ip multicast-routing distributed

In our example we have two vlans:
VLAN 3000 – clients that will receive multicast traffic
VLAN 4000 – in this VLAN are sources of multicast traffic
enter the following commands:

ip igmp snooping querier
ip igmp snooping vlan 3000 mrouter learn cgmp
ip igmp snooping vlan 4000 mrouter learn cgmp

According Cisco’s official documentation: “A querier is a network device that sends query messages to discover which network devices are members of a given multicast group.”
The next two lines configure VLAN 3000 and VLAN 4000 as multicast router port (static connection to a multicast router) and to learn sooping from CGMP (Cisco Group Management Protocol) self-join packets.
Configuration of VLAN interfaces 3000 and 4000

interface Vlan3000
 description multicast_client
 ip address 172.20.20.1 255.255.255.0
 ip pim dense-mode
!
interface Vlan4000
 description source_multicast
 ip address 150.158.231.111 255.255.0.0
 ip pim dense-mode
!

You can read this article about pim dense-mode.
To view IGMP grops:

sh ip igmp groups
226.168.20.44    Vlan3000                 5d04h     00:02:38  172.20.20.6
226.168.20.45    Vlan3000                 2d03h     00:02:35  172.20.20.6
226.168.20.46    Vlan3000                 1d14h     00:02:34  172.20.20.6
226.168.20.47    Vlan3000                 2d11h     00:02:41  172.20.20.6
226.168.20.49    Vlan3000                 00:58:13  00:02:38  172.20.20.9
226.168.20.48    Vlan3000                 1d14h     00:02:40  172.20.20.6
226.168.20.51    Vlan3000                 00:58:13  00:02:39  172.20.20.9
226.168.20.50    Vlan3000                 00:58:13  00:02:40  172.20.20.9
226.168.20.53    Vlan3000                 00:58:13  00:02:33  172.20.20.9
226.168.20.52    Vlan3000                 00:58:13  00:02:39  172.20.20.9
226.168.20.55    Vlan3000                 1d14h     00:02:41  172.20.20.6
226.168.20.54    Vlan3000                 00:58:13  00:02:35  172.20.20.9
226.168.20.57    Vlan3000                 1d14h     00:02:36  172.20.20.6

To view membership

multicast#sh ip igmp membership all
Flags: A  - aggregate, T - tracked
       L  - Local, S - static, V - virtual, R - Reported through v3
       I - v3lite, U - Urd, M - SSM (S,G) channel
       1,2,3 - The version of IGMP, the group is in
Channel/Group-Flags:
       / - Filtering entry (Exclude mode (S,G), Include mode (G))
Reporter:
        - last reporter if group is not explicitly tracked
       /      -  reporter in include mode,  reporter in exclude
 *,226.168.20.27                172.20.20.6     1d14h    02:37 2A     Vl3000
 *,226.168.20.26                172.20.20.6     1d14h    02:30 2A     Vl3000
 *,226.168.20.37                172.20.20.6     1d14h    02:32 2A     Vl3000
 *,226.168.20.40                172.20.20.6     2d03h    02:28 2A     Vl3000
 *,226.168.20.41                172.20.20.6     2d03h    02:31 2A     Vl3000
 *,226.168.20.43                172.20.20.6     1d14h    02:30 2A     Vl3000
 *,226.168.20.44                172.20.20.6     5d04h    02:34 2A     Vl3000
 *,226.168.20.45                172.20.20.6     2d03h    02:28 2A     Vl3000
 *,226.168.20.46                172.20.20.6     1d14h    02:34 2A     Vl3000
 *,226.168.20.47                172.20.20.6     2d11h    02:32 2A     Vl3000
 *,226.168.20.49                172.20.20.9     01:00:18 02:28 2A     Vl3000
 *,226.168.20.48                172.20.20.6     1d14h    02:33 2A     Vl3000
 *,226.168.20.51                172.20.20.9     01:00:18 02:29 2A     Vl3000
 *,226.168.20.50                172.20.20.9     01:00:18 02:35 2A     Vl3000
 *,226.168.20.53                172.20.20.9     01:00:18 02:31 2A     Vl3000

