Technical Tip: How to receive a multicast stream in a PIM sparse mode network topology

Diagram:

Objective:

The querier will receive stream 239.0.0.2 thanks to the IGMP (*, G) report, PIM Sparse Mode, and Rendezvous Point.

Prerequisites:

• The receiver does not know the source of the stream. It will send (*, G) IGMP report.
• The source will register itself to the RP.
• At first, the traffic will go to the shared tree.
• 9.9.9.9 is the rendezvous point IP address.

PIM Spare Mode configuration:

PIM neighborship must be formed between the nodes as shown on network diagram.

This can be verified with the command 'get router info multicast pim sparse-mode neighbour'.

Below is an example with RTR output:

get router info multicast pim sparse-mode neighbour
Neighbor Interface Uptime/Expires Ver DR
Address Priority/Mode
10.141.13.223 port2 02w03d17h/00:01:17 v2 1 /
10.143.13.242 port3 02w03d17h/00:01:42 v2 1 / DR
10.132.15.215 port4 03d20h09m/00:01:40 v2 1 / DR

FHR Configuration:

show router multicast

    config router multicast

        set multicast-routing enable

            config pim-sm-global

                config rp-address

                    edit 1

                        set ip-address 9.9.9.9

                    next

                end

            end
            config interface

                edit "port2"

                    set pim-mode sparse-mode
                    set passive enable

                next

                edit "port3"

                    set pim-mode sparse-mode

                next

            end

end

RTR Configuration:

show router multicast

    config router multicast

        set multicast-routing enable

            config pim-sm-global

                config rp-address

                    edit 1

                        set ip-address 9.9.9.9

                    next

                end

            end

            config interface

                edit "port2"

                    set pim-mode sparse-mode

                next

                edit "port3"

                    set pim-mode sparse-mode

                next
                edit "port4"

                    set pim-mode sparse-mode

                next

            end

end

Rendezvous Point Configuration:

show router multicast

    config router multicast

        set multicast-routing enable

            config pim-sm-global

                config rp-address

                    edit 1

                        set ip-address 9.9.9.9

                    next

                end

            end
            config interface

                edit "RP"

                    set pim-mode sparse-mode

                next

                edit "port2"

                    set pim-mode sparse-mode

                next

            end

end

LHR Configuration:

show router multicast

    config router multicast

        set multicast-routing enable

            config pim-sm-global

                config rp-address

                    edit 1

                        set ip-address 9.9.9.9

                    next

                end

            end

            config interface

                edit "port2"

                    set pim-mode sparse-mode

                next
                edit "port3"

                    set pim-mode sparse-mode

                    set passive enable

                next

            end

end

Multicast firewall policy:

Each FortiGate should have a multicast firewall policy like this:

config firewall multicast-policy

    edit 1

        set srcintf "portX" (toward source interface)
        set dstintf "portY" (toward receiver interface)
        set srcaddr "lab-src" (unicast object address stream source)
        set dstaddr "private" (multicast object address among 224/4)

    next

end

RP specific configuration:

As soon as the source streams a flow to the multicast group, the first hop router will register this source to the RP.

This is with a unicast PIM packet, meaning that the packet needs to be authorized through the network.

Through the network example:

show firewall policy

    config firewall policy

        edit 1

            set srcintf "portX" (ingress toward the source)
            set dstintf "portY" (egress toward the RP)
            set action accept
            set srcaddr "all"
            set dstaddr "rp-lab" (RP address IP)
            set schedule "always"
            set service "PIM" (to be created service IP proto 103)

        next

end

At the Rendezvous Point example:

config firewall policy

    edit 2

        set srcintf "portX" (ingress toward the source)
        set dstintf "RP" (RP interface)
        set action accept
        set srcaddr "all"
        set dstaddr "rp-lab" (RP IP address)
        set schedule "always"
        set service "PIM"

    next

end
config system interface

    edit "RP"

        set vdom "ISP01"
        set ip 9.9.9.9 255.255.255.255
        set allowaccess ping ssh
        set type loopback

    next

end

Verification:

To verify that the register packet is sent to the RP IP 9.9.9.9, follow these steps:

• Run the PCAP on the first hop router:
  
  

diagnose sniffer packet any 'host 9.9.9.9' 6 0 l

• Start the stream for group 239.0.0.2.
• Packet will flow toward the RP.

