ZXSEC US

Multicast Technical Note

Version 3.5

ZTE CORPORATION
ZTE Plaza, Keji Road South,
Hi-Tech Industrial Park,
Nanshan District, Shenzhen,
P. R. China
518057
Tel: (86) 755 26771900 800-9830-9830
Fax: (86) 755 26772236
URL: http://support.zte.com.cn
E-mail: [email protected]
LEGAL INFORMATION

Copyright © 2006 ZTE CORPORATION.

The contents of this document are protected by copyright laws and international treaties. Any reproduction or
distribution of this document or any portion of this document, in any form by any means, without the prior written
consent of ZTE CORPORATION is prohibited. Additionally, the contents of this document are protected by
contractual confidentiality obligations.

All company, brand and product names are trade or service marks, or registered trade or service marks, of ZTE
CORPORATION or of their respective owners.

This document is provided “as is”, and all express, implied, or statutory warranties, representations or conditions
are disclaimed, including without limitation any implied warranty of merchantability, fitness for a particular purpose,
title or non-infringement. ZTE CORPORATION and its licensors shall not be liable for damages resulting from the
use of or reliance on the information contained herein.

ZTE CORPORATION or its licensors may have current or pending intellectual property rights or applications
covering the subject matter of this document. Except as expressly provided in any written license between ZTE
CORPORATION and its licensee, the user of this document shall not acquire any license to the subject matter
herein.

ZTE CORPORATION reserves the right to upgrade or make technical change to this product without further notice.

Users may visit ZTE technical support website http://ensupport.zte.com.cn to inquire related information.

The ultimate right to interpret this product resides in ZTE CORPORATION.

Revision History

Date Revision No. Serial No. Reason for Issue

Sep 11, 2008 R1.0 Sjzl20084036 First edition
ZTE CORPORATION
Values Your Comments & Suggestions!
Your opinion is of great value and will help us improve the quality of our product
documentation and offer better services to our customers.
Please fax to (86) 755-26772236 or mail to Documentation R&D Department, ZTE
CORPORATION, ZTE Plaza, A Wing, Keji Road South, Hi-Tech Industrial Park,
Shenzhen, P. R. China 518057.
Thank you for your cooperation!

Document
ZXSEC US Multicast Technical Note
Name
Document Revision
Product Version V 3.5 R1.0
Number
Equipment
Serial No. Sjzl20084036
Installation Date

Presentation:
(Introductions, Procedures, Illustrations, Completeness, Level of Detail, Organization,
Appearance)
Good Fair Average Poor Bad N/A

Your evaluation Accessibility:

of this
(Contents, Index, Headings, Numbering, Glossary)
documentation
Good Fair Average Poor Bad N/A

Intelligibility:
(Language, Vocabulary, Readability & Clarity, Technical Accuracy, Content)
Good Fair Average Poor Bad N/A

Please check the suggestions which you feel can improve this documentation:
Improve the overview/introduction Make it more concise/brief
Improve the Contents Add more step-by-step procedures/tutorials
Improve the organization Add more troubleshooting information
Include more figures Make it less technical
Your Add more examples Add more/better quick reference aids
suggestions for Add more detail Improve the index
improvement of
this Other suggestions
documentation __________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
# Please feel free to write any comments on an attached sheet.

If you wish to be contacted regarding your comments, please complete the following:
Name Company
Postcode Address
Telephone E-mail
This page is intentionally blank.
Contents

About This Manual ............................................................ i

About ZXSEC US Multicast....................................................... i
How to Use this Manual .......................................................... i
What Is in This Manual .......................................................... ii
Conventions ......................................................................... ii
How to Get in Touch............................................................. iii

Chapter 1.......................................................................... 1

ZXSEC US Multicast Forwarding ...................................... 1

Overview .......................................................................1
Multicast IP Addresses .....................................................2
Multicast Forwarding and ZXSEC US Units...........................3
Multicast Forwarding and RIPv2 .............................................. 3
Configuring ZXSEC US Multicast Forwarding........................4
Adding Multicast Firewall Policies ............................................. 5
Enabling Multicast Forwarding................................................. 7

Chapter 2.......................................................................... 9

Configuring ZXSEC US Multicast...................................... 9

Overview .......................................................................9
Config Router Multicast ....................................................9
Sparse Mode ...................................................................... 10
Dense Mode ....................................................................... 11
Command Syntax Pattern .................................................... 12
Config Router Multicast ........................................................ 13
Config Interface.................................................................. 15
Config Pim-sm-global .......................................................... 20

Chapter 3........................................................................ 27

Multicast Routing Example ............................................ 27

Example ZXSEC US PIM-SM Configuration using a Static RP 28
 Configuration Steps .............................................................29
ZXSEC US PIM-SM Debugging Examples........................... 35
Checking that the Receiver has joined the Required Group ........36
Checking the PIM-SM Neighbors ............................................36
Checking that the PIM Router can reach the RP........................36
Viewing the Multicast Routing Table (US-3) .............................37
Viewing the PIM Next-hop Table ............................................39
Viewing the PIM Multicast Forwarding Table ............................39
Viewing the Kernel Forwarding Table......................................39
Viewing the Multicast Routing Table (US-2) .............................40
Viewing the Multicast Routing Table (US-1) .............................41
Example Multicast Destination NAT (DNAT) Configuration ... 42
Example PIM Configuration that uses BSR to find the RP ..... 45
Commands Used in this Example ...........................................46
Configuration Steps .............................................................48
Example Debug Commands ..................................................57

Figures............................................................................61

Tables .............................................................................63
About This Manual

About ZXSEC US Multicast

You can use multicasting (also called IP multicasting) to cause a
source to send data to many receivers simultaneously,
conserving bandwidth and reducing network traffic. Multicasting
can be used for one-way delivery of media streams to multiple
receivers and for one-way data transmission for news feeds,
financial information, and so on. Also RIPv2 uses multicast to
share routing table information.
This document describes how to configure ZXSEC US units to
forward multicast packets and how to use ZXSEC US units as
multicast routers.
This document provides some basic information about
multicasting, describes ZXSEC US multicast support and contains
a number of ZXSEC US multicast examples.
This document contains the following chapters:
„ ZXSEC US multicast forwarding describes the basics of
ZXSEC US multicast forwarding in NAT and Transparent
modes. This chapter also describes multicast firewall policies
and how to enable multicast forwarding.
„ Configuring ZXSEC US multicast routing describes using the
config router multicast CLI command to configure ZXSEC US
units to act as multicast routers.
„ Multicast routing examples describes multicast routing
configuration examples and also contains information about
displaying multicast routing debug information

How to Use this Manual

This manual allows the carrier to know ZXSEC US product
features and detailed functions. The manual applies to the
ZXSEC US products, and is applicable to the technical personnel
who are familiar with the principles of mobile network
communications.

Confidential and Proprietary Information of ZTE CORPORATION i

ZXME MMSC Multimedia Messaging Center Service Function Description

What Is in This Manual

This manual contains the following chapters:

TABLE 1 CHAPTER SUMM ARY

Chapter Summary
Describes configuring ZXSEC US units to
Chapter 1, ZXSEC US
forward multicast traffic and contains the
Multicast Forwarding
following sections
Chapter 2, Configuring Contains a copy of the description of the
ZXSEC US Multicast config router multicast CLI command
Chapter 3, Multicast Contains the following multicast routing
Routing Example configuration examples and information

Conventions
Typographical ZTE documents employ the following typographical conventions.
Conventions
TABLE 2 TYPOGRAPHICAL CONVENTIONS

Typeface Meaning
Italics References to other Manuals and documents.
“Quotes” Links on screens.
Bold Menus, menu options, function names, input
fields, radio button names, check boxes, drop-
down lists, dialog box names, window names.
CAPS Keys on the keyboard and buttons on screens
and company name.
Constant width Text that you type, program code, files and
directory names, and function names.
[] Optional parameters.
{} Mandatory parameters.
| Select one of the parameters that are delimited
by it.
Note: Provides additional information about a
certain topic.

Mouse TABLE 3 MOUSE OPERATION CONVENTIONS

Operation
Conventions Typeface Meaning
Click Refers to clicking the primary mouse button (usually
the left mouse button) once.

ii Confidential and Proprietary Information of ZTE CORPORATION

 Typeface Meaning
Double-click Refers to quickly clicking the primary mouse button
(usually the left mouse button) twice.
Right-click Refers to clicking the secondary mouse button
(usually the right mouse button) once.
Drag Refers to pressing and holding a mouse button and
moving the mouse.

How to Get in Touch

The following sections provide information on how to obtain
support for the documentation and the software.
Customer If you have problems, questions, comments, or suggestions
Support regarding your product, contact us by e-mail at
[email protected]. You can also call our customer support
center at (86) 755 26771900 and (86) 800-9830-9830.
Documentation ZTE welcomes your comments and suggestions on the quality
Support and usefulness of this document. For further questions,
comments, or suggestions on the documentation, you can
contact us by e-mail at [email protected]; or you can fax your
comments and suggestions to (86) 755 26772236. You can also
browse our website at http://support.zte.com.cn, which contains
various interesting subjects like documentation, knowledge base,
forum and service request.

