The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
This section describes how to configure the Multicast Source Discovery Protocol (MSDP on the switch. The MSDP connects multiple Protocol-Independent Multicast sparse-mode (PIM-SM) domains.
MSDP is not fully supported in this software release because of a lack of support for Multicast Border Gateway Protocol (MBGP), which works closely with MSDP. However, it is possible to create default peers that MSDP can operate with if MBGP is not running.
Note | To use this feature, the active switch must be running the IP services feature set. |
MSDP allows multicast sources for a group to be known to all rendezvous points (RPs) in different domains. Each PIM-SM domain uses its own RPs and does not depend on RPs in other domains. An RP runs MSDP over the Transmission Control Protocol (TCP) to discover multicast sources in other domains.
An RP in a PIM-SM domain has an MSDP peering relationship with MSDP-enabled devices in another domain. The peering relationship occurs over a TCP connection, primarily exchanging a list of sources sending to multicast groups. The TCP connections between RPs are achieved by the underlying routing system. The receiving RP uses the source lists to establish a source path.
The purpose of this topology is to have domains discover multicast sources in other domains. If the multicast sources are of interest to a domain that has receivers, multicast data is delivered over the normal, source-tree building mechanism in PIM-SM. MSDP is also used to announce sources sending to a group. These announcements must originate at the domain’s RP.
MSDP depends heavily on the Border Gateway Protocol (BGP) or MBGP for interdomain operation. We recommend that you run MSDP in RPs in your domain that are RPs for sources sending to global groups to be announced to the Internet.
When a source sends its first multicast packet, the first-hop router (designated router or RP) directly connected to the source sends a PIM register message to the RP. The RP uses the register message to register the active source and to forward the multicast packet down the shared tree in the local domain. With MSDP configured, the RP also forwards a source-active (SA) message to all MSDP peers. The SA message identifies the source, the group the source is sending to, and the address of the RP or the originator ID (the IP address of the interface used as the RP address), if configured.
Each MSDP peer receives and forwards the SA message away from the originating RP to achieve peer reverse-path flooding (RPF). The MSDP device examines the BGP or MBGP routing table to discover which peer is the next hop toward the originating RP of the SA message. Such a peer is called an RPF peer (reverse-path forwarding peer). The MSDP device forwards the message to all MSDP peers other than the RPF peer. For information on how to configure an MSDP peer when BGP and MBGP are not supported, see the Configuring a Default MSDP Peer.
If the MSDP peer receives the same SA message from a non-RPF peer toward the originating RP, it drops the message. Otherwise, it forwards the message to all its MSDP peers.
The RP for a domain receives the SA message from an MSDP peer. If the RP has any join requests for the group the SA message describes and if the (*,G) entry exists with a nonempty outgoing interface list, the domain is interested in the group, and the RP triggers an (S,G) join toward the source. After the (S,G) join reaches the source’s DR, a branch of the source tree has been built from the source to the RP in the remote domain. Multicast traffic can now flow from the source across the source tree to the RP and then down the shared tree in the remote domain to the receiver.
By default, the switch does not cache source or group pairs from received SA messages. When the switch forwards the MSDP SA information, it does not store it in memory. Therefore, if a member joins a group soon after an SA message is received by the local RP, that member needs to wait until the next SA message to hear about the source. This delay is known as join latency.
Local RPs can send SA requests and get immediate responses for all active sources for a given group. By default, the switch does not send any SA request messages to its MSDP peers when a new member joins a group and wants to receive multicast traffic. The new member waits to receive the next periodic SA message.
If you want a new member of a group to learn the active multicast sources in a connected PIM sparse-mode domain that are sending to a group, configure the switch to send SA request messages to the specified MSDP peer when a new member joins a group.
MSDP has these benefits:
It breaks up the shared multicast distribution tree. You can make the shared tree local to your domain. Your local members join the local tree, and join messages for the shared tree never need to leave your domain.
PIM sparse-mode domains can rely only on their own RPs, decreasing reliance on RPs in another domain. This increases security because you can prevent your sources from being known outside your domain.
Domains with only receivers can receive data without globally advertising group membership.
Global source multicast routing table state is not required, saving memory.
MSDP is not enabled, and no default MSDP peer exists.
Configure an MSDP peer.
