Rob Riker/ Simplified Networking: IOS Multicast VPN with the Rosen Model Default MDT with Static RP

In the below topology, only the IOS routers in the SP core are leveraged. I am systematically testing out mVPN for all profiles on IOS then XR. The idea is to keep the configuration for multicast rather simple and easy to verify and troubleshoot. The lab I have built allows flexibility of adding/removing interfaces at my choosing.

So the topology uses R3 and R4 as the PE routers and R1 and R2 as the Provider Core routers. R1 is a BGP route reflector for all applicable address families. Not shown in the configuration is the MPLS L3 VPN configuration. All the routers in the SP core are running IS-IS with LDP, MP-BGP on all PEs back to R1. PE-CE Routing is accomplished with the PEs redistributing the connected PE-CE link via a route-map or RPL and the CE sending an IPv4 or IPv6 default route.

The goal we are trying to achieve, R5 is the sender for the 224.1.1.1 multicast group and R7 and R8 have joined 224.1.1.1 as receivers. After we configure the core, CEs and PE-CE connectivity, when R5 pings 224.1.1.1 there should be responses from both R7 and R8.

Multicast VPN, if you have never played with it before, is daunting to get working. The reason why is the provider runs it's own multicast infrastructure and the customer runs it's own multicast infrastructure. The customer could just use GRE tunneling techniques, P2P or DMVPN and achieve multicast reachability that way. MPLS L3 VPN can be used to route multicast traffic.

There are 5 major sections to get this working.
1. Configuring the SP core on the P and PE routers
2. Configuring the PEs for the MDT
3. Configuring PE-CE connections to be multicast aware
4. Configuring the Customers equipment to support to multicast
5. Test reachability

---------------------Configuring the SP core on the P and PE routers---------------------
The multicast transport is PIM encapsulated in the core.

R1 - Provider core router
ip multicast-routing distributed
!
interface Loopback0
ip pim sparse-mode
!
interface GigabitEthernet1.12
ip pim sparse-mode
!
interface GigabitEthernet1.13
ip pim sparse-mode

R1#sh ip pim interface

Address Interface Ver/ Nbr Query DR DR
Mode Count Intvl Prior
10.1.3.1 GigabitEthernet1.13 v2/S 1 30 1 10.1.3.3
10.1.2.1 GigabitEthernet1.12 v2/S 1 30 1 10.1.2.2
172.16.100.1 Loopback0 v2/S 0 30 1 172.16.100.1

R1#sh ip pim neighbor | b Address
Address Prio/Mode
10.1.3.3 GigabitEthernet1.13 04:02:48/00:01:41 v2 1 / DR S P G
10.1.2.2 GigabitEthernet1.12 04:02:19/00:01:23 v2 1 / DR S P G

