeaccess-list 20 permit 224.222.2.0 0.0.0.255ip pim send-rp-announce Loopback0 scope 16 group-list 20ip pim send-rp-discovery lo 0 sc 16show ip pim rp mapping6.2配置所有的设备,如果一个或者两个RP fail了,将不会转变为dense模式.所有设备上 no ip pim dm-fallbackip6.3配置Sw1,Sw2,so that hosts connected to BB1 and BB2 can only join specific multicast groups and register via IGMP with R1,R2 respectively.limit joins on bb1 to a range of 224.111.1.0/24limit joins on bb2 to a range of 224.222.2.0/24Sw1:ip igmp profile 1permit /这个默认的情况下，是deny的range 224.111.1.0 224.111.1.255interface f0/10ip igmp filter 1 /过滤，使BB1只允许加入特定的组。Sw2:ip igmp profile 1permit这个默认的情况下，是deny的range 224.222.2.0 224.222.2.255interface f0/10ip igmp filter 1 /过滤，使BB2只允许加入特定的组N3第六部分 组播（Multicast）1）configure R2 and R4 to support that application. 无论任何情况下不能使用PIM dense-mode. Fa0/0 port of R2 is a member of group 224.2.2.2, ensure you can ping it from R4。 选择R4的loop口作为rp-最好打上no ip pim-dm-back，有这个需求哦R2:ip multicust-routingint e0/0ip pim sparse-modeip igmp join-group 224.2.2.2int s0/1ip pim sparse-modeexitip pim rp-address YY.YY.4.4R4:ip multicast-routingint s0/1ip pim sparse-modeexitip pim rp-address YY.YY.4.42）There are an application sender on Fa0/1 of R4 (VLAN_BB2) and a receiver on VLAN_B. They can not support multicast. The sender uses UDP 2000 port to send broadcast packets, the receiver on VLAN_B has IP address of YY.YY.26.x。YY.YY.26.255 is the broadcast address in VLAN_B.R4作为first hop router，负责将广播转为组播；R2为final hop router，负责将组播转回广播。注意：出入口都必须配置Ip directed-broadcast，但只需在出口配置Ip broadcast-address。 R4:ip forward-protocol udp 2000access-list 105 permit udp any any eq 2000int e0/0ip pim sparse-modeip directed-broadcast-需要ip multicast helper-map broadcast 224.2.2.2 105K：可以结合ACL来控制特定的端口号的广播。第一跳是广播转组播。R2:int e0/0ip directed-broadcastip broadcast-address YY.YY.26.255-需要，默认是255.255.255.255，指定一个广播地址而不使用默认值。ip forward-protocol udp 2000access-list 105 permit udp any any eq 2000int s0/1ip multicast helper-map 224.2.2.2 YY.YY.26.255 105 /将组播与广播地址影射。将组播转化为广播。N4I. Multicast1.1 Sparse mode 3pointR4Ethernet 0Serial 0R5Serial 0Lookback 0R2FastEthernet0/1Serial 0/0FastEthernet0/0a. Configure IP Multicast PIM Sparse Mode on R4(E0/0, S0/0), R5(S0/0)and R2(Fa0/1,S0/0and Fa0/0)b. Make sure R5 lo0 is the RP for multicast groups 224.1.1.1 and 224.2.2.2 ONLYc. However do not configure the Rendezvous point on any router;d. Configure R4 E0/0 to join multicast groups 224.1.1.1 and 224.2.2.2. You should be able to ping both multicast groups from all multicast routers.