If you want to sacrifice some memory in exchange for reducing the latency of the source information, you can configure the Device to cache SA messages. Perform the following steps to enable the caching of source/group pairs:
Follow these steps to enable the caching of source/group pairs:
If you want a new member of a group to learn the active multicast sources in a connected PIM sparse-mode domain that are sending to a group, perform this task for the Device to send SA request messages to the specified MSDP peer when a new member joins a group. The peer replies with the information in its SA cache. If the peer does not have a cache configured, this command has no result. Configuring this feature reduces join latency but sacrifices memory.
Follow these steps to configure the Device to send SA request messages to the MSDP peer when a new member joins a group and wants to receive multicast traffic:
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable
Example:
Device> enable
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 | configure
terminal
Example: Device# configure terminal | |
Step 3 | ip msdp sa-request
{ip-address |
name}
Example:
Device(config)# ip msdp sa-request 171.69.1.1
|
Configure the Device to send SA request messages to the specified MSDP peer. For ip-address | name, enter the IP address or name of the MSDP peer from which the local Device requests SA messages when a new member for a group becomes active. Repeat the command for each MSDP peer that you want to supply with SA messages. |
Step 4 | end
Example: Device(config)# end | |
Step 5 | show running-config
Example: Device# show running-config | |
Step 6 | copy running-config
startup-config
Example:
Device# copy running-config startup-config
|
(Optional) Saves your entries in the configuration file. |
You can control the multicast source information that originates with your Device:
Sources you advertise (based on your sources)
Receivers of source information (based on knowing the requestor)
For more information, see the Redistributing Sources and the Filtering Source-Active Request Messages.
SA messages originate on RPs to which sources have registered. By default, any source that registers with an RP is advertised. The A flag is set in the RP when a source is registered, which means the source is advertised in an SA unless it is filtered.
Follow these steps to further restrict which registered sources are advertised:
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable
Example:
Device> enable
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 | configure
terminal
Example: Device# configure terminal | |
Step 3 | ip msdp redistribute
[list
access-list-name] [asn
aspath-access-list-number] [route-map
map]
Example:
Device(config)# ip msdp redistribute list 21
|
Configures which (S,G) entries from the multicast routing table are advertised in SA messages. By default, only sources within the local domain are advertised.
The Device advertises (S,G) pairs according to the access list or autonomous system path access list. |
Step 4 | Use one of the
following:
Example: Device(config)# access list 21 permit 194.1.22.0
or Device(config)# access list 21 permit ip 194.1.22.0 1.1.1.1 194.3.44.0 1.1.1.1
|
Creates an IP standard access list, repeating the command as many times as necessary. or Creates an IP extended access list, repeating the command as many times as necessary.
Recall that the access list is always terminated by an implicit deny statement for everything. |
Step 5 | end
Example: Device(config)# end | |
Step 6 | show running-config
Example: Device# show running-config | |
Step 7 | copy running-config
startup-config
Example:
Device# copy running-config startup-config
|
(Optional) Saves your entries in the configuration file. |
By default, only Device that are caching SA information can respond to SA requests. By default, such a Device honors all SA request messages from its MSDP peers and supplies the IP addresses of the active sources.
However, you can configure the Device to ignore all SA requests from an MSDP peer. You can also honor only those SA request messages from a peer for groups described by a standard access list. If the groups in the access list pass, SA request messages are accepted. All other such messages from the peer for other groups are ignored.
To return to the default setting, use the no ip msdp filter-sa-request {ip-address| name} global configuration command.
Follow these steps to configure one of these options:
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable
Example:
Device> enable
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 | configure
terminal
Example: Device# configure terminal | |
Step 3 | Use one of the
following:
Example: Device(config)# ip msdp filter sa-request 171.69.2.2
|
Filters all SA request messages from the specified MSDP peer. or Filters SA request messages from the specified MSDP peer for groups that pass the standard access list. The access list describes a multicast group address. The range for the access-list-number is 1 to 99. |
Step 4 | access-list
access-list-number {deny |
permit}
source
[source-wildcard]
Example:
Device(config)# access-list 1 permit 192.4.22.0 0.0.0.255
|
Creates an IP standard access list, repeating the command as many times as necessary.