Confidential and Proprietary Information of ZTE CORPORATION iii

ZXME MMSC Multimedia Messaging Center Service Function Description

This page is intentionally blank.

iv Confidential and Proprietary Information of ZTE CORPORATION

Chapter 1

ZXSEC US Multicast
Forwarding

Overview
Multicasting (also called IP multicasting) consists of using a
single multicast source to send data to many receivers.
Multicasting can be used to send data to many receivers
simultaneously while conserving bandwidth and reducing
network traffic. Multicasting can be used for one-way delivery of
media streams to multiple receivers and for one-way data
transmission for news feeds, financial information, and so on.
Also RIPv2 uses multicasting to share routing table information.
A multicast network typically consists of one or more multicast
sources and one our more multicast receivers. Multicast sources
send multicast packets and multicast receivers receive multicast
packets.
Usually there are various network components in between the
sources and the receivers. These network components may just
forward multicast packets or they may route multicast packets.
Network components that route multicast packets are multicast
routers.
Using a multicast router means that the source only needs to
transmit a single stream of data to the multicast router. The
multicast router routes the data to the receivers. The receivers
can be single receivers or can be part off a multicast group. The
multicast router makes decisions about how to route the packets
to receivers and multicast groups. Typically the multicast router
makes routing decisions based on the source and destination
addresses of the multicast packets. The multicast router can also
apply network address translation (NAT) to multicast packets.
This chapter describes configuring ZXSEC US units to forward
multicast traffic and contains the following sections:
„ Multicast IP addresses

Confidential and Proprietary Information of ZTE CORPORATION 1

ZXSEC US Multicast Technical Note

„ Multicast forwarding and ZXSEC US units

„ Configuring ZXSEC US multicast forwarding
ZXSEC US units operating in NAT/Route mode can also be
configured as multicast routers. You can configure a ZXSEC US
unit to be a Protocol Independent Multicast (PIM) router
operating in Sparse Mode (SM) or Dense Mode (DM). Configuring
a ZXSEC US unit for multicast routing is described in
“Configuring ZXSEC US multicast routing”. For multicast routing
configuration examples, see “Multicast routing examples”.

Multicast IP Addresses
Multicast uses the Class D address space. The 224.0.0.0 to
239.255.255.255 IP address range is reserved for multicast
groups. The multicast address range applies to multicast groups,
not to the originators of multicast packets. Table 4 lists reserved
multicast address ranges and describes what they are reserved
for:

TABLE 4 M AIN FUNCTIONS OF SERVICE OBSERVATION SUBSYSTEM

Reserved
Use Use
Address Range
In this range,
packets are not
forwarded by the
Used for network router but remain on
protocols on local the local network.
224.0.0.0 to
networks. For more They have a Time to
224.0.0.255
information, see RFC Live (TTL) of 1.
1700 These addresses are
used for
communicating
routing information.
Global addresses used Some of these
for multicasting data addresses are
224.0.1.0 to between organizations reserved, for
238.255.255.255 and across the Internet. example, 224.0.1.1
For more information, is used for Network
see RFC 1700 Time Protocol (NTP).
Routers are
Limited scope addresses
configured with filters
used for local groups and
239.0.0.0 to to prevent multicasts
organizations. For more
239.255.255.255 to these addresses
information, see RFC
from leaving the local
2365.
system

2 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 1 ZXSEC US Multicast Forwarding

Multicast Forwarding and

ZXSEC US Units
In both Transparent mode and NAT/Route mode you can
configure ZXSEC US units to forward multicast traffic.
For a ZXSEC US unit to forward multicast traffic you must add
ZXSEC US multicast firewall policies. Basic multicast firewall
policies accept any multicast packets at one ZXSEC US interface
and forward the packets out another ZXSEC US interface. You
can also use multicast firewall policies to be selective about the
multicast traffic that is accepted based on source and destination
address, and to perform NAT on multicast packets.
In the example shown in Figure 1, a multicast source on the
Marketing network with IP address 192.168.5.18 sends multicast
packets to the members of network 239.168.4.0. At the ZXSEC
US unit, the source IP address for multicast packets originating
from workstation 192.168.5.18 is translated to 192.168.18.10.
In this example, the ZXSEC US unit is not acting as a multicast
router.

Multicast Forwarding and RIPv2

RIPv2 uses multicast to share routing table information. If your
ZXSEC US unit is installed on a network that includes RIPv2
routers, you must configure the ZXSEC US unit to forward
multicast packets so that RIPv2 devices can share routing data
through the ZXSEC US unit. No special ZXSEC US configuration
is required to share RIPv2 data, you can simply use the
information in the following sections to configure the ZXSEC US
unit to forward multicast packets.

Note:
RIPv1 uses broadcasting to share routing table information. To
allow RIPv1 packets through a ZXSEC US unit you can add
standard firewall policies. Firewall policies to accept RIPv1
packets can use the ANY predefined firewall service or the RIP
predefined firewall service.

Confidential and Proprietary Information of ZTE CORPORATION 3

ZXSEC US Multicast Technical Note

F I G U R E 1 E X A MP L E G A T EW A Y- T O - G AT E W AY C O N F I G U RA T I O N

Configuring ZXSEC US
Multicast Forwarding
You configure ZXSEC US multicast forwarding from the
Command Line Interface (CLI). Two steps are required:
„ Adding multicast firewall policies
„ Enabling multicast forwarding
This second step is only required if your ZXSEC US unit is
operating in NAT mode. If your ZXSEC US unit is operating in
Transparent mode, adding a multicast policy enables multicast
forwarding.

Note:

4 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 1 ZXSEC US Multicast Forwarding

For most US OS v3.0 maintenance releases you do not have to

enable multicast forwarding in transparent mode.

Adding Multicast Firewall Policies

You need to add firewall policies to allow packets to pass from
one interface to another. Multicast packets require multicast
firewall policies. You add multicast firewall policies from the CLI
using the config firewall multicast-policy command. As with
unicast firewall policies, you specify the source and destination
interfaces and optionally the allowed address ranges for the
source and destination addresses of the packets.
You can also use multicast firewall policies to configure source
NAT and destination NAT for multicast packets.
Keep the following in mind when configuring multicast firewall
policies:
„ The matched forwarded (outgoing) IP multicast source IP
address is changed to the configured IP address.
„ Source and Destination interfaces are optional. If left blank,
then the multicast will be forwarded to ALL interfaces.
„ Source and Destination addresses are optional. If left un set,
then it will mean ALL addresses.
„ The nat keyword is optional. Use it when source address
translation is needed.

Command Syntax Pattern

config firewall multicast-policy

edit <id_integer>
set action <accept | deny>
set dnat <address>
set dstaddr <address_ipv4mask>
set dstintf <name_str>
set nat <address_ipv4>
set srcaddr <address_ipv4mask>
set srcintf <name_str>
set protocol <integer>
set start-port <integer>
set end-port <integer>
end

Confidential and Proprietary Information of ZTE CORPORATION 5

ZXSEC US Multicast Technical Note

TABLE 5 KEYWORDS AND VARIABLES

Keywords and
Description Default
variables
The unique ID number
id_integer No default
of this multicast policy
action <accept |
Enter the policy action accept
deny>
Translate externally
received multicast
destination addresses
dnat <address> to addresses that 0.0.0.0
conform to your
organization's internal
addressing policy
Enter the destination
dstaddr IP address and
netmask to match 0.0.0.0
<address_ipv4mask> against multicast NAT
packets.
Enter the destination
interface name to
dstintf <name_str> No default
match against
multicast NAT packets.
Enter the IP address to
substitute for the
nat <address_ipv4> 0.0.0.0
original source IP
address.
Enter the source IP
Srcaddr address and netmask 0.0.0.0
<address_ipv4mask> to match against 0.0.0.0
multicast NAT packets.
Enter the source
interface name to
srcintf <name_str> No default
match against
multicast NAT packets.
Limit the number of
protocols (services)
protocol <integer> No default
sent out via multicast
using the ZXSEC US.
The beginning of the
start-port <integer> port range used for No default
multicast.
The end of the port
end-port <integer> range used for No default
multicast.

Example

This example shows how to configure the multicast firewall

policy required for the configuration shown in Figure 1. This

6 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 1 ZXSEC US Multicast Forwarding

policy accepts multicast packets that are sent from a PC with IP

address 192.168.5.18 to destination address range 239.168.4.0.
The policy allows the multicast packets to enter the internal
interface and then exit the external interface. When the packets
leave the external interface their source address is translated to
192.168.18.10
config firewall multicast-policy
edit 5
set srcaddr 192.168.5.18 255.255.255.255
set srcintf internal
set destaddr 239.168.4.0 255.255.255.0
set dstintf external
set nat 192.168.18.10
end
This example shows how to configure a multicast firewall policy
so that the ZXSEC US unit forwards multicast packets from a
multicast Server with an IP 10.10.10.10 is broadcasting to
address 225.1.1.1.
This Server is on the network connected to the ZXSEC US DMZ
interface.
config firewall multicast-policy
edit 1
set srcintf DMZ
set srcaddr 10.10.10.10 255.255.255.255
set dstintf Internal
set dstaddr 225.1.1.1 255.255.255.255
set action accept
edit 2
set action deny
end

Enabling Multicast Forwarding

Multicast forwarding is disabled by default. In NAT mode you
must use the multicast-forward keyword of the system settings
CLI command to enable multicast forwarding. When multicast-
forward is enabled, the ZXSEC US unit forwards any multicast IP
packets in which the TTL is 2 or higher to all interfaces and VLAN
interfaces except the receiving interface. The TTL in the IP
header will be reduced by 1. Even though the multicast packets
are forwarded to all interfaces, you must add firewall policies to
actually allow multicast packets through the ZXSEC US. In our

Confidential and Proprietary Information of ZTE CORPORATION 7

ZXSEC US Multicast Technical Note

example, the firewall policy allows multicast packets received by

the internal interface to exit to the external interface.

Note:
Enabling multicast forwarding is only required if your ZXSEC US
unit is operating in NAT mode. If your ZXSEC US unit is
operating in Transparent mode, adding a multicast policy
enables multicast forwarding.
Enter the following CLI command to enable multicast forwarding:
config system settings
set multicast-forward enable
end
If multicast forwarding is disabled and the ZXSEC US unit drops
packets that have multicast source or destination addresses.
You can also use the multicast-ttl-notchange keyword of the
system settings command so that the ZXSEC US unit does not
increase the TTL value for forwarded multicast packets. You
should use this option only if packets are expiring before
reaching the multicast router.
config system settings
set multicast-ttl-notchange enable
end

8 Confidential and Proprietary Information of ZTE CORPORATION

Chapter 2

Configuring ZXSEC US
Multicast

Overview
This chapter contains a copy of the description of the config
router multicast CLI command.
You use the config router multicast command to configure the
ZXSEC US unit to act as a Protocol Independent Multicast (PIM)
version 2 router.
The ZXSEC US web-based manager you can go to Router >
Dynamic > Multicast to configure basic PIM options. From the
web-based manager you can configure sparse mode or dense
mode operation on any ZXSEC US interface. For information
about the web-based manager PIM options, see the web-based
manager online help or the ZXSEC US Administration Guide.

