SPs do not want shared RP
- dependance on competitor’s RP
- RP location in topology is fixed
- need to discover mcast sources on other RPs
- need PIM-SM: efficiency + scalability
- not SSM: legacy HW does not support it, less control
MSDP
- TCP 639, UDP possible
- lower address sends SYN, higher address waits for SYN
- only SPT between domains, after that – LHR SPT switchover
- used along with MP-BGP, PIM-SM; RP configuration
- RP receives info about sources from other domains; sends (S,G) Join if there is an active receiver
- SA – source active
- timers:
- SA send: 60s default (fixed)
- peer timeout: 75s, refreshed by keepalive or SA
- SA timeout: 150s (fixed)
- peer reset: 30s default; amount of time to wait before reestablishing session after session reset
- if only one MSDP peer configured, all SAs are accepted from it
- sends all the groups, including local 224.0.0.0/23
- messages:
- SA:
- RP address, (S,G) entries, 1st mcast packet
- unicast, TTL = 255
- type = 1
- SA request: type = 2
- SA response: type = 3
- keepalive: type = 4
- notification (≡ error): type = 5
- SA:
- creating SA: local src starts streaming ≡ Register received or source is connected directly
- on receiving SA – flood to everyone except to RPF-peer and back to mesh group
- mesh group: full-mesh MSDP, split-horizon as in iBGP
- MD5 authentication
- usually info from SA is stored:
- peers send request if receiver activates; request is not flooded further
- caching has to be enabled
- reduces the delay for adding to the group (~ SA send timer)
- cache SA on peers:
- send SA request, not forwarded further by peers
- if info is available, send SA response; not forwarded further on receipt
- if peer is not caching → notification
(config)# ip access-list extended <ACL>
; Auto-RP groups, always on = announced by MSDP
deny ip any host 224.0.1.39
deny ip any host 224.0.1.39
; check mcast packets within SA for TTL threshold
(config)# ip msdp ttl-threshold <peer IP> <TTL>
; intf – interface for TCP session
(config)# ip msdp peer <IP> [connect-source <intf>]
; uses address from intf for RP field within SA
(config)# ip msdp originator-id <intf>
; no filtering by default; if no ACL specified – filter all
(config)# ip msdp sa-filter in|out <IP> [list <ACL>]
(config)# ip msdp password peer <IP> <PASSWD>
; on default
(config)# ip msdp cache-sa-state [list <ACL>]
; IP = peer address; SA requests are not sent by default
(config)# ip msdp sa-request <IP>
(config)# ip msdp timers <secs>
(config)# ip msdp mesh-group <NAME> peer <IP>
(config)# ip msdp keepalive <PEER> <KEEPALIVE> <HOLD>
; all SA are accepted; if several addresses configured, the first is used as long as it is alive
(config)# ip msdp default-peer <IP> [prefix-list <LST>]
; on exceeding the limit new SAs are ignored
(config)# ip msdp sa-limit <PEER> <limit>
# show ip msdp summary
sa-cache
# debug ip msdp peer
# clear ip msdp peer
sa-cache
RPF check
- S – RP, not the source
- S → N → R
Cisco
- route towards S must be in BGP table (mcast or unicast AF)
- if MSDP peer is also a iBGP peer
- iBGP peer has to sent bestpath (not necessarily being next-hop), identified by IP address (not RID)
- implication: iBGP topology ≡ MSDP topology
- if MSDP peer is also a eBGP peer
- pass if MSDP peer AS = first AS in bestpath AS_PATH to S
- if MSDP peer is not BGP peer:
- compare next ASN towards S and MSDP peer ASN
- route towards MSDP peer and S must be in BGP table (mcast or unicast AF)
- not applied if:
- single MSDP peer
- mesh group member
- RP = MSDP peer address
RFC 3618
- RPF peer configured manually
- N has originated SA (source is registered at N)
- N – member of mesh-group R
- eBGP next-hop towards S
- iBGP advertiser of bestpath or IGP next-hop for directly connected MSDP peers
- N is from the closest AS to S according to AS_PATH (if tie, hishest IP wins)
- drop
- IGP can be used
- transit AS between MSDP peers are allowed
- no need for MSDP on RR
(config)# ip msdp rpf rfc3618
Cisco RPF: AS_PATH(A) via AS2 ≠ AS3 – drop RFC RPF: AS3 peer is in the closest AS to A – permit
MSDP messages
SA (0x01) / SA Response (0x03)
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length | Entry count |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RP address |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+
| Reserved | Sprefix length | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| Group address | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ \
| Source address 1 | > Group
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / info
| ... | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
| Source address n | |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+--+
Sprefix length: source address length, = 32
SA request (0x02), deprecated
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length = 8 | Gprefix len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Group address prefix |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Keepalive (0x04)
0 1 2
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length = 3 |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Notification (0x05), deprecated
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Type | Length |O| Error code |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Error subcode | \
+-+-+-+-+-+-+-+-+ Data /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
O: open bit, 0 ≡ on receiving notification close TCP
Error:
- 1: message header error:
- 0: unspecific, O = 0
- 2: bad msg length, O = 0
- 3: bad msg type
- 2: SA request error:
- 0: unspecific, O = 0
- 1: does not cache SA, O = 0
- 2: invalid group, O = 0
- 3: SA msg/response error:
- 0: unspecific, O = 0
- 1: invalid entry count
- 2: invalid RP address, O = 0
- 3: invalid group address, O = 0
- 4: invalid source address, O = 0
- 5: invalid sprefix length, O = 0
- 6: looping SA (RP itself), O = 0
- 7: unknown encap, O = 0
- 8: admin scope violated, O = 0
- 4: Holdtimer expired:
- 0: unspecific, O = 0
- 5: FSM error:
- 0: unspecific, O = 0
- 1: unexpected msg type, O = 0
- 6: Notification
- 0: unspecific, O = 0
- 7: Cease
- 0: unspecific, O = 0
Mroute flags
- M: MSDP-created entry
- A: candidate MSDP advertisement
Originator ID
- if RP configured: highest RP address
- if RP not configured: highest loopback address
- if several RPs, has to be assigned manually, otherwise RPF might fail
- best practice: MBGP src = originator ID
Anycast RP
- different RPs have the same address
- source might register at RP_A, receiver – at RP_B ⇒ MSDP is needed to exchange sources
- enable load-sharing within single mcast group
- originator-id is used to distinguish messages from different RPs
- avoid RID conflicts (e.g. OSPF):
- use lowest IP for RP
- set RID manually
- configure secondary IP and use it for RP
- alternative – PIM anycast (RFC 4610), NX-OS only