Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

deploying ip multicast vpn

advertisement 
DEPLOYING IP
MULTICAST VPN
RST-2702
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
1
Networkers Multicast Sessions
• Breakout Sessions
– RST 1701 – Introduction to IP Multicast
– RST 2701 – Deploying IP Multicast
– RST 2702 – Deploying IP Multicast VPN’s
– RST 4701 – Advanced IP Multicast
• Techtorials
– RST 2T07 – Enterprise IP Multicast
• Multicast BoF
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
2
Agenda
• Background
• Multicast VPN Fundamentals
• Multicast VPN Advanced Features
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
3
Additional Information
• http://www.cisco.com/go/ipmulticast
• MPLS and VPN Architectures Volume II
– Chapter 7 - Multicast VPN
– http://www.ciscopress.com/title/1587051125
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
4
BACKGROUND
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
5
Native IP Multicast Deployment
• IP multicast is widely deployed in enterprise
networks
– Finance
– E-learning
– Corporate Communication
– And more…
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
6
RFC2547
• Defines a scalable architecture to allow
service providers to offer L3 VPN services
to enterprise customers
• Uses MPLS to separate unicast routing and
forwarding between VPNs
RST-2702
9800_05_2004_X
7
© 2004 Cisco Systems, Inc. All rights reserved.
Deploying RFC2547 Based L3 VPNs and…
NYC
Seattle
How can I get IP
multicast traffic to
go from San Jose
to New York City
and Seattle?
RFC2547
Based Core
San Jose
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
8
How About CE-CE GRE Tunnels
VPN_A
VPN_A
CE
VPN_B
CE
MPLS Core
VPN_A
CE
PE
PE
CE
PE
PE
CE
VPN_A
CE
VPN_B
VPN_B
CE
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
9
CE-CE GRE Overlay Tunnels
• Hide VPN multicast from SP core
– No VPN multicast routing states in the core
– Customer groups can overlap
• Inherently unscalable
– Number of tunnels required to establish a full mesh
– Management of the tunnels to support incongruent
topology
• Optimal multicast routing not achieved
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
10
MULTICAST VPN
FUNDAMENTALS
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
11
Provider Benefits
• Support customer multicast traffic using
RFC2547 VPN infrastructure
• A scalable architecture based on native IP
multicast in the core
– GRE encapsulation
– MPLS or IP based core networks
• Described in draft-rosen-vpn-mcast-07 to
promote multi-vendor interoperability
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
12
Customer Benefits
• PIM adjacency with PE routers
– No CE-CE overlay tunnels
• Multicast configuration changes not required
in customer networks
• Existing customer multicast deployment not
affected
– PIM modes
– RP placement / discovery mechanisms
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
13
Building Blocks
• Multicast VRF (MVRF)
MVRF
• Multicast Domain (MD)
MD
– And Multicast Tunnel Interfaces
• Multicast Distribution Trees (MDT)
MDT
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
14
MVRF, MD and MDT
MD for VPN_A
VPN_A
VPN_A
CE
CE
VPN_B
VPN_A
CE
PE
P
PE
CE
VPN_A
CE
P
PE
VPN_B
PE
VPN_B
CE
CE
MD for VPN_B
RST-2702
9800_05_2004_X
MDT For VPN_A
One MVRF For VPN_A
MDT For VPN_B
One MVRF For VPN_B
© 2004 Cisco Systems, Inc. All rights reserved.
15
Multicast VRF (MVRF)
• Per VRF multicast routing and forwarding
• PIM/IGMP/MSDP and other multicast
protocols running in the context of the VRF
• RPF check using unicast routing information
in the same VRF
• Special configuration not required to create or
enable MVRF
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
16
Multicast Domain (MD) -- Network View
• A set of MVRFs that can send multicast traffic
to, and receive multicast traffic from each
other
• Function as a multi-access media
• One MVRF in one MD
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
17
Multicast Domain (MD) -- PE Router View
• MD “created” by explicit configuration
• Two MVRF’s cannot share the same MD on
the same PE router
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
18
Multicast Domain (MD)
• MD aggregates customer (S, G) or (*, G) in a
VPN to one or more (S, G)
G or (*, G)
G in service
provider network
• Amount of provider states a function of
– Number of VPNs
– Number of PE routers
– Not number of (S, G)/(*,G) states of all customers
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
19
Multicast Domain (MD)
• Aggregation achieved by encapsulating
customer packets, i.e. tunneling
• A multicast tunnel interface created in MVRF
• MVRF access MD via multicast tunnel
interface
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
20
Multicast Tunnel Interface
Customer B
Default MDT
239.192.10.2
MTI
PE
PE
CE B2
CE B1
RST-2702
9800_05_2004_X
PE
CE B3
21
© 2004 Cisco Systems, Inc. All rights reserved.
Multicast Tunnel Interface
•Appear as “TunnelX” in MVRF
–Treated as LAN interface
MTI
PE
CE B1
RST-2702
9800_05_2004_X
PE
CE B2
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
PE
CE B3
22
Multicast Tunnel Interface -- Properties
• Tunnel destination address a class-D address
• One multicast tunnel interface created per
MVRF
• All PE routers in the MD are PIM neighbors on
multicast tunnel interface
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
23
Multicast Tunnel Interface -- Details
• Not configurable - takes properties from
interface used for BGP peering
– Tunnel source address same as BGP peering
address
• PIM (sparse-mode or sparse-dense-mode)
always enabled
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
24
Multicast Tunnel Interface -- Details
• No unicast routing over multicast tunnel
interface
– Affects RPF check
• Traffic forwarded to interface always
encapsulated
– At present only GRE available
RST-2702
9800_05_2004_X
25
© 2004 Cisco Systems, Inc. All rights reserved.
PIM Instances and Adjacencies
Service Provider
CE
Multicast Tunnel
Interface
PEPE-CE
Customer mVRF
PEPE-PE
Customer mVRF
PEPE-P
Global
PEPE-CE
Customer mVRF
PEPE-P
Global
PE
PE
CE
Multicast Tunnel
Interface
• PE-P native multicast in core (Global PIM instance)
• PE-CE in mVRF (Per VRF PIM instance)
• PE-PE in mVRF via MTI (Per VRF PIM instance)
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
26
Multicast Distribution Tree (MDT)
• One or more multicast forwarding trees built
in the service provider network for each
Multicast Domain
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
27
Multicast Domain versus MDT -- MD
• MD created by configuration
– mdt default <a.b.c.d>
a.b.c.d> under “ip vrf <foo>”
– Multicast tunnel interface also created
• “<a.b.c.d>” called MDT Group
– Considered as MVRF identifier
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
28
Multicast Domain versus MDT -- MDT
• Multicast forwarding trees are built in the
service provider network for each MDT group
• The number of multicast forwarding trees
depends on PIM modes of MDT groups.