Config Router Multicast

A ZXSEC US unit can operate as a Protocol Independent
Multicast (PIM) version 2 router in the root virtual domain.
ZXSEC US units support PIM sparse mode (RFC 4601) and PIM
dense mode (RFC 3973) and can service multicast servers or
receivers on the network segment to which a ZXSEC US
interface is connected. Multicast routing is only available in the
root virtual domain. It is not supported in Transparent mode (TP
mode).

Note:
To support PIM communications, the sending/receiving
applications and all connecting PIM routers in between must be
enabled with PIM version 2. PIM can use static routes, RIP, OSPF,
or BGP to forward multicast packets to their destinations. To

Confidential and Proprietary Information of ZTE CORPORATION 9

ZXSEC US Multicast Technical Note

enable source-to-destination packet delivery, either sparse mode

or dense mode must be enabled on the PIM-router interfaces.
Sparse mode routers cannot send multicast messages to dense
mode routers. In addition, if a ZXSEC US unit is located between
a source and a PIM router, two PIM routers, or is connected
directly to a receiver, you must create a firewall policy manually
to pass encapsulated (multicast) packets or decapsulated data
(IP traffic) between the source and destination.
A PIM domain is a logical area comprising a number of
contiguous networks. The domain contains at least one Boot
Strap Router (BSR), and if sparse mode is enabled, a number of
Rendezvous Points (RPs) and Designated Routers (DRs). When
PIM is enabled on a ZXSEC US unit, the ZXSEC US unit can
perform any of these functions at any time as configured.

Sparse Mode
Initially, all candidate BSRs in a PIM domain exchange bootstrap
messages to select one BSR to which each RP sends the
multicast address or addresses of the multicast group(s) that it
can service.
The selected BSR chooses one RP per multicast group and
makes this information available to all of the PIM routers in the
domain through bootstrap messages. PIM routers use the
information to build packet distribution trees, which map each
multicast group to a specific RP. Packet distribution trees may
also contain information about the sources and receivers
associated with particular multicast groups.

Note:
When a ZXSEC US interface is configured as a multicast
interface, sparse mode is enabled on it by default to ensure that
distribution trees are not built unless at least one downstream
receiver requests multicast traffic from a specific source. If the
sources of multicast traffic and their receivers are close to each
other and the PIM domain contains a dense population of active
receivers, you may choose to enable dense mode throughout the
PIM domain instead.
An RP represents the root of a non-source-specific distribution
tree to a multicast group. By joining and pruning the information
contained in distribution trees, a single stream of multicast
packets (for example, a video feed) originating from the source
can be forwarded to a certain RP to reach a multicast destination.
Each PIM router maintains a Multicast Routing Information Base
(MRIB) that determines to which neighboring PIM router join and
prune messages are sent. An MRIB contains reverse-path
information that reveals the path of a multicast packet from its
source to the PIM router that maintains the MRIB.

10 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 2 Configuring ZXSEC US Multicast

To send multicast traffic, a server application sends IP traffic to

a multicast group address. The locally elected DR registers the
sender with the RP that is associated with the target multicast
group. The RP uses its MRIB to forward a single stream of IP
packets from the source to the members of the multicast group.
The IP packets are replicated only when necessary to distribute
the data to branches of the RP’s distribution tree.
To receive multicast traffic, a client application can use Internet
Group Management Protocol (IGMP) version 1 (RFC 1112), 2
(RFC 2236), or 3 (RFC 3376) control messages to request the
traffic for a particular multicast group. The locally elected DR
receives the request and adds the host to the multicast group
that is associated with the connected network segment by
sending a join message towards the RP for the group. Afterward,
the DR queries the hosts on the connected network segment
continually to determine whether the hosts are active. When the
DR no longer receives confirmation that at least one member of
the multicast group is still active, the DR sends a prune message
towards the RP for the group.

Dense Mode
The packet organization used in sparse mode is also used in
dense mode. When a multicast source begins to send IP traffic
and dense mode is enabled, the closest PIM router registers the
IP traffic from the multicast source (S) and forwards multicast
packets to the multicast group address (G). All PIM routers
initially broadcast the multicast packets throughout the PIM
domain to ensure that all receivers that have requested traffic
for multicast group address G can access the information if
needed.
To forward multicast packets to specific destinations afterward,
the PIM routers build distribution trees based on the information
in multicast packets. Upstream PIM routers depend on
prune/graft messages from downstream PIM routers to
determine if receivers are actually present on directly connected
network segments. The PIM routers exchange state refresh
messages to update their distribution trees. ZXSEC US units
store this state information in a Tree Information Base (TIB),
which is used to build a multicast forwarding table. The
information in the multicast forwarding table determines
whether packets are forwarded downstream. The forwarding
table is updated whenever the TIB is modified.
PIM routers receive data streams every few minutes and update
their forwarding tables using the source (S) and multicast group
(G) information in the data stream. Superfluous multicast traffic
is stopped by PIM routers that do not have downstream
receivers—PIM routers that do not manage multicast groups
send prune messages to the upstream PIM routers. When a
receiver requests traffic for multicast address G, the closest PIM

Confidential and Proprietary Information of ZTE CORPORATION 11

ZXSEC US Multicast Technical Note

router sends a graft message upstream to begin receiving

multicast packets.

Command Syntax Pattern

config router multicast
set igmp-state-limit <limit_integer>
set multicast-routing {enable | disable}
set route-limit <limit_integer>
set route-threshold <threshold_integer>
config interface
edit <interface_name>
set cisco-exclude-genid {enable | disable}
set dr-priority <priority_integer>
set hello-holdtime <holdtime_integer>
set hello-interval <hello_integer>
set neighbour-filter <access_list_name>
set passive {enable | disable}
set pim-mode {sparse-mode | dense-mode}
set propagation-delay <delay_integer>
set rp-candidate {enable | disable}
set rp-candidate-group <access_list_name>
set rp-candidate-interval <interval_integer>
set rp-candidate-priority <priority_integer>
set state-refresh-interval <refresh_integer>
set ttl-threshold <ttl_integer>
end
config join-group
edit address <address_ipv4>
end
config igmp
set access-group <access_list_name>
set immediate-leave-group <access_list_name>
set last-member-query-count <count_integer>
set last-member-query-interval <interval_integer>
set query-interval <interval_integer>
set query-max-response-time <time_integer>
set query-timeout <timeout_integer>

12 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 2 Configuring ZXSEC US Multicast

set router-alert-check { enable | disable }

set version {1 | 2 | 3}
end
end
config pim-sm-global
set accept-register-list <access_list_name>
set bsr-allow-quick-refresh {enable | disable}
set bsr-candidate {enable | disable}
set bsr-priority <priority_integer>
set bsr-interface <interface_name>
set bsr-hash <hash_integer>
set cisco-register-checksum {enable | disable}
set cisco-register-checksum-group <access_list_name>
set cisco-crp-prefix {enable | disable}
set cisco-ignore-rp-set-priority {enable | disable}
set message-interval <interval_integer>
set register-rate-limit <rate_integer>
set register-rp-reachability {enable | disable}
set register-source {disable | interface | ip-address}
set register-source-interface <interface_name>
set register-source-ip <address_ipv4>
set register-suppression <suppress_integer>
set rp-register-keepalive <keepalive_integer>
set spt-threshold {enable | disable}
set spt-threshold-group <access_list_name>
set ssm {enable | disable}
set ssm-range <access_list_name>
config rp-address
edit <rp_id>
set ip-address <address_ipv4>
set group <access_list_name>
end
end

Config Router Multicast

You can configure a ZXSEC US unit to support PIM using the
config router multicast CLI command. When PIM is enabled, the

Confidential and Proprietary Information of ZTE CORPORATION 13

ZXSEC US Multicast Technical Note

ZXSEC US unit allocates memory to manage mapping

information. The ZXSEC US unit communicates with neighboring
PIM routers to acquire mapping information and if required,
processes the multicast traffic associated with specific multicast
groups.

Note:
The end-user multicast client-server applications must be
installed and configured to initiate Internet connections and
handle broadband content such as audio/video information.
Client applications send multicast data by registering IP traffic
with a PIM-enabled router. An end-user could type in a class D
multicast group address, an alias for the multicast group address,
or a call-conference number to initiate the session. Rather than
sending multiple copies of generated IP traffic to more than one
specific IP destination address, PIM-enabled routers encapsulate
the data and use the one multicast group address to forward
multicast packets to multiple destinations. Because one
destination address is used, a single stream of data can be sent.
Client applications receive multicast data by requesting that the
traffic destined for a certain multicast group address be
delivered to them-end-users may use phone books, a menu of
ongoing or future sessions, or some other method through a
user interface to select the address of interest.
A class D address in the 224.0.0.0 to 239.255.255.255 range
may be used as a multicast group address, subject to the rules
assigned by the Internet Assigned Numbers Authority (IANA). All
class D addresses must be assigned in advance. Because there
is no way to determine in advance if a certain multicast group
address is in use, collisions may occur (to resolve this problem,
end-users may switch to a different multicast address).
To configure a PIM domain
1. If you will be using sparse mode, determine appropriate
paths for multicast packets.
2. Make a note of the interfaces that will be PIM-enabled. These
interfaces may run a unicast routing protocol.
3. If you will be using sparse mode and want multicast packets
to be handled by specific (static) RPs, record the IP
addresses of the PIM-enabled interfaces on those RPs.
4. Enable PIM version 2 on all participating routers between the
source and receivers. On ZXSEC US units, use the config
router multicast command to set global operating
parameters.
5. Configure the PIM routers that have good connections
throughout the PIM domain to be candidate BSRs.
6. If sparse mode is enabled, configure one or more of the PIM
routers to be candidate RPs.

