Jump to content






Photo - - - - -

Multicast VPN with static-rp

Posted by MSSK , 10 February 2013 · 1,522 views

Multicast VPN with static-rp Issue

In this example we will examine Multicast VPN with MPLS implemented using static rp for multicast information deleivery
Our CEs in this example are R1 and R5
Our PEs are R2 and R4, and R3 is the P

We will run OSPF as the IGP inside the MPLS backbone

Configuration

R1#sh run int f1/0
Building configuration...

Current configuration : 114 bytes
!
interface FastEthernet1/0
ip address 192.1.12.1 255.255.255.0
ip pim sparse-mode
speed 100
duplex full

R1#sh run | sec ip route
ip route 0.0.0.0 0.0.0.0 192.1.12.2
R2

R2#sh run int f1/0
interface FastEthernet1/0
vrf forwarding VPN_A
ip address 192.1.12.2 255.255.255.0
ip pim sparse-mode
speed 100
duplex full

R2#sh run int f1/1
interface FastEthernet1/1
ip address 192.1.23.2 255.255.255.0
ip pim sparse-mode
speed 100
duplex full
mpls ip

R2#sh run int lo0
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip pim sparse-mode

R2#sh run | sec vrf def
vrf definition VPN_A
rd 100:1
route-target export 100:1
route-target import 100:1
!
address-family ipv4
  mdt default 239.1.1.1
exit-address-family

R2#sh run | sec router ospf
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 192.1.23.2 0.0.0.0 area 0

R2#sh run | sec router bgp
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
  neighbor 4.4.4.4 activate
  neighbor 4.4.4.4 send-community both
exit-address-family
!
address-family ipv4 vrf VPN_A
  network 192.1.12.0
exit-address-family

R3

R3#sh run int f1/0
interface FastEthernet1/0
ip address 192.1.23.3 255.255.255.0
ip pim sparse-mode
speed 100
duplex full
mpls ip

R3#sh run int f1/1
interface FastEthernet1/1
ip address 192.1.34.3 255.255.255.0
ip pim sparse-mode
speed 100
duplex full
mpls ip

R3#sh run int lo0
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip pim sparse-mode

R3#sh run | sec router ospf
router ospf 1
router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 192.1.23.3 0.0.0.0 area 0
network 192.1.34.3 0.0.0.0 area 0

R4

R4#sh run int f1/0
interface FastEthernet1/0
ip address 192.1.34.4 255.255.255.0
ip pim sparse-mode
speed 100
duplex full
mpls ip

R4#sh run int f1/1
interface FastEthernet1/1
vrf forwarding VPN_A
ip address 192.1.45.4 255.255.255.0
ip pim sparse-mode
speed 100
duplex full

R4#sh run int lo0
interface Loopback0
ip address 4.4.4.4 255.255.255.255
ip pim sparse-mode

R4#sh run | sec vrf def
vrf definition VPN_A
rd 100:1
route-target export 100:1
route-target import 100:1
!
address-family ipv4
  mdt default 239.1.1.1
exit-address-family

R4#sh run | sec router ospf
router ospf 1
router-id 4.4.4.4
network 4.4.4.4 0.0.0.0 area 0
network 192.1.34.4 0.0.0.0 area 0

R4#sh run | sec router bgp
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
  neighbor 2.2.2.2 activate
  neighbor 2.2.2.2 send-community both
exit-address-family
!
address-family ipv4 vrf VPN_A
  network 192.1.45.0
exit-address-family

R5

R5#sh run int f1/0
interface FastEthernet1/0
ip address 192.1.45.5 255.255.255.0
ip pim sparse-mode
speed 100
duplex full

R5#sh run | sec ip route
ip route 0.0.0.0 0.0.0.0 192.1.45.4

Multicast Configuration

We first have to enable multicast globally on our devices, but on our PE routers, the multicast routing should be enabled for the VRF as this is our concern

R2#sh run | inc multica
ip multicast-routing
ip multicast-routing vrf VPN_A

Next, we will enable pim sparse-mode on the transit interfaces (sample configuration)

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int f1/0
R1(config-if)#ip pim sparse-mode

Next, we will define who is the rp-address of our multicast domain, we will choose our P router (R3) to take this role, but for the VRF PE1 will take this role

R1#sh run | inc rp-add
ip pim rp-address 192.1.12.2

R2#sh run | inc rp-add
ip pim rp-address 3.3.3.3
ip pim vrf VPN_A rp-address 192.1.12.2

R3#sh run | inc rp-add
ip pim rp-address 3.3.3.3

R4#sh run | inc rp-add
ip pim rp-address 3.3.3.3
ip pim vrf VPN_A rp-address 192.1.12.2

R5#sh run | inc rp-add
ip pim rp-address 192.1.12.2
R1#sh ip pim rp mapping
PIM Group-to-RP Mappings

Group(s): 224.0.0.0/4, Static
    RP: 192.1.12.2 (?)