Recall that the access list is always terminated by an implicit deny statement for everything. |
Step 5 | end
Example: Device(config)# end | |
Step 6 | show running-config
Example: Device# show running-config | |
Step 7 | copy running-config
startup-config
Example:
Device# copy running-config startup-config
|
(Optional) Saves your entries in the configuration file. |
By default, the Device forwards all SA messages it receives to all its MSDP peers. However, you can prevent outgoing messages from being forwarded to a peer by using a filter or by setting a time-to-live (TTL) value.
By creating a filter, you can perform one of these actions:
Filter all source/group pairs
Specify an IP extended access list to pass only certain source/group pairs
Filter based on match criteria in a route map
Follow these steps to apply a filter:
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable
Example:
Device> enable
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 | configure
terminal
Example: Device# configure terminal | |
Step 3 | Use one of the
following:
Example: Device(config)# ip msdp sa-filter out switch.cisco.com
or Device(config)# ip msdp sa-filter out list 100
or Device(config)# ip msdp sa-filter out switch.cisco.com route-map 22
|
|
Step 4 | access-list
access-list-number {deny |
permit}
protocol
source
source-wildcard
destination
destination-wildcard
Example:
Device(config)# access list 100 permit ip 194.1.22.0 1.1.1.1 194.3.44.0 1.1.1.1
|
(Optional) Creates an IP extended access list, repeating the command as many times as necessary.
Recall that the access list is always terminated by an implicit deny statement for everything. |
Step 5 | end
Example: Device(config)# end | |
Step 6 | show running-config
Example: Device# show running-config | |
Step 7 | copy running-config
startup-config
Example:
Device# copy running-config startup-config
|
(Optional) Saves your entries in the configuration file. |
You can use a TTL value to control what data is encapsulated in the first SA message for every source. Only multicast packets with an IP-header TTL greater than or equal to the ttl argument are sent to the specified MSDP peer. For example, you can limit internal traffic to a TTL of 8. If you want other groups to go to external locations, you must send those packets with a TTL greater than 8.
Follow these steps to establish a TTL threshold:
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable
Example:
Device> enable
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 | configure
terminal
Example: Device# configure terminal | |
Step 3 | ip msdp ttl-threshold
{ip-address |
name}
ttl
Example:
Device(config)# ip msdp ttl-threshold switch.cisco.com 0
|
Limits which multicast data is encapsulated in the first SA message to the specified MSDP peer. |
Step 4 | end
Example: Device(config)# end | |
Step 5 | show running-config
Example: Device# show running-config | |
Step 6 | copy running-config
startup-config
Example:
Device# copy running-config startup-config
|
(Optional) Saves your entries in the configuration file. |
By default, the Device receives all SA messages that its MSDP RPF peers send to it. However, you can control the source information that you receive from MSDP peers by filtering incoming SA messages. In other words, you can configure the Device to not accept them.
You can perform one of these actions:
Filter all incoming SA messages from an MSDP peer
Specify an IP extended access list to pass certain source/group pairs
Filter based on match criteria in a route map
Follow these steps to apply a filter:
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable
Example:
Device> enable
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 | configure
terminal
Example: Device# configure terminal | |
Step 3 | Use one of the
following:
Example: Device(config)# ip msdp sa-filter in switch.cisco.com
or Device(config)# ip msdp sa-filter in list 100
or Device(config)# ip msdp sa-filter in switch.cisco.com route-map 22
|
|
Step 4 | access-list
access-list-number {deny |
permit}
protocol
source
source-wildcard
destination
destination-wildcard
Example:
Device(config)# access list 100 permit ip 194.1.22.0 1.1.1.1 194.3.44.0 1.1.1.1
|
(Optional) Creates an IP extended access list, repeating the command as many times as necessary.
Recall that the access list is always terminated by an implicit deny statement for everything. |
Step 5 | end
Example: Device(config)# end | |
Step 6 | show running-config
Example: Device# show running-config | |
Step 7 | copy running-config
startup-config
Example:
Device# copy running-config startup-config
|
(Optional) Saves your entries in the configuration file. |
An MSDP mesh group is a group of MSDP speakers that have fully meshed MSDP connectivity among one another. Any SA messages received from a peer in a mesh group are not forwarded to other peers in the same mesh group. Thus, you reduce SA message flooding and simplify peer-RPF flooding. Use the ip msdp mesh-group global configuration command when there are multiple RPs within a domain. It is especially used to send SA messages across a domain. You can configure multiple mesh groups (with different names) in a single Device.