14 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 2 Configuring ZXSEC US Multicast

7. If required, adjust the default settings of PIM-enabled

interface(s).

Note:
All keywords are optional.

TABLE 6 ROUTER MULTICAST V ARI ABLES

variables Description Default

If memory consumption is an issue,
specify a limit on the number of
IGMP states (multicast
memberships) that the ZXSEC US
igmp-state- unit will store. The value represents
limit the maximum combined number of
3200
IGMP states (multicast
<limit_integer> memberships) that can be handled
by all interfaces. Traffic associated
with excess IGMP membership
reports is not delivered. The range
is from 96 to 64 000.
multicast-
disable
routing {enable Enable or disable PIM routing.
| disable}
If memory consumption is an issue,
route-limit set a limit on the number of
214748367
multicast routes that can be added
<limit_integer> 4
to the ZXSEC US routing table. The
range is from 1 to 2 147 483 674.
Specify the number of multicast
routes that can be added to the
route-threshold ZXSEC US routing table before a
214748367
<threshold_inte warning message is displayed. The
4
ger> route-threshold value must be lower
than the route-limit value. The
range is from 1 to 2 147 483 674.

Config Interface
Use this subcommand to change interface-related PIM settings,
including the mode of operation (sparse or dense). Global
settings do not override interface-specific settings.

Note:
All keywords are optional.

Confidential and Proprietary Information of ZTE CORPORATION 15

ZXSEC US Multicast Technical Note

TABLE 7 ROUTER MULTICAST V ARI ABLES

variables Description Default

edit Enter the name of the ZXSEC US
<interface_nam interface on which to enable PIM No default.
e> protocols.
This keyword applies only when
pim-mode is sparse-mode.
Enable or disable including a
cisco-exclude- generation ID in hello messages disable
genid sent to neighboring PIM routers. A
GenID value may be included for
compatibility with older Cisco IOS
routers.
This keyword applies only when
pim-mode is sparse-mode.
Assign a priority to ZXSEC US DR
candidacy. The range is from 1 to 4
294 967 294. The value is compared
dr-priority to that of other DR interfaces
<priority_integ connected to the same network 1
er> segment, and the router having the
highest DR priority is selected to be
the DR.
If two DR priority values are the
same, the interface having the
highest IP address is selected.
Specify the amount of time (in
seconds) that a PIM neighbor may
consider the information in a hello
message to be valid.
hello-holdtime The range is from 1 to 65 535.
<holdtime_inte If the hello-interval attribute is 105
ger> modified and the hello-holdtime
attribute has never been set
explicitly, the hello-holdtime
attribute is set to 3.5 x hello-
interval automatically.
Set the amount of time (in seconds)
that the ZXSEC US unit waits
hello-interval between sending hello messages to
neighboring PIM routers. The range
<hello_integer 30
is from 1 to 65 535. Changing the
> hello-interval attribute may update
the hello-holdtime attribute
automatically
Establish or terminate adjacency
neighbour-filter with PIM neighbors having the IP
<access_list_n addresses given in the specified Null.
ame> access list. See “access-list” in the
ZXSEC US CLI Reference.

16 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 2 Configuring ZXSEC US Multicast

variables Description Default

passive {enable Enable or disable PIM

| communications on the interface
disable
without affecting IGMP
disable} communications.
Select the PIM mode of operation:
„ Select sparse-mode to manage
pim-mode
PIM packets through distribution sparse-
{sparse-mode |
trees and multicast groups. mode
dense-mode}
„ Select dense-mode to enable
multicast flooding.

This keyword is available when pim-

mode is set to dense-mode.
propagation-
delay Specify the amount of time (in
milliseconds) that the ZXSEC US 500
<delay_integer
unit waits to send prune-override
>
messages. The range is from 100 to
5 000.
This keyword is available when pim-
rp-candidate mode is set to sparse-mode.
{enable | Enable or disable the ZXSEC US disable
disable} interface to offer Rendezvous Point
(RP) services.
This keyword is available when rp-
candidate is set to enable and pim-
mode is set to sparse-mode.
rp-candidate-
group Specify for which multicast groups
RP candidacy is advertised based on Null.
<access_list_n
the multicast group prefixes given in
ame>
the specified access list. See
“access-list” in the ZXSEC US CLI
Reference.
This keyword is available when rp-
candidate is set to enable and pim-
rp-candidate- mode is set to sparse-mode.
interval Set the amount of time (in seconds) 60
<interval_integ that the ZXSEC US unit waits
er> between sending RP announcement
messages. The range is from 1 to
16 383.

Confidential and Proprietary Information of ZTE CORPORATION 17

ZXSEC US Multicast Technical Note

variables Description Default

This keyword is available when rp-
candidate is set to enable and pim-
mode is set to sparse-mode.
Assign a priority to ZXSEC US RP
candidacy. The range is from 0 to
rp-candidate- 255. The BSR compares the value to
priority that of other RP candidates that can
service the same multicast group, 192
<priority_integ
and the router having the highest
er>
RP priority is selected to be the RP
for that multicast group. If two RP
priority values are the same, the RP
candidate having the highest IP
address on its RP interface is
selected.
This keyword is available when pim-
mode is set to dense-mode.
This attribute is used when the
ZXSEC US unit is connected directly
state-refresh- to the multicast source. Set the
interval amount of time (in seconds) that
the ZXSEC US unit waits between 60
<refresh_integ
sending state-refresh messages.
er>
The range is from 1 to 100. When a
state-refresh message is received
by a downstream router, the prune
state on the downstream router is
refreshed.
Specify the minimum Time-To-Live
(TTL) value (in hops) that an
outbound multicast packet must
ttl-threshold have in order to be forwarded from
the interface. Specifying a high 1
<ttl_integer> value (for example, 195) prevents
PIM packets from being forwarded
through the interface. The range is
from 0 to 255.
config join-group variables

edit address Cause the ZXSEC US interface to

activate (IGMP join) the multicast
<address_ipv4 No default.
group associated with the specified
> multicast group address.
config igmp variables
Specify which multicast groups
access-group hosts on the connected network
segment may join based on the
<access_list_n Null
multicast addresses given in the
ame> specified access list. See “access-
list” in the ZXSEC US CLI Reference.

18 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 2 Configuring ZXSEC US Multicast

variables Description Default

This keyword applies when version
is set to 2 or 3.
Configure a ZXSEC US DR to stop
immediate- sending traffic and IGMP queries to
leave-group receivers after receiving an IGMP Null
<access_list_n version 2 group-leave message from
ame> any member of the multicast groups
identified in the specified access list.
See “access-list” in the ZXSEC US
CLI Reference.
This keyword applies when version
is set to 2 or 3.
last-member-
query-count Specify the number of times that a
ZXSEC US DR sends an IGMP query 2
<count_integer
to the last member of a multicast
>
group after receiving an IGMP
version 2 group-leave message.
This keyword applies when version
is set to 2 or 3.
Set the amount of time (in
milliseconds) that a ZXSEC US DR
waits for the last member of a
last-member- multicast group to respond to an
query- IGMP query. The range is from 1000
interval to 25 500. If no response is 1000
<interval_integ received before the specified time
er> expires and the ZXSEC US DR has
already sent an IGMP query last-
member-query-count times, the
ZXSEC US DR removes the member
from the group and sends a prune
message to the associated RP.
Set the amount of time (in seconds)
query-interval that a ZXSEC US DR waits between
sending IGMP queries to determine
<interval_integ 125
which members of a multicast group
er> are active. The range is from 1 to
65 535.
Set the maximum amount of time
(in seconds) that a ZXSEC US DR
waits for a member of a multicast
query-max- group to respond to an IGMP query.
response-time The range is from 1 to 25. If no 10
<time_integer> response is received before the
specified time expires, the ZXSEC
US DR removes the member from
the group.

Confidential and Proprietary Information of ZTE CORPORATION 19

ZXSEC US Multicast Technical Note

variables Description Default

Set the amount of time (in seconds)
that must expire before a ZXSEC US
unit begins sending IGMP queries to
the multicast group that is managed
query-timeout
through the interface. The range is
<timeout_integ from 60 to 300. A ZXSEC US unit 255
er> begins sending IGMP queries
if it does not receive regular IGMP
queries from another DR through
the interface.
router-alert-
check { Enable to require the Router Alert
disabled
enable | option in IGMP packets.
disable }
Specify the version number of IGMP
to run on the interface.
version {1 | 2 | The value can be 1, 2, or 3. The
3
3} value must match the version
used by all other PIM routers on the
connected network segment.

Config Pim-sm-global
These global settings apply only to sparse mode PIM-enabled
interfaces. Global PIM settings do not override interface-specific
PIM settings.
If sparse mode is enabled, you can configure a DR to send
multicast packets to a particular RP by specifying the IP address
of the RP through the config rp-address subcommand. The IP
address must be directly accessible to the DR. If multicast
packets from more than one multicast group can pass through
the same RP, you can use an access list to specify the associated
multicast group addresses.

Note:
To send multicast packets to a particular RP using the config rp-
address subcommand, the ip-address keyword is required. All
other keywords are optional.

TABLE 8 GLOBAL VARIABLES

variables Description Default

Cause a ZXSEC US RP to accept or
accept-register- deny register packets from the
list source IP addresses given in the
Null.
<access_list_nam specified access list. See “access-
e> list” in the ZXSEC US CLI
Reference.