– MDT group ranges are administered by the service
provider
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
29
Two Types Of MDT Groups
• Default MDT Groups
– Configured for every MVRF if MPLS or IP core
network present
– Used for PIM control traffic, low bandwidth sources,
and flooding of Dense-mode traffic
• Data MDT Groups
– Optionally configured
– Used for high bandwidth sources to reduce
replication to uninterested PEs
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
30
Default MDT
CE A1
PE1
mVPN B
Default MDT
(*,239.192.10.2)
Different MDTs for each
MVPN
CE A2
PE3
CE C1
CE C2
PE2
CE B1
CE B3
CE B2
• Default MDT group configured for MVRF
• PEs join default MDT group configured locally
– E.g. PE1, PE2 and PE3 join 239.192.10.2
– MVPN appears as multicast application on PE
• PEs build default MDT in global table using standard PIM
procedures
RST-2702
9800_05_2004_X
31
© 2004 Cisco Systems, Inc. All rights reserved.
Default MDT – Multicast Tunnel Interface
Root
Leaf
PE1
mVPN B
Default MDT
(*,239.192.10.2)
PE3
PE2
Multicast Tunnel
Interfaces
CE B1
CE B2
CE B3
• Default MDT used as permanent channel for both PIM control
messages and low bandwidth streams
• Access via Multicast Tunnel Interface created in MVRF
• A PE is always a root (source) of MDT
• A PE is also a leaf (receiver) to MDT rooted on remote PEs
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
32
Default MDT – Mapping Customer States
(195.12.2.6,
239.192.0.1)
Site B1
SP
Site B3
Default
MDT
(10.2.1.3,
239.194.0.3)
(195.12.2.6,
239.192.0.5)
(*, 239.192.0.1)
Site B2
(195.12.2.8,
239.192.0.2)
(*, 239.194.0.3)
Root
Leaf
(*, 239.192.0.8)
(*, 239.192.0.2)
MTI
(10.2.1.7,
239.192.0.8)
(*, 239.192.0.5)
• All (S, G), (*, G) entries in customer VPN mapped to a single
Service Provider MDT-group
• Encapsulated packets reach every PE router in the same MD
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
33
Default MDT -- Summary
• Advantage
– Support any kind of multicast traffic within VPN
– State Aggregation
• Disadvantage
– Suboptimal traffic replication
– Need to find a way to optimize for high rate traffic
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
34
Data MDT
• Created on demand between PE routers
connecting to source and active receivers
• Optimize multicast forwarding trees in service
provider network
– More states as a tradeoff
• Data MDTs created for customer (S, G) states
only
– A new protocol required to distribute active
multicast session information
RST-2702
9800_05_2004_X
35
© 2004 Cisco Systems, Inc. All rights reserved.
Data-MDT Join message
• Announce multicast flow in VPN and MDT data group
to encapsulate the flow
• Use UDP port 3232
• Addressed to ALL-PIM-ROUTERS
• Sent to multicast tunnel interface in MVRF same as
incoming interface to source
0
7 8
Type
23 24
31
Length
Reserve
d
Customer VPN Source
Customer VPN Group
Data-MDT Group
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
36
Data MDT -- Source PE
• When traffic exceeds pre-configured
threshold, source PE router starts sending
Data MDT Join Message
– Encapsulated using MDT Default group configured
for the MVRF
– Repeated every 60 seconds as long as the traffic
rate remains over the threshold
– Received by all PEs in same MD
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
37
Data MDT -- Source PE
• Traffic will be encapsulated using Data MDT
group by source PE after 3 seconds
• Traffic stay on Data MDT for at least 60
seconds before switching back to Default
MDT if rate drops below threshold
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
38
Data MDT -- Receiver PEs
• Join Data MDT group announced by source
PE to receive encapsulated traffic
• Expire the states for Data MDT group if not
receiving Data MDT Join Messages for more
than 3 minutes
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
39
Data MDT – Non-Receiver PEs
• Cache Data MDT Join Message
– Join latency reduced when a receiver joins in future,
• Do not join the Data MDT group to avoid
receiving unwanted traffic
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
40
Example -- Creating Data MDT
High
Bandwidth
Source
New Data MDT
P-Join for Data-MDT
Default MDT
PE
CE B1
PE
CE B3
Receiver
DataData-MDT entry cached
RST-2702
9800_05_2004_X
DataMDT Join
PE
41
© 2004 Cisco Systems, Inc. All rights reserved.
Example -- Forwarding Using Data MDT
9
9
PE
Customer B
Data MDT
239.192.10.32
Customer B
Default MDT
239.192.10.2
PE
High Bandwidth
Source
8
PE
CE B1
CE B1
CE B1
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
42
Summary -- MDT Group v.s. MDT Tunnel
• A multicast tunnel interface is always created
in the context of an MVRF in order to access
the MD
• MDT Default Group configured for the MVRF
is always the default tunnel destination
address of the multicast tunnel interface
created in the MVRF
– As shown in “show int tunnel X”
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
43
Summary -- MDT Group v.s. MDT Tunnel
• When source PE sends to multicast tunnel
interface,
interface it will encapsulate packet using
either MDT Default group,
group or MDT Data
groups
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
44
Summary -- MDT Group v.s. MDT Tunnel
• When receiving PE decapsulates packet, it
uses destination address in outer header,
(MDT Default group or Data group)
group to identify
MVRF
– The incoming interface of the packets will be the
multicast tunnel interface of that MVRF
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
45
MVPN RPF -- Background
• RPF check relies on unicast routing
information
– Interface that source address is reachable on is
used
• With RFC2547 VPNs, when prefix is
connected to remote PE the outgoing
interface may not be in same VRF
• MPLS encapsulation required to forward
packet across service provider network
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
46
MVPN RPF -- Challenges
• MPLS cannot be used for multicast
– The LSP is unidirectional
– The source PE cannot resolve outgoing interface
list based on the PIM Joins received from the LSP
• Even if we could achieve the above,
– Source PE must explicitly track all other PE routers
connected to active receivers – Scaling issue
– Only a subset of PIM functionality can be
supported
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
47
MVPN RPF -- Multicast Tunnel Interfaces
• Multicast packets sent to / received from
multicast tunnel interfaces when transiting
service provider network
– MTI follows different forwarding path to unicast
packets
• No unicast routing protocol runs over
multicast tunnel interface
– MTI never appears in unicast routing table
– must modify the RPF procedure
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
48
MVPN RPF -- Resolving RPF Interface
• If outgoing interface is in same (M)VRF, it is
RPF interface towards source
– Source can be reached natively, without crossing
service provider core
• If outgoing interface is in global (M)VRF, RPF
interface is multicast tunnel interface
created in the MVRF
– Source is connected via remote PE and packets
must be sent and received via the tunnel
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
49
MVPN RPF -- Resolving RPF Neighbor
When RPF interface is multicast tunnel:
tunnel
• Remote PE must be BGP next hop to source
– PE can build multicast forwarding trees towards
source
• Remote PE must also be PIM neighbor on
multicast tunnel interface
– PE in same MD
– PE capable of encapsulating and decapsulating
packets
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
50
MVPN RPF Example
PIM Adjacency is
194.22.15.1
Default MDT
CE B1
CE B3
PE
lo0: 194.22.15.1
PE
Receiver
VPN Source
151.10.0.5
Tunnel 0
PE
VRF Route Table
Network
BGP Next Hop
151.10.0.0/16
194.22.15.1
198.14.32.0/24
194.22.15.2
204.1.16.0/24
194.22.15.3
• If VPN Source has BGP next hop
then set RPF interface to MTI
–RPF Interface = Tunnel 0
• If PIM Adjacency is BGP next hop
for VPN Source
–RPF Neighbour = 194.22.15.1
• Information is cached!
