This is a followup post to the first one on SSM. The topology is still the same.
If you want to find it in the documentation it is found in the IGMP configuration guide
I guess the reason to place it under IGMP is that SSM requires IGMPv3. To find SSM mapping go to Products-> Cisco IOS and NX-OS Software-> Cisco IOS-> Cisco IOS Software Release 12.4 Family-> Cisco IOS Software Releases 12.4T-> Configure-> Configuration Guides-> IP Multicast Configuration Guide Library, Cisco IOS Release 12.4T-> IP Multicast: IGMP Configuration Guide, Cisco IOS Release 12.4T-> SSM mapping
So why would we use SSM mapping in the first place? IGMPv3 is not supported everywhere yet. Maybe the Set Top Box (STB) is not supporting IGMPv3 but your ISP wants to support SSM. Then some transition mechanism must be used. There are a few options available like IGMPv3 lite, URD and SSM mapping. IGMPv3 lite is daemon running on the host supporting a subset of IGMPv3 until proper IGMPv3 has been implemented. With URD a router intercepts the URL requests from the user and the router joins the multicast stream to the correct source even though the user is not sending IGMPv3 reports. This requires that the multicast group and source is coded into the web page with links to the multicast streams.
SSM mapping takes IGMPv2 reports and convert them to IGMPv3. We can either use a DNS server and query it for sources or use static mappings as I will explain here. Static mapping is done on the Last Hop Router (LHR) and it is fairly simple. This is how we configure it.
R2(config)#access-list 2 permit 188.8.131.52 R2(config)#ip igmp ssm-map enable R2(config)#ip igmp ssm-map static 2 184.108.40.206 R2(config)#no ip igmp ssm-map query dns
The config is pretty self explanatory. First we create an access-list that defines the groups to be used for SSM mapping. Then we enable SSM mapping. Then we tie together the ACL with the sources that are allowed to send to those groups. Now we need to verify the mapping. First we take a look at R2 with show ip igmp ssm-mapping.
R2#show ip igmp ssm-mapping SSM Mapping : Enabled DNS Lookup : Disabled Mcast domain : in-addr.arpa Name servers : 255.255.255.255
Looks good so far. We will use R3 to simulate a client joining to 220.127.116.11 via IGMPv2. We will debug IGMP to see the report coming in. R3 will join the group via the igmp join-group command. One thing is important to note here. Usually we configure ip igmp-join group on downstream interface to simulate LAN segment and then PIM Join is sent upstream. In this case we want only IGMP join to be sent so therefore we configure the igmp join-group on the upstream interface. Also no PIM should be enabled. This makes the router act as a pure host and not do any multicast routing. What would happen otherwise is that the router will have RPF failures when the source is sending traffic because for traffic not in SSM mode a RPF lookup is done against the RP. Since no RP is configured the RPF would fail, as a workaround we can configure a static RP even though it isn’t really used it would make the RPF check pass.
R3(config)int fa0/0 R3(config-if)#ip igmp join-group 18.104.22.168
This is the debug output from R3.
IGMP(0): Send v2 Report for 22.214.171.124 on FastEthernet0/0
We can clearly see that IGMPv2 report was sent. Now we go to R2 to see if it is converting the IGMPv2 join to IGMPv3.
IGMP(0): Received v2 Report on FastEthernet0/0 from 126.96.36.199 for 188.8.131.52 IGMP(0): Convert IGMPv2 report (*, 184.108.40.206) to IGMPv3 with 1 source(s) using STATIC
It is clear that the conversion is taking place. We look in the MRIB as well.
R2# sh ip mroute | be ( (*, 220.127.116.11), 03:18:48/00:02:54, RP 0.0.0.0, flags: DCL Incoming interface: Null, RPF nbr 0.0.0.0 Outgoing interface list: FastEthernet0/0, Forward/Sparse, 03:18:48/00:02:54 Serial0/0, Forward/Sparse, 03:18:48/00:02:44 (18.104.22.168, 22.214.171.124), 03:18:26/00:02:57, flags: sTI Incoming interface: Serial0/0, RPF nbr 126.96.36.199 Outgoing interface list: FastEthernet0/0, Forward/Sparse, 03:18:26/00:02:57
We see that we now have (S,G) joins in R2! As a final step we will also verify in R1.
sh ip mroute | be ( (*, 188.8.131.52), 03:20:44/stopped, RP 0.0.0.0, flags: DCL Incoming interface: Null, RPF nbr 0.0.0.0 Outgoing interface list: Serial0/1, Forward/Sparse, 03:20:44/00:00:49 (*, 184.108.40.206), 03:20:43/stopped, RP 0.0.0.0, flags: SP Incoming interface: Null, RPF nbr 0.0.0.0 Outgoing interface list: Null (220.127.116.11, 18.104.22.168), 00:01:01/00:02:28, flags: T Incoming interface: Null, RPF nbr 0.0.0.0 Outgoing interface list: Serial0/0, Forward/Sparse, 00:01:01/00:03:27
Now the ping should be successful.
R1#ping Protocol [ip]: Target IP address: 22.214.171.124 Repeat count : 5 Datagram size : Timeout in seconds : Extended commands [n]: y Interface [All]: serial0/0 Time to live : Source address: 126.96.36.199 Type of service : Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 188.8.131.52, timeout is 2 seconds: Packet sent with a source address of 184.108.40.206 Reply to request 0 from 220.127.116.11, 16 ms Reply to request 1 from 18.104.22.168, 16 ms Reply to request 2 from 22.214.171.124, 16 ms Reply to request 3 from 126.96.36.199, 16 ms Reply to request 4 from 188.8.131.52, 16 ms
So the important thing here is to make R3 act as a pure host otherwise it will not work. This is a bit overkill for verification but I just wanted to show how it could be done.
6 thoughts on “Multicast – SSM mapping”
so though R2’s fa0/0 configured with IGMP version 3 it still can allow IGMP version 2 end hosts (R3 Fa0/0) connected to it due to backward Compatibility ?? Is my understanding correct? so if you apply IGMP extended ACL in R2′ fa0/0 interface can it block IGMP version 2 client as well?
Yes. IGMP is backwards compatible so you can run IGMPv3 for SSM and IGMPv2 for ASM. If you need SSM for IGMPv2 then you need mappings of course. You can filter both SSM and ASM with IGMP ACL depending on the syntax you use.
Thanks Daniel. Great info.
thx for your post , if i need the LAN interface on R3 to join the multicast group what should be added on R3 for SSM configuration to work properly.
Since you dont use mulitcast group from 233/8 range you need use command ip pim ssm command.
More information on about it: