Cisco – Private vLAN useful to isolate multicast sources

ciscomulticastprivate-vlanswitch

On a Cisco 3750G switch I have a number (30-ish) of video processors in a vLAN providing multicast streams to clients via a router. Because all of the machines are in the same vLAN they see each other's output, this is causing issues because of the high volume of traffic.

Is there a way to isolate the multicast traffic so it isn't sent to all of the peer servers, and just the upstream (yet allow them to be in the same vLAN and see unicast traffic)? I was thinking that a private vLAN for each server/switch-port would do the trick. What would be the side-effects of this? Or can I use multicast blocking?

In the network diagram we have unicast video sources to each server on vLAN 1 (green). The encoders process the video and provide multicast streams (unique per encoder) to clients via vLAN 2 (red) and router 1. IGMP snooping is enabled on switch 2.

The problem is that the very high volume of traffic on the red vLAN is causing issues. A previous Network Engineer tried to resolve this at one location by splitting the red vLAN into multiple vLANs. This seemed to help, but didn't really solve the issue. I would like to know if we make all of the encoder ports in the red network into isolated ports in a private vLAN, so they don't see each other's traffic, would this solve this problem.

enter image description here

The switch config is:

# show running-config

version 12.2
[...]
!
hostname swtch02
!
[...]
system mtu routing 1500
ip routing
!
ip multicast-routing distributed
!
!
port-channel load-balance src-dst-ip
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
 name video_out
!
interface GigabitEthernet1/0/1
 description encoder-1
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/2
 description encoder-2
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/3
 description encoder-3
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/4
 description encoder-4
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
[...]
!
interface Vlan2
 ip address 192.168.1.254 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
[...]
end

Best Answer

Are the sources using the same multicast address. If not make sure IGMP snooping is enabled on the switch. Private Vlans would prevent the servers from seeing each other even for unicast. If all the sources are using the same multicast address IGMP snooping would still work as long as the servers only transmit, but I am fuzzy.

Your ASA configuration:

route outside 0.0.0.0 0.0.0.0 172.16.1.1 1

This will provide a default route via the outside interface, but how will the ASA know how to reach subnets residing behind the Layer 3 Distribution Switch?

You'll need to add routes to the internal subnets via the inside interface using the Layer 3 Distribution Switch as the next-hop IP address.

ASA static routing example:

route inside 172.19.12.0 255.255.255.240 172.16.2.2
route inside 172.19.3.0 255.255.255.0 172.16.2.2
route inside 172.20.100.0 255.255.255.224 172.16.2.2

Your Cisco Router's configuration:

ip route 0.0.0.0 0.0.0.0 200.200.200.200

Additionally, how will your border router know how to reach subnets other than it's connected routes, and the catch all default route via the outside interface's next-hop address 200.200.200.200?

Router static routing example:

ip route 172.19.12.0 255.255.255.240 172.16.1.10
ip route 172.19.3.0 255.255.255.0 172.16.1.10
ip route 172.19.100.0 255.255.255.224 172.16.1.10
ip route 172.16.2.0 255.255.255.224 172.16.1.10

Vlan – Setting up PIM Sparse mode

My questions are:

Should we setup on our core network switch OSPF with a router ID of 1.1.1.1 and then not set any OSPF settings on any other switch?

OSPF is not necessary for this implementation.

Would PIM Sparse Mode only need to be enabled on the core switches or on all of the switches in the network?

Pim-SM needs to be enabled on each L3 interface on which you want to allow the multicast traffic. For example, if you wish to contain the traffic to Vlans 15 and 14, you would have to do the following on your core:

configure
ip multicast
ip igmp
ip pim sparse
interface vlan 14
ip igmp
ip pim
interface vlan 15
ip igmp
ip pim
exit

If you want the traffic to traverse all Vlans, then you will need the appropriate interface configuration under each Vlan. Your L2 switches will need IGMP snooping turned on (ideally on all interfaces via the global configuration).

configure
ip igmp snooping 
bridge multicast filtering

For a very basic multicast setup like this, these should be the only features that you would need.

Best Answer

Related Solutions

Cisco ASA Routing Issue

Your ASA configuration:

ASA static routing example:

Your Cisco Router's configuration:

Router static routing example:

Vlan – Setting up PIM Sparse mode

Related Topic