#solution# R2ip multicast-routinginterface Ethernet0ip pim sparse-modeinterface Ethernet1 ip pim sparse-modeinterface Serial0 ip pim nbma-mode ip pim sparse-modeR4ip multicast-routinginterface Ethernet0ip pim sparse-mode ip igmp join-group 224.1.1.1 ip igmp join-group 224.2.2.2interface Serial0 ip pim nbma-modeip pim sparse-modeR5ip multicast-routinginterface Loopback0ip pim sparse-modeinterface Serial0 ip pim nbma-mode /这里必须配置ip pim sparse-modeip pim rp-candidate lo0 group-list 10ip pim bsr-candidate lo0access-list 10 per 224.1.1.1access-list 10 per 224.2.2.21.2 Limit traffic 3pointl On R2 limit group 224.1.1.1 on FastEthernet0/0 to 50kbpsl And sent to group 224.2.2.2 on FastEthernet0/1 to 1mbps#solution# wolfR2access-list 1 permit 224.1.1.1access-list 2 permit 224.2.2.2interface Ethernet0 ip multicast rate-limit out group-list 1 50interface Ethernet1 ip multicast rate-limit out group-list 2 1000N6组播：组播我应该丢分了，后面msdp，我指rp的时候没有用192.168.255.254，而是R5的loop，不过也还是通的劝大家敲版本的小地方还是背背熟吧，一定要注意1.R3,R4 串口，R3的lo0,R4的40/24网段运行组播，用sparse-mode2.R3的lo0为224.10.1.1-224.10.1.4的RP . 也要在R4上配置3.R4的以太网接口（40.4）加入224.10.1.1-224.10.1.4组。4.完成确保r3ping 通224.10.1.1 -224.10.1.4ip pim nbma-modesparse-mode 用静态RP R3ip multicast-routing! acc 99 per 224.10.1.1.acc 99 per 224.10.1.2acc 99 per 224.10.1.3acc 99 per 224.10.1.4!ip pim rp-add YY.YY.3.3 99!int loo 0 ip pim sparse-modeint s0/0ip pim sparse-modeip pim nbma-modeR4;ip multicast-routing! acc 99 per 224.10.1.1.acc 99 per 224.10.1.2acc 99 per 224.10.1.3acc 99 per 224.10.1.4!ip pim rp-add YY.YY.3.3 99!int s0/0ip pim sparse-modeip pim nbma-modeint g0/1(40.4)ip pim sparse-modeip ig jo 224.10.1.1ip ig jo 224.10.1.2ip ig jo 224.10.1.3ip ig jo 224.10.1.4验证：R3Ping 224.10.1.1 -224.10.1.46.2 Advanced Configuration（任意播地址为RP）R2,R5 运行msdpR2 f0/0 R5 G0/0(25.5) sparse-mode配置R2，R5的loopback 10（192.168.255.254/32）为IPv的anycast logical RPs，可以用任何的动态路由协议通告R2和R5的loopback 10，让msp peer 相互可达配置R5加组224.10.1.5，224.10.1.6msdp:R2:ip multicast-routingint lo 10ip add 192.168.255.254 255.255.255.255 /anycastip pim sparse-modeint e0/0(25.2) ip pim sparse-moderouter ei 100net 192.168.255.254 0.0.0.0ip msdp peer y.y.5.5 connect-source lo 0ip msdp originator-id lo 0acc 99 per 224.10.1.5acc 99 per 224.10.1.6ip pim rp-add 192.168.255.254 99R5:ip multicast-routingint lo 10ip add 192.168.255.254 255.255.255.255 /anycastip pim sparse-modeint e0/0(25.5)ip pim sparse-modeip igmp join 224.10.1.5ip igmp join 224.10.1.6router ei 100net 192.168.255.254 0.0.0.0ip msdp peer y.y.2.2 connect-source lo 0ip msdp originator-id lo 0acc 99 per 224.10.1.5acc 99 per 224.10.1.6ip pim rp-add 192.168.255.254 99N7Basic ConfigurationConfigure at R1s Serial0/0, R2s serial0/0 and R5s serial0/0 to support multicast routing and use PIM sparse-modeR5 R2 R1 的S0/0 支持组播并且模式为稀疏模式。 If the sparse mode failed , it will automatically change to PIM dense mode