Inter-AS multicastVPN

Unanswered Question
Aug 14th, 2008

Does pim Sparse-mode support the inter-as multicast VPN?

i guess only PIM SSM supports the multicast vpn in inter-as configuration... just to cross check...

regards

Devang Patel

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 4 (3 ratings)
Harold Ritter Mon, 08/18/2008 - 10:19

Devang,

It is certainly possible to support PIM Sparse mode ASM in an InterAS context. You would simply need to use MSDP between the two ASes. SSM would definitely be simpler though. SSM does require that all routers support the mBGP MDT SAFI.

Regards,

shivlu jain Wed, 08/20/2008 - 21:28

MDT safi is only required on sender side , receiver can be used any.

regards

shivlu

Harold Ritter Thu, 08/21/2008 - 18:35

Shivlu,

The PEs are both senders and receivers as far as the default MDT is concerned.

Regards,

shivlu jain Fri, 08/22/2008 - 23:08

Hritter

You are right but I am talking about mdt-safi not mdt-default, have tested in my LAB in which my source is using mdt-safi and receiver is using only MP-BGP with default mdt.

regards

shivlu

Harold Ritter Sun, 08/24/2008 - 05:36

Shivlu,

The MDT SAFI is used by a PE to signal itself as a new source on the default MDT to the other PEs.

Therefore you would need to have MDT SAFI support on both sides.

Regards,

chintan-shah Fri, 01/23/2009 - 10:07

Hi Hritter,

We use MSDP between two ASes in case we run PIM-SM in our core. Usually we run MSDP in our network on Core router -may be few Tier1 sites.. Now in case I need to run MSDP to other AS , Shall I use diff router which gets all SA from Core MSDP and then pass to diff AS ?? What is best practice ?

We might think of Option B as Inter-AS for mVPN as we already run Option B for normal L3 VPN with out partnet service provider....

Rgards,

Chintan

shivlu jain Thu, 01/29/2009 - 22:03

chintan

remember one thing it should not be extranet. Because anycast is not going to work with extranet.

SSM is the only supported for inter-as communication.

regards

shivlu jain

Harold Ritter Fri, 01/30/2009 - 13:40

Shivlu,

Are you referring to Extranet or InterAS?

I am not sure what you mean by "SSM is the only supported for inter-as communication".

You could certainly have ASM to work with InterAS mVPN by having one RP in each AS exchanging Source Active (SA) messages between themselves. This would be in a option 10c context though.

Regards

chintan-shah Sun, 02/01/2009 - 23:28

Hi Hritter,

I was going through below link for inter-AS :

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/iasmcvpn.html

I see that option C also cisco indicates to use PIM-SSM , BGP MDT SAFI. In fact, cisco says that PIM-SSM in core is must for even default MDT for otpoin B & C.

Is it true that i can't have option C if i have PIM-SM (ASM) in core for default MDT ? I can't find any example on CCO.

Regards,

Chintan

Harold Ritter Mon, 02/02/2009 - 07:47

Chintan,

You can definitely use ASM with option C. In fact, this is the only way you would be able to interoperate with the other vendor.

The idea, would be to have an RP (or group of RPs) in each AS and to run MSDP between the RPs in each AS.

Regards

shivlu jain Mon, 02/02/2009 - 08:42

hritter

The document posted by chintan is also saying that SSM should be in the core in case of inter-as mvpn. May be the document is old but I donot think so for mVPN still cisco supports anycast. Anycast with msdp is for ip vpn inter as cloud. Kindly clarify can we use anycast for mVPN if yes please provide the doc link.

To all:- One thing i would like to add if you are going for mVPN with SSM in inter-as then mdt safi should be used because in previous implementation of cisco type 2 rd is used which is actually for inter-as communication.

regards

shivlu jain

Harold Ritter Mon, 02/02/2009 - 11:31

Shivlu,

I am not referring to Anycast here but rather to running ASM (pim-sm) with a separate RP per AS and then an MSDP session between the two ASes so that PEs in one AS can join the source tree to a PE in the other AS. Again, this would be your only option if you were to build an InterAS mVPN network in a dual vendor environment.

Regards

chintan-shah Mon, 02/02/2009 - 18:33

Hi Hritter,

So, as you said I use ASM(PIM-SM) in my core for Default MDT with multivendor enviroment and also do Inter-AS with partner using MSDP between our AS RP and partnet RP. Thanks for clarification on this .

But at the same time i will still require to use RFP Vector, BGP connector attribute for option C for RPF check on remote AS P router?? and i guess that is too also only supported in cisco so can i still go ahead with multivendor enviroment ??

I would apprcieate if you can share some case study , document for Inter-AS when i have ASM in Core and use MSDP between two AS.

Thanks again,

Regards,

Chintan

Harold Ritter Tue, 02/03/2009 - 06:56

Chintan,

RPF Vector and the connector attribute are not required for option 10c.

Regards

Harold Ritter Tue, 02/03/2009 - 18:14

Chintan,

Let me explain why the connector attribute and the RPF vector are generally not required in an option 10c scenario.

The connector attribute is used instead of the VPNv4 NH to perform the RPF check for C-Domain multicast streams received on the default or data MDT. This is required in an option 10b scenario as the VPNv4 NH will be changed by the ASBR, which would normally cause the RPF check to fail. In the case of option 10c, the VPNv4 session is from PE to PE or from RR to RR and the VPNv4 NH is not changed in either cases.

The RPF vector is used to forward PIM control messages towards the source and perform the RPF check in an option 10b scenario. Since the PIM routers in one AS have no routing information for PEs Loopback addresses (sources) in the other AS, the RPF vector (generally the BGP NH for the MDT SAFI updates) is used instead of the source address. Again, This is not required in an option 10c context, as PE's loopback addresses are available between the two ASes.

Regards

chintan-shah Tue, 02/03/2009 - 21:08

Hi Hritter,

Thanks for good explanation. I understand that Option C doesn't not change BGP NH so that PE in one AS has routing info avialable of PE in second AS, which is not a case in Option B.

But still in option C, P router ( I.e PIM router) still need to have knowledge of remtoe AS PE loopack ( source), and if AS is BGP-free core, how will that know ? in that case, i guess , still RPF vector will require but not connector attribute.

The reason i asked because we have plan to hae BGP less free core or it might be the case for our partner AS.

please correct me if i am wrong.

Thanks

Chintan

Harold Ritter Wed, 02/04/2009 - 07:01

Chintan,

That is correct. BGP free core is a case in which you would need to use the RPF vector. Otherwise, it is not required in option 10c.

Regards

chintan-shah Wed, 02/04/2009 - 07:06

Hi Hritter,

Thanks for clarification and clearing my understanding.

so if i have BGP free core and need to use RPF vector , It doesn't mean i still have to have BGP MDT SAFI right ? I can still use Option C without BGP MDT SAFI.

May be one of AS has BGP free core and other still have BGP running :-).

Regards,

Chintan

Harold Ritter Wed, 02/04/2009 - 07:18

Chintan,

I don't think you need the MDT SAFI updates to use the RPF vector but the issue is that the RPF vector needs to be supported by the edge devices (initiating the joins towards the source) and by the core routers (in the BGP free core). Since this RPF Vector is not currently supported by Juniper, this will be a problem in a mix network.

Regards

chintan-shah Wed, 02/04/2009 - 07:34

Ah, One more pity in mix network, It is really become frustrating for service provider.

The problem is Juniper is drving more towards NG MVPN so it is almost impossible that now Juniper support BGP MDT SAFI.

We will have to wait till NG MVPN beccome standard and both Cisco and Juniper agree to support.

Another problem I have is, we already have Option B as Inter-As option with our partner for unicast MPLS VPN and they are planning PIM-SSM in Corr (draft-rosen) as they have single vendor ( Cisco).

In that case option i see, use PIM-SSM in core and don't terminate mVPN customer on Juniper ( still they are Very very less comapre to Cisco as PE).

Or use PIM-SM lowest one for both juniper and Cisco and work with partner to see alternative solution , looks difficult although.

But I must heartly thank you on your continued quick response and sharing good info and very good discussion among all of us. This is one of my best discusison on Netpro till now :-)

I keep you disturb you guys in case i have further doubt, i am intial stage of design and want to go to right direction from begining...