To view snooping groups

multicast#sh ip igmp snooping groups
Vlan      Group                    Type        Version     Port List
-----------------------------------------------------------------------
3000      226.168.1.1              igmp                    Gi0/6
3000      226.168.1.2              igmp                    Gi0/4
3000      226.168.1.3              igmp                    Gi0/4
3000      226.168.1.4              igmp                    Gi0/4
3000      226.168.1.6              igmp                    Gi0/6
3000      226.168.1.7              igmp                    Gi0/6
3000      226.168.1.9              igmp                    Gi0/6
3000      226.168.1.10             igmp                    Gi0/4
3000      226.168.1.12             igmp                    Gi0/4
3000      226.168.1.13             igmp                    Gi0/4
3000      226.168.1.14             igmp                    Gi0/4
3000      226.168.1.15             igmp                    Gi0/4
3000      226.168.1.16             igmp                    Gi0/4
3000      226.168.1.17             igmp                    Gi0/4
3000      226.168.1.18             igmp                    Gi0/4
3000      226.168.1.19             igmp                    Gi0/4
3000      226.168.1.22             igmp                    Gi0/6
3000      226.168.1.23             igmp                    Gi0/4
3000      226.168.1.24             igmp                    Gi0/4
3000      226.168.1.26             igmp                    Gi0/6
3000      226.168.1.28             igmp                    Gi0/6
3000      226.168.1.30             igmp                    Gi0/4

apt-get install  ifenslave

Edit or create file /etc/modprobe.d/aliases.conf

alias bond0 bonding
options bonding mode=4 miimon=100

where mode 4 – IEEE 802.3ad Dynamic link aggregation. Creates aggregation groups that share the same speed and
duplex settings. Utilizes all slaves in the active aggregator according to the 802.3ad specification.
Edit /etc/network/interfaces.

auto bond0
iface bond0 inet static
        address 192.168.200.5
        netmask 255.255.255.0
        network 192.168.200.0
        broadcast 192.168.200.255
        post-up ifenslave bond0 eth0 eth1
        gateway 192.168.200.1
        dns-nameservers 192.168.200.1
        dns-search example.com

UPDATE (02.01.2012): Ubuntu 11.10 (oneiric).

1.  Edit or create file /etc/modprobe.d/aliases.conf

alias netdev-bond0 bonding
options bonding mode=4 miimon=100

or

2. To run bonding first put module “bonding” in “/etc/modules” :

# /etc/modules: kernel modules to load at boot time.
#
# This file contains the names of kernel modules that should be loaded
# at boot time, one per line. Lines beginning with "#" are ignored.
loop
lp
rtc
bonding

In “/etc/network/interfaces”

auto bond0
iface bond0 inet static
        slaves eth0 eth1
        bond_mode 4
        bond_miimon 100
        address 192.168.200.5
        netmask 255.255.255.0
        network 192.168.200.0
        broadcast 192.168.200.255
        post-up ifenslave bond0 eth0 eth1

Cisco configuration ( Gi1/0/1 and Gi1/0/2 will be aggregated ):

cisco-3750(config)#interface range GigabitEthernet 1/0/1, GigabitEthernet 1/0/2
cisco-3750(config-if-range)#switchport trunk encapsulation dot1q
cisco-3750(config-if-range)#switchport trunk allowed vlan 10,20
cisco-3750(config-if-range)#switchport mode trunk
cisco-3750(config-if-range)#channel-group 1 mode active
Creating a port-channel interface Port-channel 1
cisco-3750(config-if-range)#end
cisco-3750#

Configuration of interface Port-Channel 1 must be exactly the same as Gi1/0/1 and Gi1/0/2.

cisco-3750#sh ru int Po1
Building configuration...
Current configuration : 159 bytes
!
interface Port-channel1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 10,20
end

If you want to modify configuration of aggregated interfaces, modify only configuration of Port-Channel interface.
And the last step is to set load-balance algorithm:

cisco-3750(config)#port-channel load-balance src-dst-ip
cisco-3750#sh etherchannel load-balance
EtherChannel Load-Balancing Operational State (src-dst-ip):
Non-IP: Source XOR Destination MAC address
  IPv4: Source XOR Destination IP address
  IPv6: Source XOR Destination IP address

cisco-3750#show etherchannel summary
Flags:  D - down        P - in port-channel
        I - stand-alone s - suspended
        H - Hot-standby (LACP only)
        R - Layer3      S - Layer2
        U - in use      f - failed to allocate aggregator
        u - unsuitable for bundling
        w - waiting to be aggregated
        d - default port

Number of channel-groups in use: 1
Number of aggregators:           1

Group  Port-channel  Protocol    Ports
------+-------------+-----------+-----------------------------------------------
1      Po1(SU)         LACP      Gi1/0/1(P)  Gi1/0/2(P)

cisco-3750#
cisco-3750#show etherchannel protocol
                Channel-group listing:
                ----------------------
Group: 1
----------
Protocol:  LACP

Traffic on Gi1/0/1

Traffic on Gi1/0/2

Traffic on Port-Channel1

%PM-4-ERR_DISABLE: gbic-invalid error detected on Gi0/2, putting Gi0/2 in err-disable state

This can happen if you are using third party SFP (non-cisco). The solution is to use undocumented command.
First enter command:

no errdisable detect cause gbic-invalid

and second command:

service unsupported-transceiver

There is no autocomplete for this command and no guarantee, but try it … It works for me on Cisco 3750.

perl -MCPAN -e 'install Cisco::CopyConfig'

Cisco::CopyConfig provides methods for manipulating the running-config of devices running IOS via SNMP directed TFTP. This module is essentially a wrapper for Net::SNMP and the CISCO-CONFIG-COPY-MIB-V1SMI.my MIB schema.
It’s a good idea to store switch’s ip address ( if you have more switches ) in database like MySQL. The following perl script uses MySQL database. In MySQL database we store switch’s ip and snmp community.
MySQL table:

 CREATE TABLE `sw_backup`.`switches` (
`id` BIGINT( 128 ) NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`description` VARCHAR( 128 ) NOT NULL ,
`ip_address` VARCHAR( 128 ) NOT NULL ,
`community` VARCHAR( 128 ) NOT NULL
) ENGINE = MYISAM CHARACTER SET utf8 COLLATE utf8_bin

insert into switches values('','core-switch','192.168.200.251','SNMPconfigCommunity1');
insert into switches values('','access-switch','192.168.200.252','SNMPconfigCommunity2');

mysql> select * from switches;
+----+---------------+-----------------+----------------------+
| id | description   | ip_address      | community            |
+----+---------------+-----------------+----------------------+
|  1 | core-switch   | 192.168.200.251 | SNMPconfigCommunity1 |
|  2 | access-switch | 192.168.200.252 | SNMPconfigCommunity2 |
+----+---------------+-----------------+----------------------+
2 rows in set (0.00 sec)

We need to istall TFTP server:

on Debian: apt-get install atftp

TFTP config file (/etc/default/atftpd):

USE_INETD=true
OPTIONS="--tftpd-timeout 300 --retry-timeout 5  --maxthread 100 --verbose=5 /backup_switch"

TFTP working directory is /backup_switch
Configuring Cisco switch ( tested on C2960G, C3750G, 3400G ):
A read-write SNMP community needs to be defined on each device, which allows the setting of parameters to copy or merge a running-config. Below is an example configuration that attempts to restrict read-write access to only the 192.168.200.10 (tftp server) host :

access-list 70 remark tft-server-list
access-list 70 permit 192.168.200.10
access-list 70 deny   any

SNMP configuration:

snmp-server tftp-server-list 70
snmp-server view backup ciscoMgmt.96.1.1.1.1 included
snmp-server community SNMPconfigCommunity1 view backup RW 70

Variables used in cisco backup script:
/backup_switch – tftp root directory
/storage/backup/daily/switches/ – backup directory
Backup script:

#!/usr/bin/perl
use DBI;
use Cisco::CopyConfig;

my ( $sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst)=localtime(time);
$year+=1900;
$mon  = sprintf("%02d",$mon+1);
$mday = sprintf("%02d",$mday);
$hour = sprintf("%02d",$hour);
$min  = sprintf("%02d",$min);
$sec  = sprintf("%02d",$sec);
$date_format="$mday.$mon.$year";

$sql="select ip_address,community,description from switches order by inet_aton(ip_address) asc";
$dbh = DBI->connect("dbi:mysql:sw_backup:xxx.xxx.xxx.xxx","username","password") or die "Can't connect to MySQL: $DBI::errstr\n";
$sth = $dbh->prepare($sql);
$sth->execute();

$tftp_address   = '192.168.200.10';

while (@row=$sth->fetchrow_array) {
 $config     = Cisco::CopyConfig->new(
 Host => $row[0],   # host
 Comm => $row[1], # community
 Tmout => '10',       # timeout
 Retry => '2'           # retry
 );

 $tftp_file = "$row[2].$date_format.conf";

 if ($config->copy($tftp_address, $tftp_file) ) {
 print "OK -> switch ip: $row[0], file: $tftp_file\n"; }
 else {
 print "ERROR -> switch ip: $row[0], no backup file\n";
 }

}

system("mkdir /storage/backup/daily/switches/$date_format");
system("cp /backup_switch/cisco-* /storage/backup/daily/switches/$date_format");

