Comments on: Blue Coat ProxySG VIP and Cisco Switches Need Multicast Enabled http://etherealmind.com/proxysg-vip-vrrp-multicast-cisco-switch/ Network design, architecture, thinking, working. Tech. Wed, 23 May 2012 23:00:00 +0000 hourly 1 http://wordpress.org/?v=3.3.2 By: pjg http://etherealmind.com/proxysg-vip-vrrp-multicast-cisco-switch/#comment-212 pjg Thu, 20 Jan 2011 12:36:16 +0000 http://etherealmind.com/2008/03/30/proxysg-vip-vrrp-multicast-cisco-switch/#comment-212 Just to clear something up - IGMP and IGMP Snooping are 2 different things. IGMP is a L3 protocol used for joining/leaving multicast groups and querying group membership. IGMP Snooping is a switch feature that listens for IGMP messages so that instead of broadcasting out all L2 ports, the switch can build a table of which L2 ports are interesting in each multicast group. It might sound pedantic but as you say in note (2) IP multicast (L2) and Ethernet multicast (L3) are two different things and both need to be understood for a successful implementation. It would make more sense to me to enable PIM on the default gateway for the VIP subnet rather than having a separate VRF interface. I am used to configuring multicast on the whole network though, so it doesn't scare me :) In my experience multicast only cause issues when someone who doesn't understand the network and/or multicast configures it. SPF failures and L2 multicast are the most common gotchas I see. The worst one I had to troubleshoot had every edge switch configured as an IGMP Snooping Querier, with a query interval of 60 seconds. The end result was that every multicast group went to every switch, whether it really wanted it or not. These were HD streams too. You can imagine the change control to turn that off and configure multicast on the network properly on 165 switches which are providing IPTV to hundreds of rooms. Just to clear something up – IGMP and IGMP Snooping are 2 different things. IGMP is a L3 protocol used for joining/leaving multicast groups and querying group membership. IGMP Snooping is a switch feature that listens for IGMP messages so that instead of broadcasting out all L2 ports, the switch can build a table of which L2 ports are interesting in each multicast group. It might sound pedantic but as you say in note (2) IP multicast (L2) and Ethernet multicast (L3) are two different things and both need to be understood for a successful implementation.

It would make more sense to me to enable PIM on the default gateway for the VIP subnet rather than having a separate VRF interface. I am used to configuring multicast on the whole network though, so it doesn’t scare me :)

In my experience multicast only cause issues when someone who doesn’t understand the network and/or multicast configures it. SPF failures and L2 multicast are the most common gotchas I see. The worst one I had to troubleshoot had every edge switch configured as an IGMP Snooping Querier, with a query interval of 60 seconds. The end result was that every multicast group went to every switch, whether it really wanted it or not. These were HD streams too. You can imagine the change control to turn that off and configure multicast on the network properly on 165 switches which are providing IPTV to hundreds of rooms.

]]> By: Greg Ferro http://etherealmind.com/proxysg-vip-vrrp-multicast-cisco-switch/#comment-211 Greg Ferro Sat, 05 Apr 2008 17:43:10 +0000 http://etherealmind.com/2008/03/30/proxysg-vip-vrrp-multicast-cisco-switch/#comment-211 This comes back to the 'I am scared of multicast' debate. For many people, enabling multicast as global command is a scary thing. In big companies, the security and change control teams will fall into paroxysms of joyous condemnation of how insecure / risky it is. Which, of course, is mostly correct and in high security networks using a VRF is an effective way to solve this problem. In normal networks (which should be just about everyone, just use the code in the section "Cisco switches need a Multicast router (mrouter)" to keep it simple. This comes back to the ‘I am scared of multicast’ debate. For many people, enabling multicast as global command is a scary thing.

In big companies, the security and change control teams will fall into paroxysms of joyous condemnation of how insecure / risky it is. Which, of course, is mostly correct and in high security networks using a VRF is an effective way to solve this problem.

In normal networks (which should be just about everyone, just use the code in the section “Cisco switches need a Multicast router (mrouter)” to keep it simple.

]]> By: Brian http://etherealmind.com/proxysg-vip-vrrp-multicast-cisco-switch/#comment-210 Brian Sat, 05 Apr 2008 15:48:43 +0000 http://etherealmind.com/2008/03/30/proxysg-vip-vrrp-multicast-cisco-switch/#comment-210 Hmm. Interesting usage of VRFs. If using all Cisco switches, why not just setup one L3 switch or router as a PIM-Sparse-mode RP, and listen for IGMP Membership reports from IGMP-enabled switches? Hmm. Interesting usage of VRFs. If using all Cisco switches, why not just setup one L3 switch or router as a PIM-Sparse-mode RP, and listen for IGMP Membership reports from IGMP-enabled switches?

]]>