R2 - Provider core router
ip multicast-routing distributed

interface GigabitEthernet1.12

ip pim sparse-mode

interface GigabitEthernet1.24

ip pim sparse-mode

R2#sh ip pim interface

Address Interface Ver/ Nbr Query DR DR

Mode Count Intvl Prior

10.1.2.2 GigabitEthernet1.12 v2/S 1 30 1 10.1.2.2

10.2.4.2 GigabitEthernet1.24 v2/S 1 30 1 10.2.4.4

R2#sh ip pim neighbor | b Address

Address Prio/Mode

10.1.2.1 GigabitEthernet1.12 04:03:44/00:01:34 v2 1 / S P G

10.2.4.4 GigabitEthernet1.24 03:36:17/00:01:28 v2 1 / DR S P G

R3 - Provider Edge router

ip multicast-routing distributed

interface Loopback0

ip pim sparse-mode

interface GigabitEthernet1.13

ip pim sparse-mode

R3#sh ip pim interface

Address Interface Ver/ Nbr Query DR DR

Mode Count Intvl Prior

10.1.3.3 GigabitEthernet1.13 v2/S 1 30 1 10.1.3.3

172.16.100.3 Loopback0 v2/S 0 30 1 172.16.100.3

R3#sh ip pim neighbor | b Address

Address Prio/Mode

10.1.3.1 GigabitEthernet1.13 04:04:48/00:01:27 v2 1 / S P G

R4 - Provider Edge router

ip multicast-routing distributed

interface Loopback0

ip pim sparse-mode

interface GigabitEthernet1.24

ip pim sparse-mode

R4#sh ip pim interface

Address Interface Ver/ Nbr Query DR DR

Mode Count Intvl Prior

10.2.4.4 GigabitEthernet1.24 v2/S 1 30 1 10.2.4.4

172.16.100.4 Loopback0 v2/S 0 30 1 172.16.100.4

R4#sh ip pim neighbor | b Address

Address Prio/Mode

10.2.4.2 GigabitEthernet1.24 03:37:49/00:01:30 v2 1 / S P G

---------------------Configuring PE-CE connections to be multicast aware---------------------

ip multicast-routing vrf MCAST distributed

interface GigabitEthernet1.35

vrf forwarding MCAST

ip pim vrf MCAST rp-address 172.16.100.5

R3#sh ip pim vrf MCAST interface

Address Interface Ver/ Nbr Query DR DR

Mode Count Intvl Prior

10.3.5.3 GigabitEthernet1.35 v2/S 1 30 1 10.3.5.3

172.16.100.3 Tunnel0 v2/S 1 30 1 172.16.100.4

R3#sh ip pim vrf MCAST neighbor | b Address

Address Prio/Mode

10.3.5.5 GigabitEthernet1.35 04:10:48/00:01:40 v2 0 / S P G

172.16.100.4 Tunnel0 02:13:10/00:01:29 v2 1 / DR S P G

R3#sh ip pim vrf MCAST rp mapping

Group(s): 224.0.0.0/4, Static

RP: 172.16.100.5 (?)

ip multicast-routing vrf MCAST distributed

interface GigabitEthernet1.48

vrf forwarding MCAST

interface GigabitEthernet1.47

vrf forwarding MCAST

ip pim vrf MCAST rp-address 172.16.100.5

R4#sh ip pim vrf MCAST interface

Address Interface Ver/ Nbr Query DR DR

Mode Count Intvl Prior

10.4.8.4 GigabitEthernet1.48 v2/S 1 30 1 10.4.8.4

172.16.100.4 Tunnel0 v2/S 1 30 1 172.16.100.4

10.4.7.4 GigabitEthernet1.47 v2/S 1 30 1 10.4.7.4

R4#sh ip pim vrf MCAST neighbor | b Address

Address Prio/Mode

10.4.8.8 GigabitEthernet1.48 04:12:07/00:01:22 v2 0 / S P G

172.16.100.3 Tunnel0 02:14:06/00:01:32 v2 1 / S P G

10.4.7.7 GigabitEthernet1.47 02:00:00/00:01:19 v2 0 / S P G

R4#sh ip pim vrf MCAST rp mapping

Group(s): 224.0.0.0/4, Static

RP: 172.16.100.5 (?)

---------------------Configuring the Customers equipment to support to multicast---------------------

ip multicast-routing distributed

interface Loopback0

ip pim sparse-mode

interface GigabitEthernet1.35

ip pim dr-priority 0

ip pim sparse-mode

ip pim rp-address 172.16.100.5

ip multicast-routing distributed

interface G1.48

ip pim dr-priority 0

ip pim sparse-mode

ip igmp join-group 224.1.1.1

ip pim rp-address 172.16.100.5

The "dr-priority 0" command is used on any link between 2 PIM neighbors where the PIM neighbor that is forwarding away from the RP has become the DR. The DR should always be in the forwarding direction towards the RP. If that is not the case, issue can occur.