This packet capture could be translated to PCAP format and it will give something similar.

The source of the packet is the closest interface to the source having PIM enabled. The destination is then the RP IP address 9.9.9.9.

This is a PIM packet with the register flag on. Multicast flow 10.163.11.196 to 239.0.0.2 is encapsulated in this packet.

It will allow the RP to match the source with the group.

Consequently, this information is registered on the RP multicast table.

get router info multicast pim sparse-mode table 239.0.0.2
IP Multicast Routing Table

(*,*,RP) Entries: 0
(*,G) Entries: 1
(S,G) Entries: 1
(S,G,rpt) Entries: 1
FCR Entries: 0

(10.163.11.196, 239.0.0.2) - 3
RPF nbr: 0.0.0.0
RPF idx: None
RPF RP: 0.0.0.0, -1, 2, 0, 846930886
RPF Source: 2, 2, 846930887
SPT bit: 0
Upstream State: NOT JOINED
Downstream Expired: 0
Local:
Total: 0
Joined:
Total: 0
Lost assert:
Total: 0
Outgoing:
Total: 0
(10.163.11.196, 239.0.0.2, rpt) # shared tree entry
RP: 0.0.0.0
RPF nbr: 0.0.0.0
RPF idx: None
RPF RP: 9.9.9.9, 0, 2, 1, 846930887
RPF Source: 2, 2, 846930887
Upstream State: RPT NOT JOINED
Downstream Expired: 0
Local:
Total: 0
Pruned:
Total: 0
Lost assert:
Total: 0
Outgoing:
Total: 0

Stream reception on a Linux client:

Now that the RP and shared tree is setup and populated, a client can receive that stream from anywhere on the network.

The client 10.96.11.197 is directly connected to the Last Hop Router and it will request the stream 239.0.0.2.

Some multicast debugs can show the IGMP report from the receiver:

diagnose ip router igmp all enable
diagnose ip router igmp level info
diagnose debug enable
NSM: [IGMP-DECODE] Dec Msg: IGMP V3 Membership Report, Max. Rsp. Code 0
NSM: [IGMP-DECODE] Dec V3 Grp Rec: Grp 239.0.0.2 on port3
...
diagnose debug disable

get router info multicast pim sparse-mode table 239.0.0.2
IP Multicast Routing Table

(*,*,RP) Entries: 0
(*,G) Entries: 2
(S,G) Entries: 1
(S,G,rpt) Entries: 1
FCR Entries: 0

(*, 239.0.0.2) - 3 # this entry corresponds to the PIM Join (*,G) sent by the LHP upon reception of IGMP report (*,G)
RP: 9.9.9.9
RPF nbr: 0.0.0.0
RPF idx: None
RPF RP: 9.9.9.9, 0, 3, 1, 846930887
Upstream State: JOINED
Downstream Expired: 0
Local:
Total: 0
Joined:
port2
Total: 1
Lost assert:
Total: 0
FCR:
...
(10.163.11.196, 239.0.0.2, rpt)
RP: 9.9.9.9
RPF nbr: 0.0.0.0
RPF idx: None
RPF RP: 9.9.9.9, 0, 3, 1, 846930887
RPF Source: 2, 2, 846930887
Upstream State: PRUNED #Pruned means that the flow is not going through the RP anymore but uses a better path between Source and Receiver
Downstream Expired: 0
Local:
Total: 0
Pruned:
port2
Total: 1
Lost assert:
Total: 0
Outgoing:
Total: 0

 IGMP info can be seen on LHR with this command.

get router info multicast igmp groups 239.0.0.2
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter
239.0.0.2 port3 00:09:49 00:02:58 10.96.11.197

Focus at the PIM level:

The last hop router (closest to the receiver) will first send a (*, G) PIM Join.

Then, it will receive the first multicast packet from source 10.163.11.196.

After, it will know the source for group 239.0.0.2 and then will send a (S, G) PIM Join toward the source.