RST-2702
9800_05_2004_X
51
© 2004 Cisco Systems, Inc. All rights reserved.
MVPN Packet Encapsulation
P-Packet
C-Packet
Src = 195.12.2.6
Grp = 239.255.020
C-Packet
Src = 194.22.15.2
Grp = 239.192.10.1
Src = 195.12.2.6
Grp = 239.255.0.20
C-Packet
C-Packet
S G
S G S G
C-Packet S G
C-Join (*, 239.255.0.20)
GRE header
and trailer
CE B3
CE B1
Receiver
Source
195.12.2.6
Lo0 = 194.22.15.2
MDT-Group = 239.192.10.1
PE
PE
• Forwarding on the MDT uses GRE, C-packet becomes a P-Packet
• P-Packet
S address := PE’s BGP peering address
G address := MDT-Group address (Default or Data)
• C-Packet IP TOS will be copied to P-Packet
• MPLS labels are NOT used in core, only native multicast
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
52
MVPN Forwarding C-packets (from CE)
1
3
4
Source
CE
PE
Default MDT
239.192.10.2
PE
CE
Receiver
Receiver
CE
2
PE
1
C-Packet arrives on VRF configured PE interface, mVRF is implicitly
identified. Normal RPF check on C-source
2
C-packet replicated to interfaces in the olist. This would be PE
interfaces in the same VRF
3
If olist contains an MTI, then C-packet encapsulated into a P-packet.
Source is PE BGP peer address. Destination is MDT Group address
4
The P-packet forwarded through P-network as normal multicast
RST-2702
9800_05_2004_X
53
© 2004 Cisco Systems, Inc. All rights reserved.
MVPN Forwarding P-packets (from P-network)
1
3
4
Source
CE
PE
Default MDT
239.192.10.2
PE
CE
Receiver
Receiver
2
CE
PE
1
P-packet arrives from global interface. Global (S, G) or (*, G) entry for
MDT-group referenced. Normal RPF check on P-source (PE peer)
2
P-packet replicated to interfaces in the olist. This would be P/PE
interface in the global mrouting table
3
If required, P-packet decapsulated to reveal C-packet. Target mVRF
and incoming interface (MTI) derived from MDT-group
4
RPF check of C-packet in mVRF done, C-packet replicated to olist in
mVRF
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
54
MVPN CONFIGURATION
EXAMPLES
RST-2702
9800_05_2004_X
55
© 2004 Cisco Systems, Inc. All rights reserved.
New State Flags For (*, G)/(S, G) Entries
Definition
Z
Multicast
Tunnel
Description
Signifies the (*, G) (S, G) entry in the global
table is an MDT and local PE has a matching
MDT group associated with mVRF. IF Z is set
then arriving packets must be decapsulated
to reveal customer multicast packet
Y
Joined
Data-MDT
Signifies traffic for (S, G) entry in mVRF is
received from Data-MDT
y
Sending to
Data-MDT
Signifies traffic for (S, G) entry in mVRF is
transmitted to Data-MDT
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
56
Bidir-PIM For MDT Default Group 239.192.10.2
SM For MDT Data Group 239.192.20.32
Data-MDT
(*, 239.192.20.32)
Tunnel 0
Tunnel 0
Serial 0/0
Ethernet 5/0
CE
Default MDT
(*, 239.192.10.2
PE
CE
194.22.15.1
Serial 4/0
Serial 2/0
PE
194.22.15.2, RP
Receiver for
239.255.0.20
High Bandwidth
Source
196.7.25.12
mVRF State Entry
Flag
(*, 239.255.0.20)
(196.7.25.12, 239.255.0.20)
RST-2702
9800_05_2004_X
192.168.2.24/30
PE
194.22.15.3
Customer B
RP:196.7.25.1
Y
Global State Entry
Flag
mVRF State Entry
(*, 239.192.10.2)
Z
(*, 239.255.0.20)
(*,239.192.20.32)
Z
(196.7.25.12, 239.255.0.20)
Flag
y
Down the Tree
57
© 2004 Cisco Systems, Inc. All rights reserved.
MVRF Configuration On PE
Tunnel 0
Data-MDT
(*, 239.192.20.32)
Tunnel 0
Serial 0/0
Ethernet 5/0
CE
PE
Default MDT
(*, 239.192.10.2
PE
Customer B
RP:196.7.25.1
192.168.2.24/30
CE
ip multicast-routing vrf CustomerB
ip vrf CustomerB
Serial 4/0
rd 100:27
route-target export 100:27
PE #2 and RP
route-target import 100:27
194.22.15.2
mdt default 239.192.10.2
mdt data 239.192.20.32 0.0.0.15 threshold 1 [list <acl
>]
<acl>]
High Bandwidth
Source
196.7.25.12
interface serial0/0
ip vrf forwarding CustomerB
ip address 192.168.2.26 255.255.255.252
ip pim sparse-mode
ip pim vrf CustomerB rprp-address 196.7.25.1
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
58
“Show interface” Output For MDT Tunnel
Tunnel 0
Data-MDT
(*, 239.192.20.32)
Tunnel 0
Serial 0/0
Ethernet 5/0
CE
Default MDT
(*, 239.192.10.2
PE
PE
Customer B
RP:196.7.25.1
192.168.2.24/30
CE
194.22.15.3
Serial 4/0
PE
PE #2 and RP
PE1#show
Receiver
forinterface tunnel0
194.22.15.2
Tunnel0 is up, line protocol is up
239.255.0.20
High Bandwidth
Hardware is Tunnel
Source
Interface is unnumbered. Using address of Loopback0 (194.22.15.1)
196.7.25.12
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 194.22.15.1 (Loopback0), destination 239.192.10.2,
239.192.10.2 fastswitch TTL 255
Tunnel protocol/transport GRE/IP Multicast, key disabled, sequencing disabled
Checksumming of packets disabled, fast tunneling enabled
RST-2702
9800_05_2004_X
59
© 2004 Cisco Systems, Inc. All rights reserved.
PIM Adjacency In MVRF
Tunnel 0
Data-MDT
(*, 239.192.20.32)
Tunnel 0
Serial 0/0
Ethernet 5/0
CE
Default MDT
(*, 239.192.10.2
PE
PE
Customer B
RP:196.7.25.1
192.168.2.24/30
CE
194.22.15.3
Serial 4/0
PE
194.22.15.2, RP
Receiver for
239.255.0.20
PE 1#show ip pim vrf CustomerB interface
Address
Interface
Mode
192.168.2.26 Serial0/0
194.22.15.1 Tunnel0
RST-2702
9800_05_2004_X
Ver/
Nbr
Count
v2/S 1
v2/SD 2
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
High Bandwidth
Source
196.7.25.12
Query DR DR
Intvl Prior
30
1
0.0.0.0
30
1
194.22.15.3
60
MDT Default Group State On Source PE
Tunnel 0
Data-MDT
(*, 239.192.20.32)
Tunnel 0
Serial 0/0
Ethernet 5/0
CE
Default MDT
(*, 239.192.10.2
PE
Customer B
RP:196.7.25.1
192.168.2.24/30
PE
CE
194.22.15.3
Serial 2/0
Serial 4/0
Receiver for
239.255.0.20
RST-2702
9800_05_2004_X
PE
PE 1#show ip mroute 239.192.10.2
IP Multicast Routing Table
Flags: <…> Z - Multicast Tunnel
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
High Bandwidth
Source
196.7.25.12
(*,
*, 239.192.10.2),
Z
239.192.10.2 06:00:44/00:03:22, RP 194.22.15.2, flags: BCZ
Bidir-Upstream: Serial2/0, RPF nbr 194.22.15.2
Outgoing interface list:
Serial2/0, Forward/Sparse-Dense, 06:00:45/00:02:31
MVRF
CustomerB, Forward/Sparse-Dense, 06:00:44/00:00:00
© 2004 Cisco Systems, Inc. All rights reserved.