Result:

sns ~ # perl cisco-backup.pl
OK -> switch ip: 192.168.200.251, file: core-switch.19.01.2010.conf
OK -> switch ip: 192.168.200.252, file: access-switch.19.01.2010.conf

sns ~ # tail -n 100 /var/log/syslog | grep tftp
Jan 19 15:56:53 sns atftpd[7848]: Fetching from 192.168.200.251 to core-switch.19.01.2010.conf
Jan 19 15:56:55 sns atftpd[7848]: Fetching from 192.168.200.252 to access-switch.19.01.2010.conf

cisco1800#vlan database
cisco1800(vlan)vlan 777
VLAN 777 added:
    Name: VLAN0777
cisco1800(vlan)#
cisco1800(vlan)#vlan 777 name dot1q_vlan_on_WAN_interface
VLAN 777 modified:
    Name: dot1q_vlan_on_WAN_interface

Now verify vlan:

cisco1800#show vlan-switch

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa4
2    Servers                          active    Fa1, Fa2
3    SERVICE                          active    Fa3
5    VLAN0005                         active
99   VLAN0099                         active
777  dot1q_vlan_on_WAN_interface      active
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active

The last step is to create the tagged subinterface on FastEthernet0:

cisco1800(config)#interface FastEthernet 0.777

After the interface number just enter “.” (dot ) and vlan id.

cisco1800(config-subif)#encapsulation dot1Q 777
cisco1800(config-subif)#ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx

View configuration:

cisco1800#sh ru interface FastEthernet 0.777
interface FastEthernet0.777
 encapsulation dot1Q 100
 ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
 no snmp trap link-status

Ports  	   	Model  	   	    SW Version  	  SW Image
------ 	  	------ 	  	    ----------------- 	  ------------
52 	        WS-C3750G-48TS      12.2(25)SEE4 	  C3750-ADVIPSERVICESK

By default QoS configuration is disabled:

sw3750#sh mls qos
QoS is disabled
QoS ip packet dscp rewrite is enabled

So we need to enable QoS:

sw3750#conf t
sw3750(config)#mls qos
sw3750(config)#end

sw3750#sh mls qos
QoS is enabled
QoS ip packet dscp rewrite is enabled

We need to create access list:

sw3750#conf t
sw3750(config)#access-list 1 remark rewrite_dscp
sw3750(config)#access-list 1 permit any

sw3750#show access-lists 1
Standard IP access list 1
  10 permit any

Now we’ll begin with real QoS, and use terms as “class map” and “policy map“. According Cisco’s official documentation:

A class map is a mechanism that you use to name a specific traffic flow (or class) and to isolate it from all other traffic. The class map defines the criteria used to match against a specific traffic flow to further classify it. The criteria can include matching the access group defined by the ACL or matching a specific list of DSCP or IP precedence values. If you have more than one type of traffic that you want to classify, you can create another class map and use a different name. After a packet is matched against the
class-map criteria, you further classify it through the use of a policy map.

A policy map specifies which traffic class to act on. Actions can include trusting the CoS, DSCP, or IP precedence values in the traffic class; setting a specific DSCP or IP precedence value in the traffic class; or specifying the traffic bandwidth limitations and the action to take when the traffic is out of profile. Before a policy map can be effective, you must attach it to a port.

sw3750(config)#class-map ?
   WORD class-map name
   match-all Logical-AND all matching statements under this classmap
   match-any Logical-OR all matching statements under this classmap
sw3750(config)#class-map match-all class-map-dscp
sw3750(config-cmap)#match access-group 1

sw3750#show class-map class-map-dscp
 Class Map match-all class-map-dscp (id 1)
   Match access-group 1

After creting class-map, we need policy map. In this policy map we’ll rewrite dscp value of packet: “set dscp af32″ , this is ToS 0×70

sw3750(config)#policy-map vlan101
sw3750(config-pmap)#class class-map-dscp
sw3750(config-pmap-c)#set dscp af32

sw3750#sh policy-map vlan101
 Policy Map vlan101
  Class class-map-dscp
   set dscp af32

OK, we created calss map and policy map, and now we’ll aplly them to interface.

sw3750(config)#int vlan101
sw3750(config-if)#service-policy input vlan101

sw3750#sh ru int vlan101
interface Vlan101
  no ip address
  service-policy input vlan101
end

On a trunk port apply next commands:

sw3750(config)#int gi1/0/4
sw3750(config-if)#mls qos vlan-based

sw3750#sh ru int gi1/0/4
  interface GigabitEthernet1/0/4
  switchport trunk encapsulation dot1q
  switchport trunk allowed 101
  switchport mode trunk
  mls qos vlan-based
end