Source Specific Multicasting (SSM)

The classical PIM SM model and the Bidir model require the use of an RP because basically there is no knowledge from receivers on where and which the sources are: therefore ANY Source can Multicast (ASM) a stream. The shared tree construction is a way to limit the load on routers (see DM) and being able to support such paradigm. Anyway in many cases the location of the sources is quite limited and well known and therefore the use of a RP and Shared tree is basically complexity added just to allow receivers to not know about source location and identity.

Source Specific Multicasting (available from 12.3T and 12.4) provides a model in which actually the receivers KNOW who the Sources are and provide this information in their initial JOIN messages. Because IGMPv1 or IGMPv2 do not permit the specification of the Source, but just of the Group, this is only possible with IGMPv3 which allows the communication of both Source and Group in a join (or even a sequence of specification about many Sources to be included or to be excluded). When such more informative joins are registered by a Multicast Router there is no need to go to a central RP: the Source Tree can be joined backward, knowing the unicast location of the Source.

By definition of SSM is the receiver that specifies the Source and the Group (S,G) it joins. In this model an out of band mechanism is supposed to be available to inform the receiver about the Sources and Groups which can be joined, AND it is also required to the receiver to support IGMPv3 fully compliant OS stack.

Availability of IGMPv3 in receivers may anyway be an issue. Many applications are already working on IGMPv2 and need to be migrated (see some deployments of extra drivers for IGMPv3 lite). Further some receiver may support IGMPv3 and other not. In these cases some alternatives are possible to let the Multicast Router perform the association Group to Source, while still using IGMPv2 or IGMPv1:

– URD: based on Receivers using IGMPv2 and a URL base mechanism: routers parse the URL and retrieve Source information, building a IGMPv3 join upwards;
– IGMPv3 Mapping: based on static or DNS based mechanism. The Router registers as usual IGMPv3 but performs a DNS query to see to which Source the Group should be coupled (in this case each Group is associated to a Source, limiting Group address reuse);

NOTE: On routers IGMPv3 keeps full trace of all joiners in a segment.
NOTE: Snooping (or CGMP) techniques currently do not support IGMPv3 and will not be capable of discern a join for a same Group, different Source. In such cases it should be recommended to use different Groups for different Sources.

---

Basic SSM with IGMPv3 capable, lite or urd hosts
hostname RA
!
ip multicast-routing
!
ip pim ssm range 4 <<<< limits which groups are treated SSM
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip pim sparse-mode
ip igmp version 3 <<<< full IGMPv3
ip igmp v3lite <<<< lite IGMPv3
ip urd <<<< URD http based
ip igmp limit 2 <<<< how many stream per host
!
access-list 4 permit 224.2.151.141
!
end
(*): ip igmp limit

To limit the number of Internet Group Management Protocol (IGMP) states resulting from IGMP, IGMP Version 3 lite (IGMP v3lite), and URL Rendezvous Directory (URD) membership states on a per-interface basis, use the ip igmp limit command in interface configuration mode. To disable a configured IGMP state limit, use the no form of this command.

SSM Static and DNS MAPPING for non IGMPv3 capable hosts –
SSM mapping introduces a means for the last hop router to discover sources sending to groups. When SSM mapping is configured, if a router receives an IGMPv1 or IGMPv2 membership report for a particular group G, the router translates this report into one or more (S, G) channel memberships for the well-known sources associated with this group. SSM mapping needs to be configured ONLY on the LAST HOP router connected to receivers. Once the last hop router (typically the DR) builds the (S,G) PIM join, the network enabled for PIM SM will allow the building of the source tree.
The SSM Mapping feature allows the router to perform Group to Source lookups (statically on dynamically via DNS) and enables a IGMPv1/2 segment to act as a IGMPv3 enabled segment under the restriction that only that one active Source per Group is available. Therefore SSM mapping does not share the benefit of full SSM.
When enabling SSM mapping you should carefully evaluate if to enable IGMPv3 itself or not. When both SSM mapping and IGMPv3 are enabled, the router will send out IGMPv3 membership query messages instead of IGMPv3 membership messages. If the receiver hosts that are to be supported with SSM mapping can ONLY support IGMPv1 or IGMPv2, then enabling SSM mapping on an interface with IGMPv3 is fine: IGMPv3 membership query messages will be interpreted as IGMPv1 or IGMPv2 queries and the host will continue to report with IGMPv1 or IGMPv2 reports. However, when both SSM mapping and IGMPv3 are enabled and there are SOME hosts already supporting IGMPv3 (but NOT SSM), then they will start to send IGMPv3 group reports. These IGMPv3 group reports are not supported with SSM mapping and the router will not correctly associate sources with these reports.