61
MDT Default Group On Receiver PE
Tunnel 0
Data-MDT
(*, 239.192.20.32)
Tunnel 0
Serial 0/0
Ethernet 5/0
CE
PE
Default MDT
(*, 239.192.10.2
PE
Customer B
RP:196.7.25.1
192.168.2.24/30
CE
194.22.15.1
PE
Receiver for
239.255.0.20
RST-2702
9800_05_2004_X
PE 3#show ip mroute 239.192.10.2
IP Multicast Routing Table
Flags: < … > Z - Multicast Tunnel
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*,
*, 239.192.10.2),
Z
239.192.10.2 1d18h/00:03:23, RP 194.22.15.2, flags: BCZ
Bidir-Upstream: Serial4/0, RPF nbr 194.22.15.2
Outgoing interface list:
Serial4/0, Forward/Sparse, 1d18h/00:02:30
MVRF
CustomerB, Forward/Sparse, 1d18h/00:00:00
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
High Bandwidth
Source
196.7.25.12
62
MVRF Mroute State On Source PE
Tunnel 0
Data-MDT
(*, 239.192.20.32)
Tunnel 0
Serial 0/0
Ethernet 5/0
CE
Default MDT
(*, 239.192.10.2
PE
Customer B
RP:196.7.25.1
192.168.2.24/30
PE
CE
194.22.15.3
Serial 4/0
Receiver for
239.255.0.20
PE
PE1#show ip mroute vrf CustomerB
IP Multicast Routing Table
Flags: < … > Z - Multicast Tunnel
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
High Bandwidth
Source
196.7.25.12
(196.7.25.12,
196.7.25.12, 239.255.0.20),
y
239.255.0.20 1d18h/00:03:22, flags: Ty
Incoming interface: Serial0/0, RPF nbr 196.7.25.1
Outgoing interface list:
Tunnel0, Forward/Sparse-Dense, 1d18h/00:02:50
RST-2702
9800_05_2004_X
63
© 2004 Cisco Systems, Inc. All rights reserved.
MDT Data Group State On Source PE
Tunnel 0
Data-MDT
(*, 239.192.20.32)
Tunnel 0
Serial 0/0
Ethernet 5/0
CE
Default MDT
(*, 239.192.10.2
PE
PE
Customer B
RP:196.7.25.1
192.168.2.24/30
CE
194.22.15.3
Serial 4/0
Receiver for
239.255.0.20
PE
PE 1#show ip mroute 239.192.20.32
IP Multicast Routing Table
Flags: <…> Z - Multicast Tunnel
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
High Bandwidth
Source
196.7.25.12
(194.22.15.1,
194.22.15.1, 239.192.20.32),
239.192.20.32 06:00:44/00:03:22, flags: T
Incoming interface: Loopback0, RPF nbr 194.22.15.1
Outgoing interface list:
Serial0/2, Forward/Sparse-Dense, 06:00:45/00:02:31
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
64
MVRF Mroute State Receiver PE
Tunnel 0
Data-MDT
(*, 239.192.20.32)
Tunnel 0
Serial 0/0
Ethernet 5/0
CE
PE
Default MDT
(*, 239.192.10.2
PE
Customer B
RP:196.7.25.1
192.168.2.24/30
CE
194.22.15.1
PE
Receiver for
239.255.0.20
PE 3#show ip mroute vrf CustomerB
IP Multicast Routing Table
Flags: < … > Z - Multicast Tunnel
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
High Bandwidth
Source
196.7.25.12
(196.7.25.12,
196.7.25.12, 239.255.0.20),
Y
239.255.0.20 4d01h/00:03:27, flags: TY
Incoming interface: Tunnel0, RPF nbr 194.22.15.1
Outgoing interface list:
Ethernet5/0, Forward/Sparse, 4d01h/00:03:27
RST-2702
9800_05_2004_X
65
© 2004 Cisco Systems, Inc. All rights reserved.
MDT Data Group State On Receiver PE
Tunnel 0
Data-MDT
(*, 239.192.20.32)
Tunnel 0
Serial 0/0
Ethernet 5/0
CE
PE
Default MDT
(*, 239.192.10.2
PE
Customer B
RP:196.7.25.1
192.168.2.24/30
CE
194.22.15.1
PE
Receiver for
239.255.0.20
PE3#show ip mroute 239.192.20.32
IP Multicast Routing Table
Flags: < … > Z - Multicast Tunnel
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
High Bandwidth
Source
196.7.25.12
(*,
*, 239.192.20.32),
Z
239.192.20.32 1d18h/00:03:22, RP 194.22.15.2, flags: SZ
Incoming interface: Serial4/0, RPF nbr 194.22.15.2
Outgoing interface list:
MVRF CustomerB, Forward/Sparse, 1d18h/00:00:00
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
66
MULTICAST VPN ADVANCED
FEATURES
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
67
MVPN Advanced Features
• SSM For MDT Groups
• Inter-AS MVPN
• Extranet
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
68
SSM FOR MDT GROUPS
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
69
Overview
• PIM-SSM mode can be configured for group
ranges used for MDT Default or MDT Data
Groups
• For MDT Data Groups,
Groups source discovery is
embedded in the packets containing Data
MDT Join Message
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
70
Advantages
• Permits PE to directly join to a source tree
rooted at another PE for MDT
• No Rendezvous Points are needed in service
provider network
– Reduce forwarding delay
– Avoid management overhead to administer
group/RP mapping and redundant RPs for
reliability
– Eliminate potential point of failure
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
71
SSM For MDT Default Groups
• SSM requires PE to join an (S, G) not (*, G)
– G already known -- configured as MDT Default Group
– PE does not directly know S, or identities of other PE routers
in same MD
• Use MP-BGP to distribute the information
– Earlier (pre
pre 12.0(29)S)
12.0(29)S IOS use extended community attributes
– Newer IOS use a new BGP address family
– SAFI capability negotiated by BGP peers
– New implementation interoperates with old
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
72
SSM Using Extended Community Attribute
• MDT Default Group encoded using BGP MDT
extended community attribute (value 0x9)
• Source PE encoded using MP_REACH_NLRI
attribute (like VPNv4 route)
• Route Distinguisher type 0x2 used to
distinguish above from normal VPNv4 route
• Propagation limited within one AS
RST-2702
9800_05_2004_X
73
© 2004 Cisco Systems, Inc. All rights reserved.
