cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1770
Views
10
Helpful
27
Replies

inter-AS mVPN

starman10
Level 1
Level 1

Is there any way to implement inter-AS mVPN without mdt address-familly support on PE routers?

27 Replies 27

bjornarsb
Level 4
Level 4

Hi,

If I understand your question you would like to enable multi-vpn without vrf support on the PE routers. This is not a recomended design but if you enable MPLS VPN on the CPE this would work. Your PE routers would then be like P routers just doing tag-switching.

Regards,

Bjornarsb

No, I want to do inter-as multicast VPN.

Hi,

Until 2002, the only way to support multicast over a Multiprotocol Label Switching (MPLS) network was for the service provider to build manual generic routing encapsulation (GRE) tunnels between every source-receiver pair. Because of the large administrative costs, this manual configuration solution presents serious challenges even for companies with a small number of sites and customers.

So if you do not want GRE, actually the answer turns out to the same.

The key point is where you enable BGP.

The Interautonomous System (Inter-AS) Support for Multicast VPN feature can be configured on a VRF router, to enable forwarding of Multicast VPN traffic from one site of a VPN Red in Autonomous System 1 to another site of the VPN Red in Autonomous System 2. This feature allows multicast distribution tree (MDT) tunnels to be set up between two provider-edge routers in different autonomous systems without the need to share routing information between the two autonomous systems.

To allow two provider-edge routers to set up an MDT tunnel across autonomous systems, the MDT addresses family needs to be enabled under a Border Gateway Protocol (BGP) configuration.

So again if you enable (move) all functionality on to the CEs, your PEs will be like P routers.

HTH

Regards,

Bjornarsb

Bjornar,

You don't necessarily need the MDT safi to deploy InterAS mVPN. Some vendors do not support this feature yet.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Yes, it is possible. Without the MDT SAFI, you will loose the ability to do SSM for the default MDT. The data MDT can still use SSM though.

The way to make it work is to setup your P-domain just as you would do for normal inter-domain multicast. You need to have one or more RPs in each AS and interconnect them using MSDP.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hritter,

ok. I tried the proposed solution using PIM-SM and MSDP in P-domain. Multicast in P-domain works well between both AS, but PE router in another AS simpley does not create tunnel interface and consequently also multicast VPN traffic does not have any way to be forwarded.

What version of IOS are you using? Can you attach the relevant config from one PE on each side.

Thanks,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

What version of IOS are you using? Can you attach the relevant config from one PE on each side.

Thanks,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

!

hostname r4

!

boot system flash:c2600-spservicesk9-mz.123-16.bin

!

!

ip vrf ABC2

rd 45:1

route-target export 45:1

route-target import 45:1

route-target import 267:1

mdt default 230.1.1.1

mdt data 230.1.2.0 0.0.0.255 threshold 2

!

ip multicast-routing

ip multicast-routing vrf ABC2

!

!

!

!

interface Loopback0

ip address 17.17.0.4 255.255.255.255

ip pim sparse-mode

no clns route-cache

!

interface FastEthernet0/0.14

encapsulation dot1Q 14

ip vrf forwarding ABC2

ip address 17.17.14.4 255.255.255.0

ip pim sparse-mode

no snmp trap link-status

!

router ospf 14 vrf ABC2

log-adjacency-changes

redistribute bgp 45 subnets

network 17.17.14.4 0.0.0.0 area 0

!

router bgp 45

!

address-family ipv4 vrf ABC2

redistribute connected

redistribute ospf 14

no auto-summary

no synchronization

exit-address-family

!

ip pim rp-address 17.17.0.4

ip pim vrf ABC2 rp-address 17.17.14.4

ip msdp peer 17.17.0.2 connect-source Loopback0 remote-as 267

ip msdp vrf ABC2 peer 17.17.76.6 connect-source FastEthernet0/0.14

!

hostname r6

!

boot system disk0:c7200-spservicesk9-mz.124-4.T6.bin

!

!

!

ip vrf ABC1

rd 267:1

route-target export 267:1

route-target import 267:1

route-target import 45:1

mdt default 230.1.1.1

mdt data 230.1.2.0 0.0.0.255 threshold 2

!

ip multicast-routing

ip multicast-routing vrf ABC1

!

!

!

!

interface Loopback0

ip address 17.17.0.6 255.255.255.255

ip router isis

ip pim sparse-mode

!

interface Loopback16

ip vrf forwarding ABC1

ip address 17.17.76.6 255.255.255.255

ip pim sparse-mode

!

!

interface FastEthernet0/0.68

encapsulation dot1Q 68

ip vrf forwarding ABC1

ip address 17.17.68.6 255.255.255.0

ip pim sparse-mode

no snmp trap link-status

!

!

!

router ospf 67 vrf ABC1

router-id 17.17.0.16

log-adjacency-changes

redistribute bgp 267 subnets

network 17.17.68.6 0.0.0.0 area 0

!

router bgp 267

address-family ipv4 vrf ABC1

redistribute connected

redistribute ospf 67 vrf ABC1

no auto-summary

no synchronization

exit-address-family

!

!

ip pim vrf ABC1 rp-address 17.17.76.6

ip mroute 17.17.0.2 255.255.255.255 17.17.26.2

ip msdp vrf ABC1 peer 17.17.14.4 connect-source Loopback16

!

Ales,

One thing I notice looking at these two configs is that you are missing the rp-address on R6.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold,

R6 does not have static rp-address, beacause there is dynamic (bootstrap) protocol in R6 domain. Another router acts as RP point. P-domain actually works fine (ping responses). I don't see the reason why R4 does not register to 230.1.1.1 after configuring MDT default. Do you maybe have any ideas what statuses could be worth to check more?

One thing to check - without MDT AFI support, there will be an RPF failure against int Tunnel0 (or whichever mGRE interface created for MDT support). Haven't labbed this up, but I'm thinking a static mroute using the Tunnel on each side may correct the issue.

HTH,

Mike

Mike,

I see your point using mroutes. The issue is that GRE tunnel is not created on a router that resides in another AS. Is there any way to make it manually?

I actually had mGRE in mind.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: