28-6
Cisco 7600 Series Router Cisco IOS Software Configuration Guide, Release 12.2SX
OL-4266-08
Chapter 28 Configuring IPv4 Multicast Layer 3 Switching
Understanding How IPv4 Multicast Layer 3 Switching Works
Figure 28-1 Redundant Multicast Router Configuration in a Stub Network
Filtering of RPF Failures for Stub Networks
The PFC and the DFCs support ACL-based filtering of RPF failures for sparse mode stub networks.
When you enable the ACL-based method of filtering RPF failures by entering the
mls ip multicast stub
command on the redundant router, the following ACLs automatically download to the PFC and are
applied to the interface you specify:
access-list 100 permit ip A.B.C.0 0.0.0.255 any
access-list 100 permit ip A.B.D.0 0.0.0.255 any
access-list 100 permit ip any 224.0.0.0 0.0.0.255
access-list 100 permit ip any 224.0.1.0 0.0.0.255
access-list 100 deny ip any 224.0.0.0 15.255.255.255
The ACLs filter RPF failures and drop them in hardware so that they are not forwarded to the router.
Use the ACL-based method of filtering RPF failures only in sparse mode stub networks where there are
no downstream routers. For dense mode groups, RPF failure packets have to be seen on the router for
the PIM assert mechanism to function properly. Use CEF-based or NetFlow-based rate limiting to limit
the rate of RPF failures in dense mode networks and sparse mode transit networks.
For information on configuring ACL-based filtering of RPF failures, see the
“Configuring ACL-Based
Filtering of RPF Failures” section on page 28-17
.
Rate Limiting of RPF Failure Traffic
When you enable rate limiting of packets that fail the RPF check (non-RPF packets), most non-RPF
packets are dropped in hardware. According to the multicast protocol specification, the router needs to
receive the non-RPF packets for the PIM assert mechanism to function properly, so all non-RPF packets
cannot be dropped in hardware.
When a non-RPF packet is received, a NetFlow entry is created for each non-RPF flow.
When the first non-RPF packet arrives, the PFC bridges the packet to the MSFC and to any bridged ports
and creates a NetFlow entry that contains source, group, and ingress interface information, after which
the NetFlow entry handles all packets for that source and group, sending packets only to bridged ports
and not to the MSFC.
To support the PIM assert mechanism, the PFC periodically forwards a percentage of the non-RPF flow
packets to the MSFC.
Network A, B, C.0
Network A, B, D.0
Rest of network
Router A
Router B
Mulitcast traffic
non-RPF traffic
55645