SSM Using Extended Community Attribute
Global State Entry
SSM P-Join
(194.22.15.1, 239.192.10.2)
Flag
(194.22.15.1, 239.192.10.2)
Z
(194.22.15.3, 239.192.10.2)
Z
Source
CE B1
PE3
Default MDT
(194.22.15.1,
239.192.10.2)
PE1
Receiver (Cust B)
Lo0 = 194.22.15.3
CE B3
Lo0 = 194.22.15.1
PE2
No corresponding MVRF
configured, so PE2 just
cache the information
MP-iBGP update
RD = 2:100:27
RT = MDT:100:239.192.10.2
Net = 194.22.15.1
NH = 194.22.15.1
• When Default MDT configured – MP-BGP update is sent
• Non SSM peers just cache the info
• Same process happens from PE3 to PE1
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
74
BGP VPNv4 MDT Entries for SSM
Global State Entry
Flag
(194.22.15.1, 239.192.10.2)
Z
(194.22.15.3, 239.192.10.2)
Z
Source
CE B1
PE3
Default MDT
(194.22.15.1,
239.192.10.2)
PE1
Receiver (Cust B)
Lo0 = 194.22.15.3
CE B3
Lo0 = 194.22.15.1
PE2
PE 2# show ip bgp vpnv4 all
Route Distinguisher: 2:100:27
*>i194.22.15.1/32
194.22.15.1
*> 194.22.15.2/32
0.0.0.0
*>i194.22.15.3/32
194.22.15.3
RST-2702
9800_05_2004_X
100
100
0 ?
0 ?
0 ?
75
© 2004 Cisco Systems, Inc. All rights reserved.
BGP VPNv4 MDT Entries for SSM
Global State Entry
Flag
(194.22.15.1, 239.192.10.2)
Z
(194.22.15.3, 239.192.10.2)
Z
Source
CE B1
PE3
Default MDT
(194.22.15.1,
239.192.10.2)
Receiver (Cust B)
Lo0 = 194.22.15.3
PE1
CE B3
Lo0 = 194.22.15.1
PE2
PE 2# show ip bgp vpnv4 all 194.22.15.1
BGP routing table entry for 2:100:27:194.22.15.1/32,
2:100:27:194.22.15.1/32 version 38
Paths: (1 available, best #1, no table, not advertised to EBGP peer)
Not advertised to any peer
Local
194.22.15.1 (metric 66) from 194.22.15.1 (194.22.15.1)
Origin incomplete, localpref 100, valid, internal, mdt,
mdt no-import, best
Extended Community: RT:100:27 MDT:100:239.192.10.2
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
76
Default MDT Entry Using SSM
Global State Entry
Flag
(194.22.15.1, 239.192.10.2)
Z
(194.22.15.3, 239.192.10.2)
Z
Source
CE B1
Default MDT
(194.22.15.1,
239.192.10.2)
PE3
PE1
Receiver (Cust B)
= 194.22.15.3
PE 3#Lo0
show
ip mroute
CE B3
Lo0 = 194.22.15.1
IP Multicast Routing Table
PE2
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
. . .
U - URD, I - Received Source Specific Host Report,
Report Z - Multicast Tunnel
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(194.22.15.1, 239.192.10.2),
IZ
239.192.10.2) 00:03:02/00:02:57, flags: sTIZ
Incoming interface: Serial0/2, RPF nbr 194.22.15.2
Outgoing interface list:
MVRF CustomerB, Forward/Sparse-Dense, 00:03:02/00:00:00
RST-2702
9800_05_2004_X
77
© 2004 Cisco Systems, Inc. All rights reserved.
SSM Using New BGP Address Family
• Implemented in 12.0(29)S, along with Inter-AS MVPN
support
• BGP MDT SAFI (value 66)
• Source PE address and MDT Default Group encoded in
NLRI (similar to VPNv4 in format)
– RD is the same as that of the MVRF for which the MDT Default
Group is configured
0
7 8
23 24
31
RD (8 octets)
Source PE address (4octets)
Default MDT Group (4 octets)
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
78
Configuring MDT SAFI
!
address-family ipv4 mdt
neighbor 194.22.15.3 activate
exit-address-family
!
RST-2702
9800_05_2004_X
79
© 2004 Cisco Systems, Inc. All rights reserved.
BGP VPNv4 MDT Entries for SSM
Global State Entry
Flag
(194.22.15.1, 239.192.10.2)
Z
(194.22.15.3, 239.192.10.2)
Z
Source
CE B1
PE3
Default MDT
(194.22.15.1,
239.192.10.2)
PE1
Receiver (Cust B)
Lo0 = 194.22.15.3
CE B3
Lo0 = 194.22.15.1
PE2
PE 2# show ip bgp ipv4 mdt all
Route Distinguisher: 100:27
*>i194.22.15.1/32
194.22.15.1
*> 194.22.15.2/32
0.0.0.0
*>i194.22.15.3/32
194.22.15.3
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
100
100
0 ?
0 ?
0 ?
80
BGP VPNv4 MDT Entries for SSM
Global State Entry
Flag
(194.22.15.1, 239.192.10.2)
Z
(194.22.15.3, 239.192.10.2)
Z
Source
CE B1
PE3
Default MDT
(194.22.15.1,
239.192.10.2)
Receiver (Cust B)
Lo0 = 194.22.15.3
PE1
CE B3
Lo0 = 194.22.15.1
PE2
PE 2#show ip bgp ipv4 mdt all 239.192.10.2
BGP routing table entry for 100:27
100:27:194.22.15.1/32,
:194.22.15.1/32 version 38
Paths: (1 available, best #1, no table, not advertised to EBGP peer)
Not advertised to any peer
Local
194.22.15.1 (metric 66) from 194.22.15.1 (194.22.15.1)
Origin incomplete, localpref 100, valid, internal, mdt,
mdt no-import, best
MDT group address: 239.192.10.2
239.192.10.2
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
81
INTER-AS MVPN
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
82
Inter-AS MPLS/VPN
Provide connectivity for all VPN-X sites
RR-A
RR-B
SP-A
ASBR-A
PE-A1
???????
PE-A2
CE-2
CE-1
VPN-X
SP-B
ASBR-B
PE-B1
CE-3
VPN-X
VPN-X
RST-2702
9800_05_2004_X
PE-B2
© 2004 Cisco Systems, Inc. All rights reserved.
CE-4
VPN-X
83
Inter-AS MPLS/VPN Options
Three options for unicast listed in
draft-ietf-l3vpn-rfc2547bis
A. Back-to-back ASBR-PEs
B. ASBRs exchanging VPNv4 routes
C. VPNv4 routes via multi-hop MP-eBGP
All three options must be supported
for multicast packets
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
84
Inter-AS Option A
Back-to-back ASBR-PEs
PE-ASBR-A
RR-A
PE-A1
1 logical int per VPN
ASBR-A
SP-A
PE-ASBR-B
ASBR-B
PE-A2
CE-2
CE-3
VPN-Y
VPN-X
SP-B
IPv4
CE-4
VPN-Y
VPN-X
RST-2702
9800_05_2004_X
PE-B2
PE-B1
IPv4 VPN routes:
IGP/BGP/static
CE-1
RR-B
85
© 2004 Cisco Systems, Inc. All rights reserved.