Follow these steps to create a mesh group:
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable
Example:
Device> enable
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 | configure
terminal
Example: Device# configure terminal | |
Step 3 | ip msdp mesh-group
name
{ip-address |
name}
Example:
Device(config)# ip msdp mesh-group 2 switch.cisco.com
|
Configures an MSDP mesh group, and specifies the MSDP peer belonging to that mesh group. By default, the MSDP peers do not belong to a mesh group.
Repeat this procedure on each MSDP peer in the group. |
Step 4 | end
Example: Device(config)# end | |
Step 5 | show running-config
Example: Device# show running-config | |
Step 6 | copy running-config
startup-config
Example:
Device# copy running-config startup-config
|
(Optional) Saves your entries in the configuration file. |
If you want to configure many MSDP commands for the same peer and you do not want the peer to become active, you can shut down the peer, configure it, and later bring it up. When a peer is shut down, the TCP connection is terminated and is not restarted. You can also shut down an MSDP session without losing configuration information for the peer.
Follow these steps to shut down a peer:
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable
Example:
Device> enable
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 | configure
terminal
Example: Device# configure terminal | |
Step 3 | ip msdp shutdown {peer-name |
peer
address}
Example:
Device(config)# ip msdp shutdown switch.cisco.com
|
Shuts down the specified MSDP peer without losing configuration information. For peer-name | peer address, enter the IP address or name of the MSDP peer to shut down. |
Step 4 | end
Example: Device(config)# end | |
Step 5 | show running-config
Example: Device# show running-config | |
Step 6 | copy running-config
startup-config
Example:
Device# copy running-config startup-config
|
(Optional) Saves your entries in the configuration file. |
You can configure MSDP on a Device that borders a PIM sparse-mode region with a dense-mode region. By default, active sources in the dense-mode region do not participate in MSDP.
Note | We do not recommend using the ip msdp border sa-address global configuration command. It is better to configure the border router in the sparse-mode domain to proxy-register sources in the dense-mode domain to the RP of the sparse-mode domain and have the sparse-mode domain use standard MSDP procedures to advertise these sources. |
The ip msdp originator-id global configuration command also identifies an interface to be used as the RP address. If both the ip msdp border sa-address and the ip msdp originator-id global configuration commands are configured, the address derived from the ip msdp originator-id command specifies the RP address.
Follow these steps to configure the border router to send SA messages for sources active in the dense-mode region to the MSDP peers:
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable
Example:
Device> enable
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 | configure
terminal
Example: Device# configure terminal | |
Step 3 | ip msdp border sa-address
interface-id
Example:
Device(config)# ip msdp border sa-address 0/1
|
Configures the switch on the border between a dense-mode and sparse-mode region to send SA messages about active sources in the dense-mode region. For interface-id, specifies the interface from which the IP address is derived and used as the RP address in SA messages. The IP address of the interface is used as the Originator-ID, which is the RP field in the SA message. |
Step 4 | ip msdp redistribute
[list
access-list-name] [asn
aspath-access-list-number] [route-map
map]
Example:
Device(config)# ip msdp redistribute list 100
|
Configures which (S,G) entries from the multicast routing table are advertised in SA messages. For more information, see the Redistributing Sources. |
Step 5 | end
Example: Device(config)# end | |
Step 6 | show running-config
Example: Device# show running-config | |
Step 7 | copy running-config
startup-config
Example:
Device# copy running-config startup-config
|
(Optional) Saves your entries in the configuration file. |
You can allow an MSDP speaker that originates an SA message to use the IP address of the interface as the RP address in the SA message by changing the Originator ID. You might change the Originator ID in one of these cases:
If you configure a logical RP on multiple Device in an MSDP mesh group.
If you have a Device that borders a PIM sparse-mode domain and a dense-mode domain. If a Device borders a dense-mode domain for a site, and sparse-mode is being used externally, you might want dense-mode sources to be known to the outside world. Because this Device is not an RP, it would not have an RP address to use in an SA message. Therefore, this command provides the RP address by specifying the address of the interface.
If both the ip msdp border sa-address and the ip msdp originator-id global configuration commands are configured, the address derived from the ip msdp originator-id command specifies the address of the RP.