Harold Ritter Wed, 02/04/2009 - 08:01

Chintan,

> Ah, One more pity in mix network, It is really become frustrating for service provider.

I can understand the frustration. Drafts and RFCs are written in IETF but are not necessarily followed by all vendors.

> The problem is Juniper is drving more towards NG MVPN so it is almost impossible that now Juniper support BGP MDT SAFI.

I heard rumors from one customer of mine, that they would soon support the MDT SAFI. Probably because of customer pressure.

> We will have to wait till NG MVPN beccome standard and both Cisco and Juniper agree to support.

This might happen but it might take a while. I would recommend to use what has been proven and deployed rather then what might be. Again I know it is difficult to find the right mixture.

> In that case option i see, use PIM-SSM in core and don't terminate mVPN customer on Juniper ( still they are Very very less comapre to Cisco as PE).

This would be one of the few options I guess.

> Or use PIM-SM lowest one for both juniper and Cisco and work with partner to see alternative solution , looks difficult although.

This would be another. The only issue is making sure you avoid using any of the features not supported by both vendors.

> But I must heartly thank you on your continued quick response and sharing good info and very good discussion among all of us. This is one of my best discusison on Netpro till now :-)

It is always a pleasure for me to have that kind of discussions.

> I keep you disturb you guys in case i have further doubt, i am intial stage of design and want to go to right direction from begining...

You are certainly not disturbing, on the contrary. I am sure that many people who find themselves in that same situation will find this thread very interesting.

Regards

chintan-shah Wed, 02/04/2009 - 08:08

> The problem is Juniper is drving more towards NG MVPN so it is almost impossible that now Juniper support BGP MDT SAFI.

I heard rumors from one customer of mine, that they would soon support the MDT SAFI. Probably because of customer pressure.

==>> Hope this is not rumors and it is true. I will also try to pressure Juniper through my managment for this :-).

I should also thank Shivlu for his contribution and help on sharing some info.

Shivlu- I already joined your blog of MPLSVPN and see good mails every day morning :-).

last but not least , thanks to Devang opening this thread that give us opprtunity :-).

Cheers,

chintan-shah Sun, 02/22/2009 - 19:25

Hi Hritter,

I think you were right , it is not rumours but true that Juniper is going to support MDT SAFI. In fact, they have now support avialable in JunOs 9.4 onwards.

- Chapter -17 - on Draft-rosen

(http://www.juniper.net/techpubs/software/junos/junos94/swconfig-multicast/swconfig-multicast.pdf)

BTW, I also go to know this was only done to pressure from some big customer but goingforward Multicast VPN will be based on P2MP LSP , this is way Juniper is going ahead.

I see this year Networks Online session on Multicast and find taht Cisco is already working on mLDP and P2MP LSP for labelled based mVPN. This will interoperate with other vendor...

Not sure, if you can give some info on Cisco's apporach on this new technology for mVPN and it looks far better than PIM based to avoid scalability issue and having PIM Free Core :)..

Regards,

Chintan

devang_etcom Tue, 02/03/2009 - 23:16

Hritter/Sivlu,

Good discussion is going on MVPN! Okay so if I will leak the loopback of PEs in each other AS then are there any chances of RFP failure; if yes then what will be requirement to avoid the RFP failure (I am talking about option B)?

I am not talking about of using Multicast family in BGP!

thanks,

Devang Patel

chintan-shah Tue, 02/03/2009 - 23:35

Hi Devang,

What i learnt from Hritter and shivlu from this discussion that , if you want to go with optoin -B , you need BGP MDT address-family support and that don't need to leak loopback of PEs. so everythign will be fine. But as i have multivendor enviroment, it will be tough , as say juniper doesn't support BGP MDT SAFI.

But if we use PIM-SM (ASM) for default and PIM-SSM for DATA MDT as per draft rosen , we can't have Option -B and we have to use option A or C. For option C you any way exchange PE loopback between two AS throgh RR peering so RPF will not be problem.

But one thing i am still waitning from hritter that what if Core is BGP free whee i wil not have information on remote AS PE loopback and have to do RPF check.