20 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 2 Configuring ZXSEC US Multicast

variables Description Default

bsr-allow-quick- Enable or disable accepting bsr
refresh quick refresh packets from disable
{enable | disable} neighbors.

bsr-candidate Enable or disable the ZXSEC US

{enable | unit to offer its services as a Boot
disable
Strap Router (BSR) when
disable} required.
This keyword is available when
bsr-candidate is set to enable.
Assign a priority to ZXSEC US BSR
candidacy. The range is from 0 to
bsr-priority 255. The value is compared to
that of other BSR candidates and 0
<priority_integer
the candidate having the highest
>
priority is selected to be the BSR.
If two BSR priority values are the
same, the BSR candidate having
the highest IP address on its BSR
interface is selected.
This keyword is available when
bsr-candidate is set to enable.
bsr-interface
Specify the name of the PIM- Null.
<interface_name
enabled interface through which
>
the ZXSEC US unit may announce
BSR candidacy.
This keyword is available when
bsr-candidate is set to enable.
Set the length of the mask (in
bits) to apply to multicast group
addresses in order to derive a
bsr-hash single Rendezvous Point (RP) for
one or more multicast groups. The 10
<hash_integer>
range is from 0 to 32. For
example, a value of 24 means
that the first 24 bits of the group
address are significant. All
multicast groups having the same
seed hash belong to the same RP.
Enable or disable a ZXSEC US RP
that has a group prefix number of
0 to communicate with a Cisco
cisco-crp-prefix
BSR. You may choose to enable disable
{enable | disable}
the attribute if required for
compatibility with older Cisco
BSRs.
Enable or disable a ZXSEC US BSR
to recognize Cisco RP-SET priority
cisco-ignore-rp- values when deriving a single RP
set-priority for one or more multicast groups. disable
{enable | disable} You may choose to enable the
attribute if required for
compatibility with older Cisco RPs.

Confidential and Proprietary Information of ZTE CORPORATION 21

ZXSEC US Multicast Technical Note

variables Description Default

Enable or disable performing a
register checksum on entire PIM
cisco-register- packets. A register checksum is
checksum performed on the header only by
disable
default. You may choose to enable
{enable | disable} register checksums on the whole
packet for compatibility with older
Cisco IOS routers.
This keyword is available when
cisco-register-checksum is set to
enable.
Identify on which PIM packets to
cisco-register- perform a whole-packet register
checksum- checksum based on the multicast
group group addresses in the specified Null.
<access_list_nam access list. See “access-list” in the
e> ZXSEC US CLI Reference. You
may choose to enable register
checksums on entire PIM packets
for compatibility with older Cisco
IOS routers.
Set the amount of time (in
seconds) that the ZXSEC US unit
waits between sending periodic
message-interval PIM join/prune messages (sparse
mode) or prune messages (dense
<interval_integer 60
mode). The value must be
> identical to the message interval
value set on all other PIM routers
in the PIM domain. The range is
from 1 to 65 535.
Set the maximum number of
register messages per (S,G) per
second that a ZXSEC US DR can
register-rate-limit send for each PIM entry in the
0
<rate_integer> routing table. The range is from 0
to 65 535, where 0 means an
unlimited number of register
messages per second.

register-rp- Enable or disable a ZXSEC US DR

reachability to check if an RP is accessible
enable
prior to sending register
{enable | disable} messages.

22 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 2 Configuring ZXSEC US Multicast

variables Description Default

If the ZXSEC US unit acts as a DR,
enable or disable changing the IP
source address of outbound
register packets to one of the
following IP addresses. The IP
address must be accessible to the
RP so that the RP can respond to
the IP address with a Register-
Stop message:
To retain the IP address of the
register-source
ZXSEC US DR interface that faces
{disable
the RP, select disable. ip-address
| interface | ip-
To change the IP source address
address}
of a register packet to the IP
address of a particular ZXSEC US
interface, select interface. The
register-source-interface attribute
specifies the interface name.
To change the IP source address
of a register packet to a particular
IP address, select ip-address. The
register-source-ip attribute
specifies the IP address.
register-source- This keyword is available when
interface register-source is set to interface.
Null.
<interface_name Enter the name of the ZXSEC US
> interface.
This keyword is available when
register-source-ip register-source is set to address.
0.0.0.0
<address_ipv4> Enter the IP source address to
include in the register message.
Enter the amount of time (in
register- seconds) that a ZXSEC US DR
suppression waits to start sending data to an
60
<suppress_intege RP after receiving a Register-Stop
r> message from the RP. The range
is from 1 to 65 535.
If the ZXSEC US unit acts as an
RP, set the frequency (in seconds)
with which the ZXSEC US unit
sends keepalive messages to a
DR. The range is from 1 to 65
535. The two routers exchange
keepalive messages to maintain a
rp-register-
link for as long as the source
keepalive
continues to generate traffic. 185
<keepalive_integ
If the register-suppression
er>
attribute is modified on the RP
and the rp-register-keepalive
attribute has never been set
explicitly, the rp-register-
keepalive attribute is set to (3 x
register-suppression) + 5
automatically.

Confidential and Proprietary Information of ZTE CORPORATION 23

ZXSEC US Multicast Technical Note

variables Description Default

spt-threshold Enable or disable the ZXSEC US

{enable | unit to build a Shortest Path
enable
enable Tree (SPT) for forwarding
disable} multicast packets.
This keyword is available when
spt-threshold is set to enable.
spt-threshold-
group Build an SPT only for the multicast
group addresses given in the Null.
<access_list_nam
specified access list. See “access-
e>
list” in the ZXSEC US CLI
Reference.
This keyword is available when
the IGMP version is set to 3.
ssm {enable |
Enable or disable Source Specific enable
disable}
Multicast (SSM) interactions (see
RFC 3569).
This keyword is available when
ssm is set to enable.
Enable SSM only for the multicast
ssm-range addresses given in the specified
access list. See “access-list” in the Null.
<access_list_nam
ZXSEC US CLI Reference. By
e>
default, multicast addresses in the
232.0.0.0 to 232.255.255.255
(232/8) range are used to support
SSM interactions.
config rp-address Applies only when pim-mode is
No default.
variables sparse-mode.
Enter an ID number for the static
RP address entry. The number
edit <rp_id> must be an integer. No default. ip- 0.0.0.0
address <address_ipv4> Specify a
static IP address for the RP.
Configure a single static RP for the
multicast group addresses given
in the specified access list. See
group “access-list” in the ZXSEC US CLI
<access_list_nam Reference. If an RP for any of Null.
e> these group addresses is already
known to the BSR, the static RP
address is ignored and the RP
known to the BSR is used instead.

Example

This example shows how to enable a ZXSEC US unit to support

PIM routing in sparse mode and enable BSR candidacy on the
dmz interface:
config router multicast
set multicast-routing enable

24 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 2 Configuring ZXSEC US Multicast

config interface
edit dmz
set pim-mode sparse-mode
end
end
config pim-sm-global
set bsr-candidate enable
set bsr-priority 1
set bsr-interface dmz
set bsr-hash 24
end
This example shows how to enable RP candidacy on the port1
interface for the multicast group addresses given through an
access list named multicast_port1:
config router multicast
set multicast-routing enable
config interface
edit port1
set pim-mode sparse-mode
set rp-candidate enable
set rp-candidate-group multicast_port1
set rp-candidate-priority 15
end
end

Confidential and Proprietary Information of ZTE CORPORATION 25

ZXSEC US Multicast Technical Note

This page is intentionally blank.

26 Confidential and Proprietary Information of ZTE CORPORATION

Chapter 3

Multicast Routing
Example

This chapter contains the following multicast routing

configuration examples and information:
„ Example ZXSEC US PIM-SM configuration using a static RP
„ ZXSEC US PIM-SM debugging examples
„ Example multicast destination NAT (DNAT) configuration
„ Example PIM configuration that uses BSR to find the RP

Confidential and Proprietary Information of ZTE CORPORATION 27

ZXSEC US Multicast Technical Note

FIGURE 2 EXAMPLE ZXSEC US PIM-SM TOPOLOGY

Example ZXSEC US PIM-

SM Configuration using a
Static RP
The example Protocol Independent Multicast Sparse Mode (PIM-
SM) configuration shown in Figure 2 has been tested for
multicast interoperability using PIM-SM between Cisco 3750
switches running 12.2 and a ZXSEC US-1300 running US OS
v3.0 MR5 patch 1. In this configuration, the receiver receives the
multicast stream when it joins the group 233.254.200.1.
The configuration uses a statically configured rendezvous point
(RP) which resides on the Cisco_3750_1. Using a bootstrap
router (BSR) was not tested in this example. See “Example PIM

28 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

configuration that uses BSR to find the RP” for an example that
uses a BSR.

Configuration Steps
The following procedures show how to configure the multicast
configuration settings for the devices in the example
configuration.
„ Cisco_3750_1 router configuration
„ Cisco_3750_2 router configuration
„ To configure the ZXSEC US-1300 unit
„ Cisco_3750_3 router configuration
Cisco_3750_1 router configuration
version 12.2
!
hostname Cisco-3750-1
!
switch 1 provision ws-c3750-24ts
ip subnet-zero
ip routing
!
ip multicast-routing distributed
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface Loopback0
ip address 169.254.100.1 255.255.255.255
!
interface FastEthernet1/0/23
switchport access vlan 182
switchport mode access
!
interface FastEthernet1/0/24
switchport access vlan 172
switchport mode access
!