R8#sh ip pim rp map

Group(s): 224.0.0.0/4, Static

RP: 172.16.100.5 (?)

ip multicast-routing distributed

interface G1.47

ip pim dr-priority 0

ip pim sparse-mode

ip igmp join-group 224.1.1.1

ip pim rp-address 172.16.100.5

R7#sh ip pim rp mapping

Group(s): 224.0.0.0/4, Static

RP: 172.16.100.5 (?)

---------------------Configuring the PEs for the IPv4 MDT---------------------
This builds the multicast distribution trees between the PEs and in this case, the RR. Once completed, R3 (172.16.100.3, 232.0.0.1) and R4(172.16.100.4, 232.0.0.1) should both be visible in the "ip mroute" table. These connections are the global MRIB and show all the multicast endpoints the provider can send traffic to. R1 is the route reflector, so nothing significant shows up. R3 and R4 are the PEs, looking at them we can see the "Z" indicating a multicast tunnel.

R1 - BGP Route Reflector

router bgp 1

address-family ipv4 mdt

neighbor MCAST route-reflector-client

neighbor 172.16.100.3 activate

neighbor 172.16.100.4 activate

neighbor 172.16.100.13 activate

neighbor 172.16.100.14 activate

R1#sh bgp ipv4 mdt all | b Network

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:1

*>i 172.16.100.3/32 172.16.100.3 0 100 0 ?

*>i 172.16.100.4/32 172.16.100.4 0 100 0 ?

R1#sh ip mroute | b \(

(*, 232.0.0.1), 02:08:30/00:03:13, RP 172.16.100.1, flags: S

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

GigabitEthernet1.13, Forward/Sparse, 02:08:21/00:03:13

(172.16.100.3, 232.0.0.1), 02:08:17/00:01:35, flags: T

Incoming interface: GigabitEthernet1.13, RPF nbr 10.1.3.3

Outgoing interface list:

GigabitEthernet1.12, Forward/Sparse, 02:08:17/00:03:08

(172.16.100.4, 232.0.0.1), 02:08:28/00:02:20, flags: T

Incoming interface: GigabitEthernet1.12, RPF nbr 10.1.2.2

Outgoing interface list:

GigabitEthernet1.13, Forward/Sparse, 02:08:21/00:03:15

(*, 224.0.1.40), 02:08:43/00:02:14, RP 172.16.100.1, flags: SJCL

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

GigabitEthernet1.13, Forward/Sparse, 02:08:36/00:02:40

R3 - PE

router bgp 1

address-family ipv4 mdt

neighbor 172.16.100.1 activate

neighbor 172.16.100.1 send-community both

R3#sh bgp ipv4 mdt all | b Network

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:1 (default for vrf MCAST)

*> 172.16.100.3/32 0.0.0.0 0 ?

*>i 172.16.100.4/32 172.16.100.4 0 100 0 ?

R3#sh ip mroute | b \(

(*, 232.0.0.1), 03:37:54/stopped, RP 172.16.100.1, flags: SJCFZ

Incoming interface: GigabitEthernet1.13, RPF nbr 10.1.3.1

Outgoing interface list:

MVRF MCAST, Forward/Sparse, 03:37:52/00:00:46

(172.16.100.4, 232.0.0.1), 02:07:16/00:01:18, flags: JTZ

Incoming interface: GigabitEthernet1.13, RPF nbr 10.1.3.1

Outgoing interface list:

MVRF MCAST, Forward/Sparse, 02:07:16/00:00:46

(172.16.100.3, 232.0.0.1), 03:37:54/00:03:25, flags: FT

Incoming interface: Loopback0, RPF nbr 0.0.0.0

Outgoing interface list:

GigabitEthernet1.13, Forward/Sparse, 02:07:16/00:03:06

(*, 224.0.1.40), 04:09:06/00:02:08, RP 172.16.100.1, flags: SJPCL

Incoming interface: GigabitEthernet1.13, RPF nbr 10.1.3.1

Outgoing interface list: Null

R3#sh ip pim vrf MCAST neighbor | b ^Neighbor
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.3.5.5 GigabitEthernet1.35 13:55:17/00:01:19 v2 0 / S P G
172.16.100.4 Tunnel0 11:57:39/00:01:40 v2 1 / DR S P G

This is the connection point between the provider and customer for vrf MCAST, showing that there is a PIM neighbor down to the customer and a tunnel built to the other PE or R4. The tunnel is a multipoint GRE tunnel, allowing many PEs to connect to many other PEs enabled for IPv4 MDT.

R3#show derived-config interface tunnel0
interface Tunnel0
ip unnumbered Loopback0
no ip redirects
ip mtu 1500
tunnel source Loopback0
tunnel mode gre multipoint

This output shows that the tunnel is in fact a GRE tunnel. We didn't configure this, this is automatically implemented when MP-BGP IPv4 MDT is enabled.

R4 - PE

router bgp 1

address-family ipv4 mdt

neighbor 172.16.100.1 activate

neighbor 172.16.100.1 send-community both

R4#sh bgp ipv4 mdt all | b Network

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 1:1 (default for vrf MCAST)

*>i 172.16.100.3/32 172.16.100.3 0 100 0 ?

*> 172.16.100.4/32 0.0.0.0 0 ?

R4#sh ip mroute | b \(

(*, 232.0.0.1), 03:38:43/stopped, RP 172.16.100.1, flags: SJCFZ

Incoming interface: GigabitEthernet1.24, RPF nbr 10.2.4.2

Outgoing interface list:

MVRF MCAST, Forward/Sparse, 03:38:42/stopped

(172.16.100.3, 232.0.0.1), 02:07:58/00:02:29, flags: JTZ

Incoming interface: GigabitEthernet1.24, RPF nbr 10.2.4.2

Outgoing interface list:

MVRF MCAST, Forward/Sparse, 02:07:58/stopped

(172.16.100.4, 232.0.0.1), 03:38:43/00:02:39, flags: FT

Incoming interface: Loopback0, RPF nbr 0.0.0.0

Outgoing interface list:

GigabitEthernet1.24, Forward/Sparse, 02:08:09/00:03:24

(*, 224.0.1.40), 04:08:08/00:02:20, RP 172.16.100.1, flags: SJPCL

Incoming interface: GigabitEthernet1.24, RPF nbr 10.2.4.2

Outgoing interface list: Null

R4#sh derived-config interface tun0
interface Tunnel0
ip unnumbered Loopback0
no ip redirects
ip mtu 1500
tunnel source Loopback0
tunnel mode gre multipoint

R4#sh ip pim vrf MCAST neighbor | b ^Neighbor
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.4.8.8 GigabitEthernet1.48 14:02:08/00:01:23 v2 0 / S P G
172.16.100.3 Tunnel0 12:04:08/00:01:36 v2 1 / S P G
10.4.7.7 GigabitEthernet1.47 11:50:02/00:01:26 v2 0 / S P G

---------------------Test reachability---------------------

R5#ping 224.1.1.1 repeat 2

Type escape sequence to abort.

Sending 2, 100-byte ICMP Echos to 224.1.1.1, timeout is 2 seconds:

Reply to request 0 from 10.4.8.8, 43 ms

Reply to request 0 from 10.4.8.8, 51 ms

Reply to request 0 from 10.4.7.7, 46 ms

Reply to request 0 from 10.4.7.7, 43 ms

Reply to request 1 from 10.4.7.7, 13 ms

Reply to request 1 from 10.4.8.8, 13 ms

Reply to request 1 from 10.4.7.7, 13 ms

Rob Riker/ Simplified Networking

Saturday, March 3, 2018

IOS Multicast VPN with the Rosen Model Default MDT with Static RP

No comments:

Post a Comment

Blog Archive