Inter-AS Option B
ASBRs exchanging VPNv4 routes
VPNv4 SP-A/SP-B:
EBGP vpnv4
RR-A
RR-B
SP-A
SP-B
ASBR-A
PE-A1
NH for vpnv4
PE-A2
CE-1
VPN-X
ASBR-B
ASBRs can:
• Set next hop self
• Redistribute connected subnets
CE-2
PE-B2
PE-B1
CE-3
CE-4
VPN-Y
VPN
Label
VPN-X
VPN-Y
IPv4
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
86
Inter-AS Option C
VPNv4 routes via multi-hop MP-eBGP
vpv4 SP-A/SP-B:
EBGP vpnv4 next hop unchanged !
RR-A
PE-A1
RR-B
SP-A
ASBR-A
PE-A2
CE-1
VPN-X
ASBR-B
IPv4 SP-A/SP-B LOs:
IGP/static + LDP
EBGP ipv4 + label
CE-2
VPN-Y
SP-B
PE-B1
CE-3
IGP
Label
PE-B2
VPN-X
CE-4
VPN-Y
VPN
Label
IPv4
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
87
Inter-AS MVPN Requirement
• All options available for unicast traffic must
be supported for multicast
– Protocol enhancement required
• If MVPN packets are encapsulated when
forwarded between ASBRs, Multicast Domain
must be built across multiple AS’es
– InterInter-AS MDT
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
88
Challenges -- RPF For Sources Inside MVPN
• In the context of MVPN, PIM RPF neighbor for
source must be PE, not ASBR
– ASBR doesn’t have VRF configured, nor multicast
tunnels created. Doesn’t participate in any MD thus
cannot receive or process PIM control packets sent
to multicast domain
• ASBR may rewrite BGP Next Hop attributes
for VPNv4 prefixes
– Next hop information from unicast routing table
points to ASBR, not PE router originating prefix
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
89
Challenges -- Inter-AS MDT
• P routers maintain IGP routes from within the
AS
– Doesn’t maintain routing information to PE routers
in other AS (unless the prefixes are redistributed)
– Cannot process PIM messages for (PE
PE, MDT-Group)
when PE is in other AS
• ASBRs may not install PE prefixes from other
AS in unicast routing table
– Cannot propagate (PE
PE, MDT-Group) to other AS
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
90
Option A: Back-to-back ASBR-PEs
• Native IP forwarding between ASBRs
– Protocol change not required
– Inter-AS MDT not required
• MDT limited to one AS
– No issue with managing MDT group ranges
between AS
– No issue with RPF
• VRF created on the ASBRs
– Not scalable
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
91
Option B: ASBR Exchanging VPNv4 Routes
• VRFs not created on ASBRs
– Packets must be encapsulated when forwarded
between ASBRs – need interinter-AS MDT
• PE routers may not be reachable natively
from other AS
– How to build interinter-AS MDT when a P router doesn’
doesn’t
have routing information to reach a remote PE
• ASBRs store all VPNv4 routes and modify
BGP Nexthop of VPNv4 routes
– How to RPF to source inside an MVPN?
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
92
Option C: VPNv4 Routes via Multi-Hop MP-eBGP
• VRFs are not created on ASBRs
– Packets must be encapsulated when forwarded
between ASBRs – need interinter-AS MDT
• PE routers may not be reachable natively
from another AS
– Again, how to build interinter-AS MDT?
• (Typically) RRs store all VPNv4 routes and
preserve BGP Nexthop of VPNv4 routes
– Less impact on RPF to a source inside an MVPN
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
93
Inter-AS MVPN – Option B & C Summary
• Need solution to RPF to source reachable via
PE router in remote AS
– Specific for option B
– Not applicable for option C
– Solution: Use BGP Connector Attribute
• Need solution to build inter-AS MDT
– For both option B and C
– Leverage BGP MDT SAFI
– Solution: Use PIM RPF Vector
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
94
Inter-AS MVPN Solution Overview
• Introduce Connector attribute to MP-BGP
– Help preserve identity of PE router originating
VPNv4 prefix
• Leverage BGP MDT SAFI
– Help ASBRs RPF to source PEs in remote AS
– Help ASBRs and receiver PEs insert RPF Vector to
build MDT for source PEs in remote AS
• Introduce RPF Vector to PIM
– Help P routers build MDT to source PEs in remote
AS
RST-2702
9800_05_2004_X
95
© 2004 Cisco Systems, Inc. All rights reserved.
RPF Without BGP Connector Attribute
ASBR1 (20.0.0.1) rewrites NextHop:
NLRI = 46.0.0.0/8
NextHop = 20.0.0.1
AS 1
ASBR2 (20.0.0.2) rewrites NextHop:
NLRI = 46.0.0.0/8
ASBR1
NextHop = 20.0.0.2
PE1
ASBR2
PE1 (10.0.0.1) announces:
P1
AS 2
NLRI = 46.0.0.0/8
NextHop = 10.0.0.1
PE2
MDT created for MVPN
PE1 and PE2 become PIM
Neighbors
RST-2702
9800_05_2004_X
ASBR2 (20.0.0.2
20.0.0.2) is the next hop to
46.0.0.0/8, but PE1 (10.0.0.1) is the PIM
neighbor. RPF to 46.0.0.0/8 fails
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
Need to preserve
BGP address of
PE originating
46.0.0.0/8
96
BGP Connector Attribute
• Transitive attribute
• Store PE router which originates VPNv4 prefix
– In local AS, it is the same as Next Hop Attribute
– When advertised to another ASBR (with option B), its value is
preserved (Next Hop attributes are rewritten by ASBRs)
– Help ASBRs and receiver PEs insert RPF Vector to build MDT
for source PEs in remote AS
0
7 8
23 24
AFI
SAFI
31
Value
Variable length Value field contains
IPv4 or IPv6 address
Which is the originating router
RST-2702
9800_05_2004_X
97
© 2004 Cisco Systems, Inc. All rights reserved.
RPF Using BGP Connector Attribute
ASBR1 (20.0.0.1) rewrites NextHop:
NLRI = 46.0.0.0/8
NextHop = 20.0.0.1, Connector = 10.0.0.1
AS 1
ASBR2 (20.0.0.2) rewrites NextHop:
NLRI = 46.0.0.0/8
ASBR1
NextHop = 20.0.0.2, Connector = 10.0.0.1
PE1
ASBR2
PE1 (10.0.0.1) announces:
P1
AS 2
NLRI = 46.0.0.0/8
NextHop = 10.0.0.1
Connector = 10.0.0.1
MDT created for MVPN
PE1 and PE2 become PIM
Neighbors
RST-2702
9800_05_2004_X
PE2
ASBR2 (20.0.0.2
20.0.0.2) is the next hop to 46.0.0.0/8, but PE2 uses
Connector (=10.0.0.1) to identify PE1 as the originating router.
Since PE1 is also a known PIM neighbor, RPF for (10.0.0.1)
succeeds.