Confidential and Proprietary Information of ZTE CORPORATION 29

ZXSEC US Multicast Technical Note

interface Vlan172
ip address 10.31.138.1 255.255.255.0
ip pim sparse-mode
ip igmp query-interval 125
ip mroute-cache distributed
!
interface Vlan182
ip address 169.254.82.250 255.255.255.0
ip pim sparse-mode
ip mroute-cache distributed
!
ip classless
ip route 0.0.0.0 0.0.0.0 169.254.82.1
ip http server
Example ZXSEC US PIM-SM configuration using a static RP
ip pim rp-address 169.254.100.1 Source-RP
!
!
ip access-list standard Source-RP
permit 233.254.200.0 0.0.0.255
Cisco_3750_2 router configuration
version 12.2
!
hostname Cisco-3750-2
!
switch 1 provision ws-c3750-24ts
ip subnet-zero
ip routing
!
ip multicast-routing distributed
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface FastEthernet1/0/23
switchport access vlan 138
switchport mode access

30 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

!
interface FastEthernet1/0/24
switchport access vlan 182
switchport mode access
!
interface Vlan138
ip address 10.31.138.250 255.255.255.0
ip pim sparse-mode
ip mroute-cache distributed
!
interface Vlan182
ip address 169.254.82.1 255.255.255.0
ip pim sparse-mode
ip mroute-cache distributed
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.31.138.253
ip route 169.254.100.1 255.255.255.255 169.254.82.250
ip http server
ip pim rp-address 169.254.100.1 Source-RP
!
!
ip access-list standard Source-RP
permit 233.254.200.0 0.0.0.255
To configure the ZXSEC US-1300 unit
1. Configure the internal and external interfaces.
config system interface
edit "internal"
set vdom "root"
set ip 10.31.130.1 255.255.255.0
set allowaccess ping https
set type physical
next
edit "external"
set vdom "root"
set ip 10.31.138.253 255.255.255.0
set allowaccess ping
set type physical

Confidential and Proprietary Information of ZTE CORPORATION 31

ZXSEC US Multicast Technical Note

end
end
2. Add a firewall address for the RP.
config firewall address
edit "RP"
set subnet 169.254.100.1/32
end
3. Add standard firewall policies to allow traffic to reach the RP.
config firewall policy
edit 1
set srcintf "internal"
set dstintf "external"
set srcaddr "all"
set dstaddr "RP"
set action accept
set schedule "always"
set service "ANY"
next
edit 2
set srcintf "external"
set dstintf "internal"
set srcaddr "RP"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
end
4. Add the multicast firewall policy.
config firewall multicast-policy
edit 1
set dstaddr 233.254.200.0 255.255.255.0
set dstintf "internal"
set srcaddr 169.254.82.0 255.255.255.0
set srcintf "external"
end
5. Add an access list.
config router access-list
edit "Source-RP"

32 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

config rule
edit 1
set prefix 233.254.200.0 255.255.255.0
set exact-match disable
next
end
6. Add some static routes.
config router static
edit 1
set device "internal"
set gateway 10.31.130.250
next
edit 2
set device "external"
set dst 169.254.0.0 255.255.0.0
set gateway 10.31.138.250
next
7. Configure multicast routing.
config router multicast
config interface
edit "internal"
set pim-mode sparse-mode
config igmp
set version 2
end
next
edit "external"
set pim-mode sparse-mode
config igmp
set version 2
end
next
end
set multicast-routing enable
config pim-sm-global
config rp-address
edit 1
set ip-address 169.254.100.1

Confidential and Proprietary Information of ZTE CORPORATION 33

ZXSEC US Multicast Technical Note

set group "Source-RP"

next
Cisco_3750_3 router configuration
version 12.2
!
hostname Cisco-3750-3
!
switch 1 provision ws-c3750-24ts
ip subnet-zero
ip routing
!
ip multicast-routing distributed
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface FastEthernet1/0/23
switchport access vlan 128
switchport mode access
!
interface FastEthernet1/0/24
switchport access vlan 130
switchport mode access
!
interface Vlan128
ip address 10.31.128.130 255.255.255.252
ip pim sparse-mode
ip mroute-cache distributed
!
interface Vlan130
ip address 10.31.130.250 255.255.255.0
ip pim sparse-mode
ip mroute-cache distributed
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.31.130.1
ip http server

34 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

ip pim rp-address 169.254.100.1 Source-RP

!
!
ip access-list standard Source-RP
permit 233.254.200.0 0.0.0.255

ZXSEC US PIM-SM
Debugging Examples
Using the example topology shown in Figure 3 you can trace the
multicast streams and states within the three ZXSEC US units
(US-1, US-2, and US-3) using the debug commands described in
this section. The command output in this section is taken from
ZXSEC US unit running US OS v3.0 MR5 patch 1 when the
multicast stream is flowing correctly from source to receiver.

FIGURE 3 PIM-SM DEBUGGING TOPOLOGY

Confidential and Proprietary Information of ZTE CORPORATION 35

ZXSEC US Multicast Technical Note

Checking that the Receiver has

joined the Required Group
From the last hop router, US-3, you can use the following
command to check that the receiver has correctly joined the
required group.
US-3 # get router info multicast igmp groups

TABLE 9 IGMP CONNECTED GROUP MEMBERSHIP

Group Last
Interface Uptime Expires
Address Reporter
239.255.2
port3 00:31:15 00:04:02 10.167.0.62
55.1

Only 1 receiver is displayed for a particular group, this is the

device that responded to the IGMP query request from the US-
3. If a receiver is active the expire time should drop to
approximately 2 minutes before being refreshed.

Checking the PIM-SM Neighbors

Next the PIM-SM neighbors should be checked. A PIM router
becomes a neighbor when the PIM router receives a PIM hello.
Use the following command to display the PIM-SM neighbors of
US-3.

TABLE 10 US-3 # GET ROUTER INFO MULTICAST PIM SPARSE-MODE

NEIGHBOUR

Neighbor Uptime/
Interface Ver DR Priority/Mode
Address Expires
10.132.0. 01:57:12/
port2 v2 1/
156 00:01:33

Checking that the PIM Router can

reach the RP
The rendezvous point (RP) must be reachable for the PIM router
(US-3) to be able to send the *,G join to request the stream.
This can be checked for US-3 using the following command:
US-3 # get router info multicast pim sparse-mode rp-mapping
PIM Group-to-RP Mappings
Group(s): 224.0.0.0/4, Static

36 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

RP: 192.168.1.1
Uptime: 07:23:00

Viewing the Multicast Routing Table

(US-3)
The US-3 unicast routing table can be used to determine the
path taken to reach the RP at 192.168.1.1. You can then check
the stream state entries using the following commands:
US-3 # get router info multicast pim sparse-mode table
IP Multicast Routing Table
(*,*,RP) Entries: 0
(*,G) Entries: 1
(S,G) Entries: 1
(S,G,rpt) Entries: 1
FCR Entries: 0

TABLE 11 STREAM STATES

Entries State
(*,*,RP) This state may be reached by general joins for all
Entries groups served by a specified RP
State that maintains a source-specific tree for source
(*,G) Entries
S and group G.
(S,G) Entries State that maintains the RP tree for a given group.
State that maintains source-specific information
(S,G,rpt) about source s on the RP tree for G. For example, if
a source is being received on the source-specific
Entries tree, it will normally have been pruned off the RP
tree.
The FCR state entries are for tracking the sources in
the <*, G> when <S, G> is not available for any
FCR
reason, the stream would typically be flowing when
this state exists.

Breaking down each entry in detail:

(*, 239.255.255.1)
RP: 192.168.1.1
RPF nbr: 10.132.0.156
RPF idx: port2
Upstream State: JOINED
Local:
port3

Confidential and Proprietary Information of ZTE CORPORATION 37

ZXSEC US Multicast Technical Note

Joined:
Asserted:
FCR:
The RP will always be listed in a *,G entry, the RPF neighbor and
interface index will also be shown.
In this topology these are the same in all downstream PIM
routers. The state is active so the upstream state is joined.
In this case US-3 is the last hop router so the IGMP join is
received locally on port3. There is no PIM outgoing interface
listed for this entry as it is used for the upstream PIM join.
(10.166.0.11, 239.255.255.1)
RPF nbr: 10.132.0.156
RPF idx: port2
SPT bit: 1
Upstream State: JOINED
Local:
Joined:
Asserted:
Outgoing:
port3
This is the entry for the SPT, no RP IS listed. The S,G stream will
be forwarded out of the stated outgoing interface.
(10.166.0.11, 239.255.255.1, rpt)
RP: 192.168.1.1
RPF nbr: 10.132.0.156
RPF idx: port2
Upstream State: NOT PRUNED
Local:
Pruned:
Outgoing:
The above S,G,RPT state is created for all streams that have
both a S,G and a *,G entry on the router. This is not pruned in
this case because of the topology, the RP and source are
reachable over the same interface.
Although not seen in this scenario, assert states may be seen
when multiple PIM routers exist on the same LAN which can lead
to more than one upstream router having a valid forwarding
state. Assert messages are used to elect a single forwarder from
the upstream devices.

38 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

Viewing the PIM Next-hop Table

The PIM next-hop table is also very useful for checking the
various states, it can be used to quickly identify the states of
multiple multicast streams

TABLE 12 US-3 # GET ROUTER INFO MULTICAST PIM SPARSE-MODE NEXT-

HOP

Destination 10.166.0.11 192.168.1.1

Type S R
Nexthop Num 1 1
Nexthop Addr 10.132.0.156 10.132.0.156
Nexthop Ifindex 9 9
Metric 21 111
Pref 110 110
Refcnt 3 2

Flags: N = New, R = RP, S = Source, U = Unreachable

Viewing the PIM Multicast

Forwarding Table
Also you can check the multicast forwarding table showing the
ingress and egress ports of the multicast stream.
US-3 # get router info multicast table
IP Multicast Routing Table
Flags: I - Immediate Stat, T - Timed Stat, F - Forwarder installed
Timers: Uptime/Stat Expiry
Interface State: Interface (TTL threshold)
(10.166.0.11, 239.255.255.1), uptime 04:02:55, stat expires 00:02:25
Owner PIM-SM, Flags: TF
Incoming interface: port2
Outgoing interface list:
port3 (TTL threshold 1)

Viewing the Kernel Forwarding Table

Also the kernel forwarding table can be verified, however this
should give similar information to the above command:

Confidential and Proprietary Information of ZTE CORPORATION 39

ZXSEC US Multicast Technical Note

US-3 # diag ip multicast mroute

grp=239.255.255.1
src=10.166.0.11 intf=9 flags=(0x10000000)[ ]
status=resolved
last_assert=2615136
bytes=1192116 pkt=14538 wrong_if=0 num_ifs=1
index(ttl)=[6(1),]

Viewing the Multicast Routing Table

(US-2)
If you check the output on US-2 there are some small
differences:
US-2 # get router info multicast pim sparse-mode table
IP Multicast Routing Table
(*,*,RP) Entries: 0
(*,G) Entries: 1
(S,G) Entries: 1
(S,G,rpt) Entries: 1
FCR Entries: 0
(*, 239.255.255.1)
RP: 192.168.1.1
RPF nbr: 0.0.0.0
RPF idx: None
Upstream State: JOINED
Local:
Joined:
external
Asserted:
FCR:
The *,G entry now has a joined interface rather than local
because it has received a PIM join from US-3 rather than a local
IGMP join.
(10.166.0.11, 239.255.255.1)
RPF nbr: 10.130.0.237
RPF idx: internal
SPT bit: 1
Upstream State: JOINED

40 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

Local:
Joined:
external
Asserted:
Outgoing:
external
The S,G entry shows that we have received a join on the
external interface and the stream is being forwarded out of this
interface.
(10.166.0.11, 239.255.255.1, rpt)
RP: 192.168.1.1
RPF nbr: 0.0.0.0
RPF idx: None
Upstream State: PRUNED
Local:
Pruned:
Outgoing:
External
The S,G,RPT is different from US-3 because US-2 is the RP, it
has pruned back the SPT for the RP to the first hop router.

