Please note that I have moved this blog and you will be redirected to the new page @ netprovia.se

Wednesday, February 22, 2012

Multicast PIM-DM Acrobatics

Imagine a network looking like this:



Green boxes symbolize a small portion of two different MANs under the same management. Each city is running PIM-SM with their own RP. The cities interconnect with BGP and MSDP.

City1-R1 is directly attached to an IP-TV Service Provider. There is no PIM neighborship, the SP is just flooding all their streams out the interface connected to City1-R1.

Everything is working just fine in City1. The streams are visible in the Multicast routing table and customers all over the city can view the different channels. The MAN operator now wants customers in City 2 to be able to watch the same channels. This should be possible since they have a working MSDP connection. But of course it doesn't work because that's how it is in our wonderful world. Things don't work(tm). City2-R1 (RP) lacks the SAs from the Service Provider. Looking at the mroute table on City1-R1 reveals the following sample
#sh ip mroute 233.x.y.z

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
       V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 233.x.y.z), 7w0d/00:02:34, RP 10.x.y.z, flags: SJC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan42, Forward/Sparse, 00:41:21/00:02:30
    Port-channel70, Forward/Sparse, 11w0d/00:02:34

(a.valid.source.1.1.1.1, 233.x.y.z), 1w5d/00:03:27, flags: T
  Incoming interface: Vlan42, RPF nbr validNbr, RPF-MFD
  Outgoing interface list:
    Port-channel70, Forward/Sparse, 1w5d/00:02:40, 
Spot the flags for the S,G entry.  We are missing the A or M flags. This entry will not be propagated using MSDP. The first solution seems to be to just ask to get a MSDP connection with the Provider (will give the M-flag = propagation will occur) but this was not possible. The provider gave an explanation with some acceptable (..weeell..) arguments so we had to find a different solution.

This is when it becomes painfully obvious that Multicast is a bit of a black hole. There's not a lot of resources out there. Well that's not entirely true. There are resources but there's not a lot of real world examples. The solution finally seems to appear when an operator of the MAN remembers that he saw something about dense-mode during an Advanced Multicast session at CLEUR2012. After some digging we find that there's an add-on to ip pim dense-mode. Proxy register! From documentation:
Dense Mode with Proxy Registering
For a router in a PIM sparse mode (PIM-SM) domain configured to operate in sparse mode or sparse-dense mode, the ip pim dense-mode proxy-register command must be configured on the interface leading toward the bordering dense mode region. This configuration will enable the router to register traffic from the dense mode region with the rendezvous point (RP) in the sparse mode domain.
So we change from ip pim sparse-mode to ip pim dense-mode proxy-register on the interface facing the provider and whoop. A new show ip mroute:

#sh ip mroute 233.x.y.z

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,

       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
       V - RD & Vector, v - Vector
 
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 233.x.y.z), 7w0d/00:02:51, RP 10.x.y.z, flags: SJC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan42, Forward/Dense, 10:35:15/00:00:00
    Port-channel70, Forward/Sparse, 5w0d/00:02:51

(a.valid.source.1.1.1.1, 233.x.y.z), 5d23h/00:03:23, flags: TA  Incoming interface: Vlan42, RPF nbr validNbr, Mroute, RPF-MFD
  Outgoing interface list:
    Port-channel70, Forward/Sparse, 5d23h/00:03:01, H
Spot the flags. We now have an A which means that it will be sent to MSDP peers and verification on City2-R1 shows:

#sh ip msdp sa-cache 233.x.y.zMSDP Source-Active Cache - 1 entries for 233.x.y.z(validsource.1.1.1, 233.x.y.z), RP 10.11.254.2, BGP/AS 65001, 00:01:40/00:05:16, Peer 10.x.y.z 
 
#sh ip mroute 233.x.y.z  
(*, 233.x.y.z), 00:02:53/00:02:36, RP 10.x.y.z, flags: S  Incoming interface: Null, RPF nbr 0.0.0.0  Outgoing interface list:    GigabitEthernet1/36, Forward/Sparse, 00:02:53/00:02:36
 
(validsource.1.1.1.1, 233.x.y.z), 00:02:53/00:03:21, flags: MT  Incoming interface: Vlan2002, RPF nbr validNbr, Mroute, RPF-MFD   
Outgoing interface list:    GigabitEthernet1/36, Forward/Sparse, 00:02:53/00:02:36, H
There we go. dense-mode proxy-register solved the issue and customers in City2 can now view the channels. Note that this is a workaround solution implemented while waiting for the provider to be able to setup MSDP connections.

Saturday, February 4, 2012

Cisco Live Europe 2012

The Event

CLEUR 2012 was a LOT better than 2011. They had redone the entire venue from last year. Last year the venue felt extremely large (which it is) because there was so much walking about and while walking between different areas there were no real sense of continuity. For 2012 they had obviously given it more thought. Everything felt more like one (extremely) large area instead of several different islands who just happened to be in the same (extremely) large building.

CLEUR 2011 also left a lot of people hungry because quite frankly, the food was utterly worthless. I'm sorry England but you have no sense of taste what so ever. I'm guessing that quite a few people expressed this in the event review afterwards. This year they had given it more effort and I have to say that none of the lunches attached themselves in my memory. That might not sound good but remember that we're talking about lunch for oh I don't know how many, around 7k? It's impossible to serve something that anyone will remember as one of the top 5, 10 or even 100 experiences of their lives. Look at it from the other angle instead, if I don't remember the lunches they can't have been bad, right? Well done! 

But same as last year, there's just not enough coffee available. I realize that they don't want to serve coffee outside of the breakout rooms because they of course want the people to move down to the World of Solutions. They need to have people there or no one will pay for a booth next year. That's all understandable and acceptable. BUT! With only one escalator going each way to/from the breakouts and World of Solutions as well as a pretty damn long walk it takes better part of a 30 min break to just do a coffee raid. And what's with not even having coffee in the World of Solutions at the lunch break? Official response from @CiscoLiveEurope was that there would be Coffee at 3 pm. Guys, seriously. We swedes need our own coffee container!

Keynotes

I barely remember what Padmasree Warrior talked about. The entire speech felt more like something aimed at management and not the more technical types who I am sure makes up at least 98% of the attendees. We're not interested in fluff. Fluff is for those who don't understand what's really going on. Yes, I'm talking about management.

Dave Evans gave the second keynote. It was slightly more interesting but I think he left his charisma in some sort of jet lag or something. Don't look at the floor! Change your tone now and then! And be more prepared when you "interview" the guest speaker.

Richard Noble from Bloodhound Project was guest speaker during the second keynote. Excellent! He was way more charismatic than Dave and I would really have liked to hear more about the Bloodhound project!

So in summary: this years keynotes lands at the bottom in the list of Live's I've attended (only 3 so still Bronze, I guess).

Breakouts


It was much harder to schedule my breakouts this year. Probably because it was my third time in four years. I skipped a lot of sessions because they felt like something I've heard before. But as always there were a couple of good sessions. I especially liked the session about IPv6 security. I wish I hadn't changed form Advanced LISP to Carrier Ethernet as techtorial. I've been to three techtorials now and the best one was my first. It was about Datacenter and they did about 60 min (?) of talking followed by 15 min of demo about what they had just talked about and then on to the next subject. The other two were pretty much 98% talk and 2% demo. That's not a good setup for a 9 hour day. It needs to be more alive. I will have to think very hard about a techtorial next year. It's not worth the 500 extra quid for about as many extra slides.

Summary


All in all I'm happy with the week. 8.5 routers out of 10. I can't really think of anything they could do to make it better. At least not something that is likely. More escalators would be a nice surprise, I guess. I feel a bit Cisco-Live-saturated and as it is right now I don't feel like going next year. But I know that will change I will most likely be back in London this time next year.

So yeah, apart from not having coffee CLEUR 2012 was a VERY well planned and designed. Well done!