Static SSM Mapping
SSM static mapping enables the configuration of the last hop router to use a “static map” to determine the sources sending to join-received groups. Static SSM mapping requires that you configure access lists (ACLs) to define group ranges. The groups permitted by those ACLs then can be mapped to sources using the “ip igmp static ssm-map” command.
hostname RA
!
ip multicast-routing
!
ip pim ssm range 4
ip igmp ssm-map enable <<<<< SSN Mapping activated
no ip igmp ssm-map query dns <<<<< No DNS queries
ip igmp ssm-map static 10 192.168.8.10 <<<<< Source to Groups_ACL
ip igmp ssm-map static 11 192.168.8.11 <<<<< Source to Groups_ACL
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip pim sparse-mode
ip igmp version 3
ip igmp v3lite
ip urd
ip igmp limit 2
!
access-list 4 permit 232.0.0.0 0.255.255.255
access-list 10 permit 232.1.0.0 0.0.255.255 <<<<< Group_ACL
access-list 11 permit 232.2.0.0 0.0.255.255 <<<<< Group_ACL
!
end

DNS-Based SSM Mapping (default behavior)
DNS-based SSM mapping enables the configuration of the last hop router to perform a “reverse DNS lookup” to determine sources sending to groups (see Figure 1). When DNS-based SSM mapping is configured, the router constructs a domain name that includes the group address G and performs a reverse lookup into the DNS. The router looks up IP address resource records (IP A RRs) to be returned for this constructed domain name and uses the returned IP addresses as the source addresses associated with this group. SSM mapping supports up to <20 sources> for each group. The router joins all sources configured for a group.
To configure DNS-based SSM mapping in Cisco IOS software, you must configure a very few global commands on the router with NO per-channel specific configuration needed. Mappings can be just added on the DNS server(s) and will be handled by the same configuration.
hostname RA
!
ip multicast-routing
!
ip pim ssm range 4
ip igmp ssm-map enable <<<<< SSN Mapping activated
ip igmp ssm-map query dns <<<<< DNS queries activated
!
ip domain multicast test.com <<<<< DNSPrefix added for queries
ip name-server 192.168.1.100 192.168.1.101 <<<<< DNS servers
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip pim sparse-mode
ip igmp version 3
ip igmp v3lite
ip urd
ip igmp limit 2
!
access-list 4 permit 232.0.0.0 0.255.255.255
!
end

NOTE: In case of IGMPv3 and/or SSM, static join of an interface can be configured. the flag “source ssm-map” indicates that the specified group is joined statically on SSM mapping basics. Therefore it will rely on static or DNS mappings to create (S,G) PIM join upwards.

NOTE: The “ip multicast boundary” list command is extended since 12.3T(11) to support extended access lists with both Source and Destination matches. This permits the boundary list to filter (S,G) combination of traffic:

interface ethernet 2/3
ip multicast boundary acc_grp6 out
!
ip access-list extended acc_grp6
permit ip host 0.0.0.0 232.1.1.1 5.0.0.255
deny udp host 181.1.2.201 host 232.1.1.5
permit ip host 181.1.2.201 host 232.1.1.5
deny pim host 181.1.2.201 host 232.1.1.5
permit ip host 181.1.2.202 host 232.1.1.5
deny igmp host 181.2.3.303 host 232.1.1.1
!
end

NOTE: Per Interface mroute State Limit allows to define a limit in the number of Mroute entries that an interface is allowed to partecipate to.

interface FastEthernet 1
ip multicast limit out 15 100
!
access-list 15 permit any