Viewing the Multicast Routing Table

(US-1)
US-1 again has some differences with regard to the PIM-SM
states, there is no *,G entry because it is not in the path of a
receiver and the RP.
US-1_master # get router info multicast pim sparse-mode table
IP Multicast Routing Table
(*,*,RP) Entries: 0
(*,G) Entries: 0
(S,G) Entries: 1
(S,G,rpt) Entries: 1
FCR Entries: 0
Below the S,G is the SPT termination because this ZXSEC US
unit is the first hop router, the RPF neighbor always shows as
0.0.0.0 because the source is local to this device. Both the
joined and outgoing fields show as external because the PIM join
and the stream is egressing on this interface.
(10.166.0.11, 239.255.255.1)

Confidential and Proprietary Information of ZTE CORPORATION 41

ZXSEC US Multicast Technical Note

RPF nbr: 0.0.0.0

RPF idx: None
SPT bit: 1
Upstream State: JOINED
Local:
Joined:
external
Asserted:
Outgoing:
external
The stream has been pruned back from the RP because the end-
to-end SPT is flowing, there is no requirement for the stream to
be sent to the RP in this case.
(10.166.0.11, 239.255.255.1, rpt)
RP: 0.0.0.0
RPF nbr: 10.130.0.156
RPF idx: external
Upstream State: RPT NOT JOINED
Local:
Pruned:
Outgoing:

Example Multicast
Destination NAT (DNAT)
Configuration
The example topology shown in Figure 4 and described below
shows how to configure destination
NAT (DNAT) for two multicast streams. Both of these streams
originate from the same source IP address, which is 10.166.0.11.
The example configuration keeps the streams separate by
creating 2 multicast NAT policies.
In this example the ZXSEC US units in Figure 4 have the
following roles:
„ US-1 is the RP for dirty networks, 233.0.0.0/8.
„ US-2 performs all firewall and DNAT translations.
„ US-3 is the RP for the clean networks, 239.254.0.0/16.

42 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

US-1 and US-3 are functioning as PM enabled routers and could

be replaced can be any PIM enabled router.
This example only describes the configuration of US-2.
US-2 performs NAT so that the receivers connected to US-3
receive the following translated multicast streams.
„ If the multicast source sends multicast packets with a source
and destination IP of 10.166.0.11 and 233.2.2.1; US-3
translates the source and destination IPs to 192.168.20.1
and 239.254.1.1
„ If the multicast source sends multicast packets with a source
and destination IP of 10.166.0.11 and 233.3.3.1; US-3
translates the source and destination IPs to 192.168.20.10
and 239.254.3.1

FIGURE 4 EXAMPLE MULTICAST DN AT TOPOLOGY

To configure US-2 for DNAT multicast

1. Add a loopback interface. In the example, the loopback
interface is named loopback.
config system interface
edit "loopback"
set vdom "root"
set ip 192.168.20.1 255.255.255.0
set type loopback

Confidential and Proprietary Information of ZTE CORPORATION 43

ZXSEC US Multicast Technical Note

next
end
2. Add PIM and add a unicast routing protocol to the loopback
interface as if it was a normal routed interface. Also add
static joins to the loopback interface for any groups to be
translated.
config router multicast
config interface
edit "loopback"
set pim-mode sparse-mode
config join-group
edit 233.2.2.1
next
edit 233.3.3.1
next
end
next
3. In this example, to add firewall multicast policies, different
source IP addresses are required so you must first add an IP
pool:
config firewall ippool
edit "Multicast_source"
set endip 192.168.20.20
set interface "port6"
set startip 192.168.20.10
next
end
4. Add the translation firewall policies.
Policy 2, which is the source NAT policy, uses the actual IP
address of port6. Policy 1, the DNAT policy, uses an address
from the IP pool.
config firewall multicast-policy
edit 1
set dnat 239.254.3.1
set dstaddr 233.3.3.1 255.255.255.255
set dstintf "loopback"
set nat 192.168.20.10
set srcaddr 10.166.0.11 255.255.255.255
set srcintf "port6"
next

44 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

edit 2
set dnat 239.254.1.1
set dstaddr 233.2.2.1 255.255.255.255
set dstintf "loopback"
set nat 192.168.20.1
set srcaddr 10.166.0.11 255.255.255.255
set srcintf "port6"
next
5. Add a firewall multicast policy to forward the stream from
the loopback interface to the physical outbound interface.
This example is an any/any policy that makes sure traffic
accepted by the other multicast policies can exit the ZXSEC
US unit.
config firewall multicast-policy
edit 3
set dstintf "port7"
set srcintf "loopback"
next

Example PIM Configuration

that uses BSR to find the RP
This example shows how to configure a multicast routing
network for a network consisting of 4 ZXSEC US900 units
(ZXSEC US900_1 to ZXSEC US900_4, see Figure 5). A multicast
sender is connected to ZXSEC US900_2. ZXSEC US900_2
forwards multicast packets in two directions to reach Receiver 1
and Receiver 2.
The configuration uses a Boot Start Router (BSR) to find the
Rendezvous Points (RPs) instead of using static RPs. Under
interface configuration, the loopback interface lo0 must join the
236.1.1.1 group (source).
This example describes:
„ Commands used in this example
„ Configuration steps
„ Example debug commands

Confidential and Proprietary Information of ZTE CORPORATION 45

ZXSEC US Multicast Technical Note

FIGURE 5 PIM NETWORK TOPOLOGY USING BSR TO FIND THE RP

Commands Used in this Example

This example uses CLI commands for the following configuration
settings:
„ Adding a loopback interface (lo0)
„ Defining the multicast routing
„ Adding the NAT multicast policy

Adding a Loopback Interface (lo0)

Where required, the following command is used to define a

loopback interface named lo0.
config system interface
edit "lo0"
set vdom "root"
set ip 1.4.50.4 255.255.255.255
set allowaccess ping https ssh snmp http telnet
set type loopback
next
end

46 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

Defining the Multicast Routing

In this example, the following command syntax is used to define

multicast routing. The example uses a Boot Start Router (BSR)
to find the Rendezvous Points (RPs) instead of using static RPs.
Under interface configuration, the loopback interface lo0 must
join the 236.1.1.1 group (source).
config router multicast
config interface
edit "port6"
set pim-mode sparse-mode
next
edit "port1"
set pim-mode sparse-mode
next
edit "lo0"
set pim-mode sparse-mode
set rp-candidate enable
config join-group
edit 236.1.1.1
next
end
set rp-candidate-priority 1
next
end
set multicast-routing enable
config pim-sm-global
set bsr-allow-quick-refresh enable
set bsr-candidate enable
set bsr-interface "lo0"
set bsr-priority 200
end
end

Adding the NAT Multicast Policy

In this example, the incoming multicast policy does the address

translation. The NAT address should be the same as the IP
address of the of loopback interface. The DNAT address is the
translated address, which should be a new group.

Confidential and Proprietary Information of ZTE CORPORATION 47

ZXSEC US Multicast Technical Note

config firewall multicast-policy

edit 1
set dstintf "port6"
set srcintf "lo0"
next
edit 2
set dnat 238.1.1.1
set dstintf "lo0"
set nat 1.4.50.4
set srcintf "port1"
next

Configuration Steps
Example PIM configuration that uses BSR to find the RP
In this sample, ZXSEC US900_1 is the RP for the group
228.1.1.1, 237.1.1.1, 238.1.1.1, and
ZXSEC US900_4 is the RP for the other group which has a
priority of1. OSPF is used in this example to distribute routes
including the loopback interface. All firewalls have full mesh
firewall policies to allow any to any.
„ In the ZXSEC US900_1 configuration, the NAT policy
translates source address 236.1.1.1 to 237.1.1.1
„ In the ZXSEC US900_4, configuration, the NAT policy
translates source 236.1.1.1 to 238.1.1.1
„ Source 236.1.1.1 is injected into network as well.
The following procedures include the CLI commands for
configuring each of the ZXSEC US units in the example
configuration.
To configure ZXSEC US900_1
1. Configure multicast routing.
config router multicast
config interface
edit "port5"
set pim-mode sparse-mode
next
edit "port4"
set pim-mode sparse-mode
next
edit "lan"

48 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

set pim-mode sparse-mode

next
edit "port1"
set pim-mode sparse-mode
next
edit "lo999"
set pim-mode sparse-mode
next
edit "lo0"
set pim-mode sparse-mode
set rp-candidate enable
set rp-candidate-group "1"
next
end
set multicast-routing enable
config pim-sm-global
set bsr-candidate enable
set bsr-interface "lo0"
end
end
2. Add multicast firewall policies.
config firewall multicast-policy
edit 1
set dstintf "port5"
set srcintf "port4"
next
edit 2
set dstintf "port4"
set srcintf "port5"
next
edit 3
next
end
3. Add router access lists.
config router access-list
edit "1"
config rule
edit 1

