05-07-2007 02:54 AM
Is there any way to implement inter-AS mVPN without mdt address-familly support on PE routers?
05-07-2007 03:35 AM
Hi,
If I understand your question you would like to enable multi-vpn without vrf support on the PE routers. This is not a recomended design but if you enable MPLS VPN on the CPE this would work. Your PE routers would then be like P routers just doing tag-switching.
Regards,
Bjornarsb
05-07-2007 03:43 AM
No, I want to do inter-as multicast VPN.
05-07-2007 04:22 AM
Hi,
Until 2002, the only way to support multicast over a Multiprotocol Label Switching (MPLS) network was for the service provider to build manual generic routing encapsulation (GRE) tunnels between every source-receiver pair. Because of the large administrative costs, this manual configuration solution presents serious challenges even for companies with a small number of sites and customers.
So if you do not want GRE, actually the answer turns out to the same.
The key point is where you enable BGP.
The Interautonomous System (Inter-AS) Support for Multicast VPN feature can be configured on a VRF router, to enable forwarding of Multicast VPN traffic from one site of a VPN Red in Autonomous System 1 to another site of the VPN Red in Autonomous System 2. This feature allows multicast distribution tree (MDT) tunnels to be set up between two provider-edge routers in different autonomous systems without the need to share routing information between the two autonomous systems.
To allow two provider-edge routers to set up an MDT tunnel across autonomous systems, the MDT addresses family needs to be enabled under a Border Gateway Protocol (BGP) configuration.
So again if you enable (move) all functionality on to the CEs, your PEs will be like P routers.
HTH
Regards,
Bjornarsb
05-07-2007 04:43 AM
Bjornar,
You don't necessarily need the MDT safi to deploy InterAS mVPN. Some vendors do not support this feature yet.
Hope this helps,
05-07-2007 04:38 AM
Yes, it is possible. Without the MDT SAFI, you will loose the ability to do SSM for the default MDT. The data MDT can still use SSM though.
The way to make it work is to setup your P-domain just as you would do for normal inter-domain multicast. You need to have one or more RPs in each AS and interconnect them using MSDP.
Hope this helps,
05-07-2007 05:43 AM
Hritter,
ok. I tried the proposed solution using PIM-SM and MSDP in P-domain. Multicast in P-domain works well between both AS, but PE router in another AS simpley does not create tunnel interface and consequently also multicast VPN traffic does not have any way to be forwarded.
05-07-2007 06:32 AM
What version of IOS are you using? Can you attach the relevant config from one PE on each side.
Thanks,
05-07-2007 06:58 AM
What version of IOS are you using? Can you attach the relevant config from one PE on each side.
Thanks,
05-07-2007 09:24 AM
!
hostname r4
!
boot system flash:c2600-spservicesk9-mz.123-16.bin
!
!
ip vrf ABC2
rd 45:1
route-target export 45:1
route-target import 45:1
route-target import 267:1
mdt default 230.1.1.1
mdt data 230.1.2.0 0.0.0.255 threshold 2
!
ip multicast-routing
ip multicast-routing vrf ABC2
!
!
!
!
interface Loopback0
ip address 17.17.0.4 255.255.255.255
ip pim sparse-mode
no clns route-cache
!
interface FastEthernet0/0.14
encapsulation dot1Q 14
ip vrf forwarding ABC2
ip address 17.17.14.4 255.255.255.0
ip pim sparse-mode
no snmp trap link-status
!
router ospf 14 vrf ABC2
log-adjacency-changes
redistribute bgp 45 subnets
network 17.17.14.4 0.0.0.0 area 0
!
router bgp 45
!
address-family ipv4 vrf ABC2
redistribute connected
redistribute ospf 14
no auto-summary
no synchronization
exit-address-family
!
ip pim rp-address 17.17.0.4
ip pim vrf ABC2 rp-address 17.17.14.4
ip msdp peer 17.17.0.2 connect-source Loopback0 remote-as 267
ip msdp vrf ABC2 peer 17.17.76.6 connect-source FastEthernet0/0.14
!
hostname r6
!
boot system disk0:c7200-spservicesk9-mz.124-4.T6.bin
!
!
!
ip vrf ABC1
rd 267:1
route-target export 267:1
route-target import 267:1
route-target import 45:1
mdt default 230.1.1.1
mdt data 230.1.2.0 0.0.0.255 threshold 2
!
ip multicast-routing
ip multicast-routing vrf ABC1
!
!
!
!
interface Loopback0
ip address 17.17.0.6 255.255.255.255
ip router isis
ip pim sparse-mode
!
interface Loopback16
ip vrf forwarding ABC1
ip address 17.17.76.6 255.255.255.255
ip pim sparse-mode
!
!
interface FastEthernet0/0.68
encapsulation dot1Q 68
ip vrf forwarding ABC1
ip address 17.17.68.6 255.255.255.0
ip pim sparse-mode
no snmp trap link-status
!
!
!
router ospf 67 vrf ABC1
router-id 17.17.0.16
log-adjacency-changes
redistribute bgp 267 subnets
network 17.17.68.6 0.0.0.0 area 0
!
router bgp 267
address-family ipv4 vrf ABC1
redistribute connected
redistribute ospf 67 vrf ABC1
no auto-summary
no synchronization
exit-address-family
!
!
ip pim vrf ABC1 rp-address 17.17.76.6
ip mroute 17.17.0.2 255.255.255.255 17.17.26.2
ip msdp vrf ABC1 peer 17.17.14.4 connect-source Loopback16
!
05-07-2007 01:25 PM
Ales,
One thing I notice looking at these two configs is that you are missing the rp-address on R6.
Hope this helps,
05-07-2007 10:02 PM
Harold,
R6 does not have static rp-address, beacause there is dynamic (bootstrap) protocol in R6 domain. Another router acts as RP point. P-domain actually works fine (ping responses). I don't see the reason why R4 does not register to 230.1.1.1 after configuring MDT default. Do you maybe have any ideas what statuses could be worth to check more?
05-08-2007 06:04 AM
One thing to check - without MDT AFI support, there will be an RPF failure against int Tunnel0 (or whichever mGRE interface created for MDT support). Haven't labbed this up, but I'm thinking a static mroute using the Tunnel on each side may correct the issue.
HTH,
Mike
05-08-2007 08:40 AM
Mike,
I see your point using mroutes. The issue is that GRE tunnel is not created on a router that resides in another AS. Is there any way to make it manually?
05-08-2007 08:42 AM
I actually had mGRE in mind.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide