I'm having some issues with multicast flooding our network. Here is
the situation. We use Altiris RapiDeploy, a computer imaging software
package, that will unicast to one client (the master client) on a
remote network and that master client will then image himself as well
as multicast the image to all other clients on the segment. Because of
this feature, we do not need any multicast routing. Each site has one
multilayer switch (Cisco 3560) that is configured to be the multicast
router and cgmp server. Each site also has a mix of Cisco 2950's and
3500's. The 2950's support IGMP Snooping, but the 3500's only support
CGMP.
I have set up a test bunch of about 4 machines to re-image to try and
figure out what is going on, and so far these are my results.
First I placed all 4 machines on the same switch, a Cisco 3524 which
only supports CGMP. Running a sniffer, I notice that all 4 machines
send out a IGMP v1 Membership Report for the group 224.2.0.5. I also
sniffed the incoming interface on the 3560 which is acting as the
router, and verified that the IGMP Membership Reports were reaching it
as well. The problem is the 3524 still does not seem to know who is in
which group, because I can run "show cgmp" and the group 224.2.0.5 only
shows one port, Gi0/2 (The port connecting this switch to the router).
However none of the other interfaces that my 4 machines are connected
to are showing. So I'm thinking that the either the router is not
getting the IGMP messages, therefore not sending out CGMP messages, or
it is recieving the IGMP messages and the switch is just not getting
the CGMP messages. So back on the 3560 I run the "show ip igmp
membership" and I do not see anything for the group 224.2.0.5. I'm not
sure if there should be an entry for this group, but I would assume so
since there are several other entries for other multicast groups, such
as 224.0.1.40, 224.0.1.60, 239.255.255.250, and so on. If I run "debug
ip igmp" I never see anything for the 224.2.0.5 group, just all the
other groups listed in the "show ip igmp membership". But I can run a
"show ip mroute" and I do see a *,224.2.0.5 entry however it's outgoing
interface list is Null. There are also routes for each of the 4
machines (Ip of machine, 224.2.0.5). So this tells me that the router
knows about the group, but for some reason is not taking the membership
reports and sending cgmp updates to the switches.
I may be way in over my head here, but I am trying to give enough
information to keep this from being way too long to read. I can be
much more specific, but I want to give a brief overview at first and
hopefully someone can at least point me in the right direction.
Some additional info, when all 4 machines are left on a CGMP switch,
multicast doesn't work, so the imaging server starts a unicast delivery
to each client. Obviously not ideal, but still not a major issue. The
major issue starts when there is one or more clients on an IGMP
snooping capable switch. The 2950, which are capable of IGMP snooping,
are correctly identifying the ports to multicast to. Therefore when an
image is sent if a client is on this switch a multicast session can be
started because the switch correctly sends the multicast traffic to the
correct ports. And for some reason, the IGMP switch will send the
traffic out all the correct ports as well as the Gi0/2 port. This
forwards the traffic to the CGMP enabled switch and since it doesn't
have anything in its mac-address-table for that multicast address it
floods every port on that switch.
If anyone can offer any help on how best to troubleshoot this issue, I
would be more than thankful.
Thanks in advance,
Matt
The router config looks like this:
(Vlan 170 is what all the machines are in, Vlan 870 is our voice vlan)
.... sniped ...
ip routing
!
ip multicast-routing distributed
!
....sniped...
interface GigabitEthernet0/1
no switchport
ip address 192.168.1.27 255.255.255.0
no ip mroute-cache
!
interface GigabitEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
ip address 192.168.170.1 255.255.255.0
no ip mroute-cache
!
interface Vlan170
ip address 10.64.170.1 255.255.254.0
ip helper-address 10.64.15.4
ip helper-address 10.64.15.45
ip pim sparse-dense-mode
ip cgmp router-only
ip mroute-cache distributed
!
interface Vlan870
ip address 172.16.170.1 255.255.255.0
ip helper-address 172.16.254.254
no ip mroute-cache
!
.... snip ...
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip pim rp-address 192.168.170.1
!
....sniped...
All of the switches have CGMP or IGMP Snooping enabled by default.
Post a Comment
Post a Comment