R2#sh ip pim rp mapping
PIM Group-to-RP Mappings

Group(s): 224.0.0.0/4, Static
    RP: 3.3.3.3 (?)

R3#sh ip pim rp mapping
PIM Group-to-RP Mappings

Group(s): 224.0.0.0/4, Static
    RP: 3.3.3.3 (?)

R4#sh ip pim rp mapping
PIM Group-to-RP Mappings

Group(s): 224.0.0.0/4, Static
    RP: 3.3.3.3 (?)

R5#sh ip pim rp mapping
PIM Group-to-RP Mappings

Group(s): 224.0.0.0/4, Static
    RP: 192.1.12.2 (?)

R2#sh ip pim vrf VPN_A rp mapping  
PIM Group-to-RP Mappings

Group(s): 224.0.0.0/4, Static
    RP: 192.1.12.2 (?)

R4#sh ip pim vrf VPN_A rp mapping
PIM Group-to-RP Mappings

Group(s): 224.0.0.0/4, Static
    RP: 192.1.12.2 (?)

Not forgetting the MDT group!

R2#sh run | sec vrf def
address-family ipv4
  mdt default 239.1.1.1
exit-address-family

R4#sh run | sec vrf def
address-family ipv4
  mdt default 239.1.1.1
exit-address-family

To make sure that the multicast inside our core is working properly interface R4 lo0 will join the group 224.5.5.5
R4#sh run int lo0 | inc igm
ip igmp join-group 224.5.5.5

Will R2 be able to ping it?
R2#ping 224.5.5.5 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 224.5.5.5, timeout is 2 seconds:

Reply to request 0 from 4.4.4.4, 96 ms
Reply to request 0 from 4.4.4.4, 100 ms

Then it is working fine, now let us configure R5 interface F1/0 to join the group 239.9.9.9
R5#sh run int f1/0 | inc igmp
ip igmp join-group 239.9.9.9

R1#ping 239.9.9.9 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 239.9.9.9, timeout is 2 seconds:

Reply to request 0 from 192.1.45.5, 148 ms

Then our Multicast VPN is working fine and as required

R1#sh ip int bri | inc Tun
Tunnel0     192.1.12.1   YES unset  up     up  

R2#sh ip mroute vrf VPN_A 239.9.9.9
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
   L - Local, P - Pruned, R - RP-bit set, F - Register flag,
   T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
   X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
   U - URD, I - Received Source Specific Host Report,
   Z - Multicast Tunnel, z - MDT-data group sender,
   Y - Joined MDT-data group, y - Sending to MDT-data group,
   G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
   Q - Received BGP S-A Route, q - Sent BGP S-A Route,
   V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 239.9.9.9), 21:57:03/stopped, RP 192.1.12.2, flags: S
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Tunnel2, Forward/Sparse, 21:51:36/00:02:41

(192.1.12.1, 239.9.9.9), 00:00:03/00:02:56, flags: T
  Incoming interface: FastEthernet1/0, RPF nbr 192.1.12.1
  Outgoing interface list:
    Tunnel2, Forward/Sparse, 00:00:03/00:03:26


R2#show derived-config interface tunnel 2
Building configuration...

Derived configuration : 133 bytes
!
interface Tunnel2
ip unnumbered Loopback0
no ip redirects
ip mtu 1500
tunnel source Loopback0
tunnel mode gre multipoint
end

As can be seen that a GRE tunnel was used with a source of loopback 0 and a destination of the default MDT group configured under the VRF definition




cant see the image?
thanks for the link, just one addition, address-family ipv4 mdt config is missing from R4 configs.
Seems I forgot to add it :) Thanks , i will update it

BR,
MSSK

November 2019

S M T W T F S
     12
3456789
10111213141516
1718 19 20212223
24252627282930

Recent Entries

Recent Comments

Tags

    Search My Blog

    Categories

    Organization

    Community

    Downloads

    Test Providers

    Site Info


    Go to top