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
98
Inter-AS MVPN BGP MDT SAFI
• Advertise BGP MDT SAFI across AS boundaries
– Independent of advertisement of VPNv4 routes when RR and
multi-hop EBGP peering used
– Processed and filtered like VPNv4 routes
• ASBRs store path in separate table
– How SAFI is advertised determine RPF path to PE router
originating SAFI
• PEs also store path in separate table
– Allows PEs to figure out exit ASBR to source PE
RST-2702
9800_05_2004_X
99
© 2004 Cisco Systems, Inc. All rights reserved.
Inter-AS MVPN PIM RPF Vector
• Encoded as part of source address in PIM Join/Prune
messages
• IGP next hop for PIM RPF neighbor in PIM Join/Prune
messages
• Typically the exit ASBR to prefix in a remote AS
• Can be used natively in non-VPN environment, or
combined with RD in VPN environment
0
7 8
AddrFam
23 24
Encode
Rsvd/Fla
g
31
MaskLen
Source Address
RPF Vector
RD
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
100
Originating PIM RPF Vector
• Router doing RPF lookup of source can find
origin of route
• If origin is from BGP Next Hop this can be
used as RPF Vector in PIM join
– On the originating router, RPF Vector is learned
from BGP
– In MVPN, it is learned from BGP MDT SAFI
– In native environment, it can be learned from BGP
SAFI=1 or =2
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
101
Originating PIM RPF Vector
• Decide RPF vector inclusion by configuration
– It is unknown if upstream router runs BGP
• Routers understanding RPF Vector format
advertise this in PIM Hello
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
102
Receiving PIM RPF Vector
• Router receiving RPF Vector join needs to
store vector
– P routers learn RPF Vector from PIM RPF Vector joins
– When multiple Vectors are received, the one from the lower
originator address is used
• When RPF vector present it is used and takes
priority
• Need to do periodic / triggered RPF check and
re-advertise RPF Vector upstream
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
103
Receiving PIM RPF Vector
• Multiple P routers may be connected – RPF
Vector needs to be advertised to each
• If router receives RPF Vector referencing local
interface RPF Vector is ignored and normal
lookup performed
– Typically happens on ASBR
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
104
ASBR Receiving PIM RPF Vector
• ASBR receives PIM join with vector owned by
local interface (probably loopback)
• Vector discarded and normal RPF lookup
performed
• If RD is present, RPF lookup is done in BGP
MDT table – built from BGP MDT SAFI
– Lookup using both RD and source address in the
PIM message
RST-2702
9800_05_2004_X
105
© 2004 Cisco Systems, Inc. All rights reserved.
PIM RPF Vector -- Interoperability
• New PIM Hello option to indicate capability to
process RPF Vector
• RPF Vector only included in PIM messages
when all PIM neighbors on RPF interface
support it
PE 2#show ip pim neighbor
PIM Neighbor Table
Neighbor Interface
Address
30.0.2.1
Ethernet0/0
RST-2702
9800_05_2004_X
Uptime/Expires
Ver
19:06:35/00:01:22 v2
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
DR
Priority/Mode
1/V
106
PIM RPF Vector -- Configuration
!
! To enable RPF Vector in the global table
!
ip multicast rpf vector
!
!
!
! To enable RPF vector when PE loopbacks are not
! leaked into other AS (vrf specific)
!
ip multicast vrf foo rpf inter-as
!
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
107
Example -- Setting Up Inter-AS MDT
• Option B (ASBR exchanging VPNv4 routes)
• Nexthop Self On ASBR
• SSM MDT Default Group
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
108
Inter-AS MDT -- BGP Updates
MP-eBGP
Peering,
exchanging
VPNv4 routes
MP-iBGP
Peering
MP-iBGP
Peering
P2
P1
ASBR1
PE1
ASBR2
AS-2
AS-1
PE2
CE1
CE2
10.0.0.0/8
11.0.0.0/8
RST-2702
9800_05_2004_X
109
© 2004 Cisco Systems, Inc. All rights reserved.
Inter-AS MDT -- BGP Updates
VPNv4
From PE1 to ASBR1
RD 2004:7,
2004:7 PREFIX 10.0.0.0/8,
10.0.0.0/8 NEXTHOP PE1,
PE1 CONN PE1
MDT SAFI
RD 2004:7,
2004:7 PREFIX PE1,
PE1 MDT 232.0.0.1,
232.0.0.1 NEXTHOP PE1
MP-iBGP
Peering
P2
P1
ASBR1
PE1
AS-1
CE1
AS-2
PE2
CE2
10.0.0.0/8
RST-2702
9800_05_2004_X
ASBR2
11.0.0.0/8
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
110
Inter-AS MDT -- BGP Updates
VPNv4
MP-eBGP
Peering,
exchanging
VPNv4 routes
From ASBR1 to ASBR2
RD 2004:7,
2004:7 PREFIX 10.0.0.0/8,
10.0.0.0/8
NEXTHOP ASBR1.1, CONN PE1
MDT SAFI
RD 2004:7,
2004:7 PREFIX PE1,
PE1
MDT 232.0.0.1,
232.0.0.1 NEXTHOP ASBR1.1
P2
P1
ASBR1
PE1
ASBR2
AS-2
AS-1
PE2
CE1
CE2
10.0.0.0/8
11.0.0.0/8
RST-2702
9800_05_2004_X
111
© 2004 Cisco Systems, Inc. All rights reserved.
Inter-AS MDT -- BGP Updates
From ASBR2 to PE2
VPNv4
RD 2004:7,
2004:7 PREFIX 10.0.0.0/8,
10.0.0.0/8 NEXTHOP ASBR2.1,
CONN PE1
MDT SAFI
MP-iBGP
Peering
RD 2004:7,
2004:7 PREFIX PE1,
PE1 MDT 232.0.0.1,
232.0.0.1 NEXTHOP
ASBR2.1
P2
P1
ASBR1
PE1
AS-1
CE1
AS-2
PE2
CE2
10.0.0.0/8
RST-2702
9800_05_2004_X
ASBR2
11.0.0.0/8
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
112
Inter-AS MDT -- PIM
PIM Join
From PE2 to P2
Source PE1, RD 2004:7, Group 232.0.0.1
RPF Neighbor P2,
P2 RPF Vector ASBR2.1
Source PE1,
PE1 RD 2004:7,
2004:7
Group 232.0.0.1 are
learned from BGP MDT
SAFI Updates
Also from the same BGP
SAFI Updates, RPF Vector
ASBR2.1 is learned as the
exit router to source PE1
and RD 2004:7
P2
P1
ASBR1
PE1
RPF Neighbor P2 is
learned via IGP as the
next hop to reach
ASBR2.1 which is
inserted as RPF Vector
ASBR2
AS-2
AS-1
PE2
CE1
CE2
10.0.0.0/8
11.0.0.0/8
RST-2702
9800_05_2004_X
113
© 2004 Cisco Systems, Inc. All rights reserved.