Confidential and Proprietary Information of ZTE CORPORATION 49

ZXSEC US Multicast Technical Note

set prefix 228.1.1.1 255.255.255.255

set exact-match enable
next
edit 2
set prefix 237.1.1.1 255.255.255.255
set exact-match enable
next
edit 3
set prefix 238.1.1.1 255.255.255.255
set exact-match enable
next
end
next
end
To configure ZXSEC US900_2
1. Configure multicast routing.
config router multicast
config interface
edit "lan"
set pim-mode sparse-mode
next
edit "port5"
set pim-mode sparse-mode
next
edit "port2"
set pim-mode sparse-mode
next
edit "port4"
set pim-mode sparse-mode
next
edit "lo_5"
set pim-mode sparse-mode
config join-group
edit 236.1.1.1
next
end
next
end

50 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

set multicast-routing enable

end
2. Add multicast firewall policies.
config firewall multicast-policy
edit 1
set dstintf "lan"
set srcintf "port5"
next
edit 2
set dstintf "port5"
set srcintf "lan"
next
edit 4
set dstintf "lan"
set srcintf "port2"
next
edit 5
set dstintf "port2"
set srcintf "lan"
next
edit 7
set dstintf "port1"
set srcintf "port2"
next
edit 8
set dstintf "port2"
set srcintf "port1"
next
edit 9
set dstintf "port5"
set srcintf "port2"
next
edit 10
set dstintf "port2"
set srcintf "port5"
next
edit 11
set dnat 237.1.1.1

Confidential and Proprietary Information of ZTE CORPORATION 51

ZXSEC US Multicast Technical Note

set dstintf "lo_5"

set nat 5.5.5.5
set srcintf "port2"
next
edit 12
set dstintf "lan"
set srcintf "lo_5"
next
edit 13
set dstintf "port1"
set srcintf "lo_5"
next
edit 14
set dstintf "port5"
set srcintf "lo_5"
next
edit 15
set dstintf "port2"
set srcintf "lo_5"
next
edit 16
next
end
To configure ZXSEC US900_3
1. Configure multicast routing.
config router multicast
config interface
edit "port5"
set pim-mode sparse-mode
next
edit "port6"
set pim-mode sparse-mode
next
edit "lo0"
set pim-mode sparse-mode
set rp-candidate enable
set rp-candidate-priority 255
next

52 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

edit "lan"
set pim-mode sparse-mode
next
end
set multicast-routing enable
config pim-sm-global
set bsr-candidate enable
set bsr-interface "lo0"
end
end
2. Add multicast firewall policies.
config firewall multicast-policy
edit 1
set dstintf "port5"
set srcintf "port6"
next
edit 2
set dstintf "port6"
set srcintf "port5"
next
edit 3
set dstintf "port6"
set srcintf "lan"
next
edit 4
set dstintf "lan"
set srcintf "port6"
next
edit 5
set dstintf "port5"
set srcintf "lan"
next
edit 6
set dstintf "lan"
set srcintf "port5"
next
end
To configure ZXSEC US900_4

Confidential and Proprietary Information of ZTE CORPORATION 53

ZXSEC US Multicast Technical Note

1. Configure multicast routing.

config router multicast
config interface
edit "port6"
set pim-mode sparse-mode
next
edit "lan"
set pim-mode sparse-mode
next
edit "port1"
set pim-mode sparse-mode
next
edit "lo0"
set pim-mode sparse-mode
set rp-candidate enable
config join-group
edit 236.1.1.1
next
end
set rp-candidate-priority 1
next
end
set multicast-routing enable
config pim-sm-global
set bsr-allow-quick-refresh enable
set bsr-candidate enable
set bsr-interface "lo0"
set bsr-priority 1
end
end
2. Add multicast firewall policies.
config firewall policy
edit 1
set srcintf "lan"
set dstintf "port6"
set srcaddr "all"
set dstaddr "all"
set action accept

54 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

set schedule "always"

set service "ANY"
next
edit 2
set srcintf "port6"
set dstintf "lan"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
next
edit 3
set srcintf "port1"
set dstintf "port6"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
next
edit 4
set srcintf "port6"
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
next
edit 5
set srcintf "port1"
set dstintf "lan"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"

Confidential and Proprietary Information of ZTE CORPORATION 55

ZXSEC US Multicast Technical Note

next
edit 6
set srcintf "lan"
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
next
edit 7
set srcintf "port1"
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
next
edit 8
set srcintf "port6"
set dstintf "lo0"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
next
edit 9
set srcintf "port1"
set dstintf "lo0"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
next
edit 10

56 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

set srcintf "lan"

set dstintf "lo0"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
next
end

Example Debug Commands

You can use the following CLI commands to view information
about and status of the multicast configuration. This section
includes get and diagnose commands and some sample output.
get router info multicast pim sparse-mode table 236.1.1.1

TABLE 13 GET ROUTER INFO MULTICAST PIM SPARSE-MODE NEIGHBOUR

Neighbor Uptime/ DR
Interface Ver
Address Expires Priority/Mode

02:22:01/
83.97.1.2 port6 v2 1 / DR
00:01:44

diagnose ip multicast mroute

grp=236.1.1.1
src=19.2.1.1
intf=7
flags=(0x10000000)[ ]
status=resolved
last_assert=171963
bytes=1766104
pkt=1718
wrong_if=1
num_ifs=2
index(ttl)=[6(1),10(1),]
grp=236.1.1.1
src=1.4.50.4
intf=10 flags=(0x10000000)[ ]
status=resolved
last_assert=834864

Confidential and Proprietary Information of ZTE CORPORATION 57

ZXSEC US Multicast Technical Note

bytes=4416
pkt=138
wrong_if=0
num_ifs=2
index(ttl)=[7(1),6(1),]
grp=238.1.1.1
src=1.4.50.4
intf=10
flags=(0x10000000)[ ]
status=resolved
last_assert=834864
bytes=1765076
pkt=1717
wrong_if=0
num_ifs=1
index(ttl)=[7(1),]

TABLE 14 GET ROUTER INFO MULTICAST IGMP GROUPS(IGMP CONNECTED

GROUP MEMBERSHIP)

Group
Interface Uptime Expires Last Reporter
Address
236.1.1.1 lan 00:45:48 00:03:21 10.4.1.1
236.1.1.1 lo0 02:19:31 00:03:23 1.4.50.4

TABLE 15 GET ROUTER INFO MULTICAST PIM SPARSE-MODE INTERFACE

Ver/ DR
Address Interface VIFindex Nbr Count
Mode Prior
10.4.1
10.4.1.2 lan 2 v2/S0 1
.2
83.97.
83.97.1.1 port6 0 v2/S1 1
1.2
1.4.50
1.4.50.4 lo0 3 v2/S0 1
.4

Get router info multicast pim sparse-mode rp-mapping

PIM Group-to-RP Mappings
This system is the Bootstrap Router (v2)
Group(s): 224.0.0.0/4
RP: 1.4.50.4
Info source: 1.4.50.4, via bootstrap, priority 1
Uptime: 02:20:32, expires: 00:01:58

58 Confidential and Proprietary Information of ZTE CORPORATION

 Chapter 3 Multicast Routing Example

RP: 1.4.50.3
Info source: 1.4.50.3, via bootstrap, priority 255
Uptime: 02:20:07, expires: 00:02:24
Group(s): 228.1.1.1/32
RP: 1.4.50.1
Info source: 1.4.50.1, via bootstrap, priority 192
Uptime: 02:18:24, expires: 00:02:06
Group(s): 237.1.1.1/32
RP: 1.4.50.1
Info source: 1.4.50.1, via bootstrap, priority 192
Uptime: 02:18:24, expires: 00:02:06
Group(s): 238.1.1.1/32
RP: 1.4.50.1
Info source: 1.4.50.1, via bootstrap, priority 192
Uptime: 02:18:24, expires: 00:02:06
Get router info multicast pim sparse-mode bsr-info
PIMv2 Bootstrap information
This system is the Bootstrap Router (BSR)
BSR address: 1.4.50.4
Uptime: 02:23:08, BSR Priority: 1, Hash mask length: 10
Next bootstrap message in 00:00:18
Role: Candidate BSR
State: Elected BSR
Candidate RP: 1.4.50.4(lo0)
Advertisement interval 60 seconds
Next Cand_RP_advertisement in 00:00:54

Confidential and Proprietary Information of ZTE CORPORATION 59

Figures

Figure 1 Example gateway-to-gateway configuration ..............4

Figure 2 Example ZXSEC US PIM-SM topology ..................... 28
Figure 3 PIM-SM debugging topology.................................. 35
Figure 4 Example multicast DNAT topology.......................... 43
Figure 5 PIM network topology using BSR to find the RP........ 46

Confidential and Proprietary Information of ZTE CORPORATION 61

ZXSEC US Multicast Technical Note

This page is intentionally blank.

62 Confidential and Proprietary Information of ZTE CORPORATION

Tables

Table 1 Chapter Summary .................................................. ii

Table 2 Typographical Conventions ...................................... ii
Table 3 Mouse Operation Conventions .................................. ii
Table 4 Main Functions of Service Observation Subsystem.......2
Table 5 Keywords and variables...........................................6
Table 6 Router Multicast Variables ..................................... 15
Table 7 Router Multicast Variables ..................................... 16
Table 8 Global Variables ................................................... 20
Table 9 IGMP Connected Group Membership........................ 36
Table 10 US-3 # get router info multicast pim sparse-mode
neighbour........................................................................ 36
Table 11 Stream States .................................................... 37
Table 12 US-3 # get router info multicast pim sparse-mode
next-hop ......................................................................... 39
Table 13 Get router info multicast pim sparse-mode neighbour
..................................................................................... 57
Table 14 Get router info multicast igmp groups(IGMP Connected
Group Membership) .......................................................... 58
Table 15 Get router info multicast pim sparse-mode interface 58

Confidential and Proprietary Information of ZTE CORPORATION 63