Follow these steps to allow an MSDP speaker that originates an SA message to use the IP address on the interface as the RP address in the SA message:
Command or Action | Purpose | |
---|---|---|
Step 1 |
enable
Example:
Device> enable
|
Enables privileged EXEC mode. Enter your password if prompted. |
Step 2 | configure
terminal
Example: Device# configure terminal | |
Step 3 | ip msdp originator-id
interface-id
Example:
Device(config)# ip msdp originator-id 0/1
|
Configures the RP address in SA messages to be the address of the originating device interface. For interface-id, specify the interface on the local Device. |
Step 4 | end
Example: Device(config)# end | |
Step 5 | show running-config
Example: Device# show running-config | |
Step 6 | copy running-config
startup-config
Example:
Device# copy running-config startup-config
|
(Optional) Saves your entries in the configuration file. |
Commands that monitor MSDP SA messages, peers, state, and peer status:
Command |
Purpose |
---|---|
debug ip msdp [peer-address | name] [detail] [routes] |
Debugs an MSDP activity. |
debug ip msdp resets |
Debugs MSDP peer reset reasons. |
show ip msdp count [autonomous-system-number] |
Displays the number of sources and groups originated in SA messages from each autonomous system. The ip msdp cache-sa-state command must be configured for this command to produce any output. |
show ip msdp peer [peer-address | name] |
Displays detailed information about an MSDP peer. |
show ip msdp sa-cache [group-address | source-address | group-name | source-name] [autonomous-system-number] |
Displays (S,G) state learned from MSDP peers. |
show ip msdp summary |
Displays MSDP peer status and SA message counts. |
Commands that clear MSDP connections, statistics, and SA cache entries:
Command |
Purpose |
---|---|
clear ip msdp peer peer-address | name |
Clears the TCP connection to the specified MSDP peer, resetting all MSDP message counters. |
clear ip msdp statistics [peer-address | name] |
Clears statistics counters for one or all the MSDP peers without resetting the sessions. |
clear ip msdp sa-cache [group-address | name] |
Clears the SA cache entries for all entries, all sources for a specific group, or all entries for a specific source/group pair. |
This example shows a partial configuration of Router A and Router C in . Each of these ISPs have more than one customer (like the customer in ) who use default peering (no BGP or MBGP). In that case, they might have similar configurations. That is, they accept SAs only from a default peer if the SA is permitted by the corresponding prefix list.
Router A
Router(config)# ip msdp default-peer 10.1.1.1 Router(config)# ip msdp default-peer 10.1.1.1 prefix-list site-a Router(config)# ip prefix-list site-b permit 10.0.0.0/1
Router C
Router(config)# ip msdp default-peer 10.1.1.1 prefix-list site-a Router(config)# ip prefix-list site-b permit 10.0.0.0/1
This example shows how to enable the cache state for all sources in 171.69.0.0/16 sending to groups 224.2.0.0/16:
Device(config)# ip msdp cache-sa-state 100 Device(config)# access-list 100 permit ip 171.69.0.0 0.0.255.255 224.2.0.0 0.0.255.255
This example shows how to configure the switch to send SA request messages to the MSDP peer at 171.69.1.1:
Device(config)# ip msdp sa-request 171.69.1.1
This example shows how to configure the switch to filter SA request messages from the MSDP peer at 171.69.2.2. SA request messages from sources on network 192.4.22.0 pass access list 1 and are accepted; all others are ignored.
Device(config)# ip msdp filter sa-request 171.69.2.2 list 1 Device(config)# access-list 1 permit 192.4.22.0 0.0.0.255
This example shows how to allow only (S,G) pairs that pass access list 100 to be forwarded in an SA message to the peer named switch.cisco.com:
Device(config)# ip msdp peer switch.cisco.com connect-source gigabitethernet1/0/1 Device(config)# ip msdp sa-filter out switch.cisco.com list 100 Device(config)# access-list 100 permit ip 171.69.0.0 0.0.255.255 224.20 0 0.0.255.255
This example shows how to filter all SA messages from the peer named switch.cisco.com:
Device(config)# ip msdp peer switch.cisco.com connect-source gigabitethernet1/0/1 Device(config)# ip msdp sa-filter in switch.cisco.com