Inter-AS MDT -- PIM
From P2 to ASBR2
PIM Join
Source PE1,
PE1 RD 2004:7,
2004:7 Group 232.0.0.1
RPF Neighbor ASBR2,
ASBR2 RPF Vector ASBR2.1
Source PE1 is not
reachable on P2
But RPF Vector ASBR2.1
is reachable and the next
hop is ASBR2 as learned
from IGP
P2
P1
ASBR1
PE1
AS-1
CE1
ASBR2
AS-2
PE2
CE2
10.0.0.0/8
RST-2702
9800_05_2004_X
Using ASBR2 as the PIM
next hop to forward the
join
11.0.0.0/8
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
114
Inter-AS MDT -- PIM
From ASBR2 to ASBR1
PIM Join
Source PE1,
PE1 RD 2004:7,
2004:7 Group 232.0.0.1
RPF Neighbor ASBR1.1
The RPF Vector ASBR2.1
from P2 identifies ASBR2
itself as the exit router for
source PE1 with RD
2004:7
Source PE1 is not
reachable on ASBR2, but
source PE1,
PE1 RD 2004:7
and Group 232.0.0.1 are
known from BGP MDT
SAFI Updates
P2
P1
ASBR1
PE1
From the BGP MDT SAFI
updates, ASBR1.1 is the
next hop and is reachable
in IGP, use it as PIM next
hop to forward the join
ASBR2
AS-2
AS-1
PE2
CE1
CE2
10.0.0.0/8
11.0.0.0/8
RST-2702
9800_05_2004_X
115
© 2004 Cisco Systems, Inc. All rights reserved.
Inter-AS MDT -- PIM
From ASBR1 to P1
PIM Join
Source PE1,
PE1 Group 232.0.0.1
RPF Neighbor P1
Source PE1 is reachable
on ASBR1 via IGP. It is in
the same AS as ASBR1.
ASBR1 forwards PIM Join
to source PE1,
PE1 using P1
as the PIM next hop
P2
P1
ASBR1
PE1
AS-1
CE1
AS-2
PE2
CE2
10.0.0.0/8
RST-2702
9800_05_2004_X
ASBR2
11.0.0.0/8
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
116
Inter-AS MDT -- PIM
PIM Join
From P1 to PE1
Source PE1,
PE1 Group 232.0.0.1
RPF Neighbor PE1
Source PE1 is reachable
on P1 via IGP.
P1 forwards PIM Join to
source PE1,
PE1 using PE1 as
the PIM next hop
P2
P1
ASBR1
PE1
AS-1
CE1
ASBR2
AS-2
PE2
CE2
10.0.0.0/8
RST-2702
9800_05_2004_X
This completes the setup
of the SSM tree for MDT
Default Group 232.0.0.1
rooted at PE1
11.0.0.0/8
© 2004 Cisco Systems, Inc. All rights reserved.
117
EXTRANET
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
118
Extranet MVPN
• Allow multicast content originated from
within one site to be distributed to other sites,
possibly belonging to different VPNs
• Require no new protocols
• Depend only on unicast routing policies to
perform RPF
– In case multicast and unicast topologies are not
congruent, additional configuration is necessary
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
119
Extranet MVPN Configuration Options
1. On the PE router connected to the multicast source,
for each Multicast Domain (or MVPN) that wishes to
receive the content, configure an additional MVRF
which has the same Default MDT Group if the MVRF
is not present
2. Alternatively on a PE router that is connected to
receivers, configure an additional MVRF which has
the same Default MDT Group as the one connected
to the multicast source, if the MVRF is not present
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
120
Extranet MVPN Examples
Configuration Option #1
Even though PE1 is not
connected to any sites of
VPN-Y, create an MVRF
on PE1
This MVRF has the same
MDT Default Group as the
MVRF created on PE2 for
VPNVPN-Y
MVRF For VPN-Y
The same unicast routing
policy is configured to
import routes from VPNVPN-X
MVRF For VPN-Y
MDT For VPN-Y
PE2
MVRF For VPN-X
CE
VPN-Y
Receiver
P
PE1
PE3
Source
CE1
CE
VPN-X
VPN-X
Receiver
MDT For VPN-X
RST-2702
9800_05_2004_X
MVRF For VPN-X
121
© 2004 Cisco Systems, Inc. All rights reserved.
Extranet MVPN Option #1
Packet Flow
Packets received in MVRF
for VPNVPN-X from the
source
Independently replicated
and encapsulated in the
MVRF for VPNVPN-X and
VPNVPN-Y
MVRF For VPN-Y
PE2 and PE3 decapsulate
and forward the packet to
the respective MVRFs
MVRF For VPN-Y
PE2
MVRF For VPN-X
PE1
CE
VPN-Y
Receiver
P
PE3
Source
CE1
CE
VPN-X
VPN-X
Receiver
MVRF For VPN-X
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
122
Extranet MVPN Option #1
Using a Common MDT Data Group
PE1 can optionally
choose to use to same
MDT Data Group to
encapsulate packets
The result is that packets
are only replicated once
in the core independent
of the number of different
receiver MVRFs
MVRF For VPN-Y
PE2 and PE3 decapsulate
and forward the packet to
the respective MVRFs
MVRF For VPN-Y
PE2
MVRF For VPN-X
PE1
CE
VPN-Y
Receiver
P
PE3
Source
CE1
CE
VPN-X
VPN-X
Receiver
MVRF For VPN-X
RST-2702
9800_05_2004_X
123
© 2004 Cisco Systems, Inc. All rights reserved.
Extranet MVPN Option #2
Configuration
Even though PE2 is not
connected to any sites of VPNVPNX, create an MVRF on PE2
MVRF For VPN-X
Configure the same routing
policy to export routes from
VPNVPN-X to VPNVPN-Y
MVRF For VPN-Y
MDT For VPN-X
PE2
MVRF For VPN-X
PE1
CE
VPN-Y
Receiver
P
PE3
Source
CE1
CE
VPN-X
VPN-X
Receiver
MVRF For VPN-X
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
124
Extranet MVPN Option #2
Packet Flow
Packets are received and
replicated in the MVRF for
VPNVPN-X on PE1
They are replicated to PE2
and PE3 as both are
connected to receivers in
VPNVPN-X
They are
decapsulated
and replicated
in the MVRF
for VPNVPN-Y on
PE2
MVRF For VPN-X
MVRF For VPN-Y
PE2
MVRF For VPN-X
PE1
CE
VPN-Y
Receiver
P
PE3
Source
CE1
CE
VPN-X
VPN-X
Receiver
MVRF For VPN-X
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
125
Extranet MVPN Additional Notes
• PIM-SM or PIM-SSM for Extranet multicast
traffic
• For PIM-SM, RP and sources must be in same
MVPN
–
RST-2702
9800_05_2004_X
Connected to the same Multicast Domain
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
126
QUESTIONS?
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
127
THANKS FOR COMING
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
128
Complete Your Online Session Evaluation!
WHAT:
Complete an online session evaluation
and your name will be entered into a
daily drawing
WHY:
Win fabulous prizes! Give us your feedback!
WHERE: Go to the Internet stations located
throughout the Convention Center
HOW:
Winners will be posted on the onsite
Networkers Website; four winners per day
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
129
RST-2702
9800_05_2004_X
© 2004 Cisco Systems, Inc. All rights reserved.
130
Copyright © 2003, Cisco Systems, Inc. All rights reserved. Printed in USA.
9800_05_2004_X.scr
Related documents
Module Summary
Module Summary
WWW+Internet+networking - Edulink
WWW+Internet+networking - Edulink
Oxford Skull Base Tumour MDT Referral Form
Oxford Skull Base Tumour MDT Referral Form
Download
advertisement