[c-nsp] HSRP/multicast help

Alexander Clouter alex at digriz.org.uk
Fri Sep 18 04:04:03 EDT 2009 

Hi,

David Warner <davidwarner1975 at yahoo.com.au> wrote:
> 
> We have a requirement to provide gateway redundancy for a multicast 
> enabled server(s) . Weve had a few issues with getting this working in 
> a deterministic fashion.
> 
> Does anyone have a working config or tips on getting multicast working 
> in a HSRP set up?
> 
You probably are using 'standby x priority'?  We had the same issue 
years ago.

You *should* set up your VLAN's like so (example for a /24):

.0	network address
.1	HSRP gateway address
...	workstations
.253	HSRP *standy* router address
.254	HSRP *active* router address
.255	broadcast address

I personally remove the standby priorities from the VLAN configs as the 
'active' router will be the one with the higher IP address...which is 
*also* the rule for PIM.

What is probably happening is the PIM router for the subnet is your 
standby router and you are being hit with a lot of reverse path 
filtering issues[1].

If you really want to use standby priorities, make sure the higher 
number sits on the router with the higher IP address....however once you 
have done this you will wonder why

If you have not already, I would use this as an opportunity to move to 
using HSRPv2 or VRRP...and make sure you are using a shared secret to 
prevent someone spoofing that they are a HSRP gateway (plus enable 
IGMPv3).

An example for a /25 is below:
---- one of our 6509's ----
interface Vlan100
 description test
 ip address 1.2.3.126 255.255.255.224
 ip pim sparse-mode
 ip igmp version 3
 standby version 2
 standby 100 ip 1.2.3.1
 standby 100 preempt delay minimum 120
 standby 100 authentication md5 key-string <ahem>
----
---- the other of our 6509's ----
interface Vlan100
 description test
 ip address 1.2.3.125 255.255.255.224
 ip pim sparse-mode
 ip igmp version 3
 standby version 2
 standby 100 ip 1.2.3.1
 standby 100 preempt delay minimum 120
 standby 100 authentication md5 key-string <ahem>
----

If you are seeing high CPU usage on your routers, you might want to add:
----
mls rate-limit multicast ipv4 non-rpf 100 10
mls rate-limit multicast ipv4 partial 250 100
----

Cheers

[1] or it is because the IGMP joins never reach the PIM gateway as they 
	are going to the wrong router, I can never remember, it was 
	years ago when we fixed this

-- 
Alexander Clouter
.sigmonster says: Philosophy will clip an angel's wings.
                  		-- John Keats

More information about the cisco-nsp mailing list