REgards,

Chintan

chintan-shah Tue, 02/03/2009 - 23:37

This is my understanding from this discusion.

Hritter , if you see i have wrong understanding, please correct me.

Regards,

Harold Ritter Wed, 02/04/2009 - 07:07

Chintan,

You are correct on your explanation.

And about BGP free core, This requires RPF Vector support, wich is not supported either by Juniper.

Regards

shivlu jain Thu, 02/05/2009 - 08:24

As per my understanding RPF vector means that the PE will act as proxy becasue the downstream is not having any information for the upstream. We can also say that in single MPLS domain also my PE works as RPF vector.

regards

shivlu jain

devang_etcom Thu, 02/05/2009 - 09:19

Hritter,

Agree that in option B we dont need to leak loopback! but I am just curious to know, will it work if I will leak loopbacks? If i will leak loopback then do I need to use BGP MDT SAFI?

thanks,

Devang Patel

Harold Ritter Thu, 02/05/2009 - 11:23

Devang,

If you leak PE loopback addresses from one AS to the other, you will not need the MDT SAFI but you will still the connector attribute, as the next hop attribute for the BGP VPNv4 updates will be set to the ASBR rather than originating PE, which will cause the RPF check to fail.

Regards

devang_etcom Thu, 02/05/2009 - 12:06

Hritter,

Thanks for your quick response; but again the configuration wise there will be no any difference right? or i guess now i just need to enable the address family IPv4 multicast instead of address family MDT; am i correct?

thanks

Devang Patel

Harold Ritter Thu, 02/05/2009 - 14:15

Devang,

If the MDT SAFI is not used then it means that you will have to use ASM, which implies an RP in each AS and MSDP between the two.

Again, I assume this is not a multi vendor environment, as the connector attribute is not supported by JUNOS.

Regards

devang_etcom Thu, 02/05/2009 - 16:29

Hritter,

Yes I am talking about only CISCO implementation! so back to configuration: do we need only BGP IPv4 multicast address family or don't even need that?

thanks

Devang Patel

Harold Ritter Thu, 02/05/2009 - 16:43

Devang,

You do not need AF ipv4 multicast, just AF ipv4 unicast to leak the loopback addresses between ASes.

Since it is a Cisco only network, why don't you go with the MDT SAFI. This would make your life way easier and more in line with best practices as well.

Regards

devang_etcom Thu, 02/05/2009 - 16:56

The issue I have is I dont have an IOS that support MDT SAFI! thats why I am looking for alternate path! Yeah we can leak loopback routes with address family IPv4 unicast! then only thing I wanted to understand the how RPF will work here in this case if we will not have address family MDF and Multicast! becoz many time i found the RPF fail issue! so it will be great if you can explain me how things work in my case?

I know you are the person from whom I will have answer! ;-)

thanks,

Devang Patel

Harold Ritter Thu, 02/05/2009 - 17:48

Devang,

If you do not have the IOS required to support the MDT SAFI, you do not have the IOS to support the connector attribute either. This will cause the RPF check to fail on the PE where the receiver is connected.

I would recommended either upgrading the IOS to support the MDT SAFI, RPF vector and connector attribute. The other option is to use option 10a or 10c, which will not required any of these features.

Regards

Harold Ritter Mon, 02/02/2009 - 12:16

Shivlu,

I guess you meant that the VPNv4 type 2 RD is used for intra-AS, not inter-AS.

Regards

shivlu jain Mon, 02/02/2009 - 12:21

hritter

yes because in the previos ios cisco is attahcing type 2 rd which is not as per standard but in SB and SRC series cisco added mdt safi feature. If we want to go for inter as mVPN then the core should be migrated to mdt-safi means which is not using type 2 rd in mvpn.

regards

shivlu jain

Harold Ritter Mon, 02/02/2009 - 13:28

Shivlu,

I was merely pointing out that you wrote inter-area instead of intra-area.

Regards

shivlu jain Mon, 02/02/2009 - 14:17

curently most of the cisco ios are using type 2 rd for intra-AS which is actually not standard.

regards

shivlu jain

Harold Ritter Mon, 02/02/2009 - 16:36

Shivlu,

Actually, All recent IOS images use the MDT SAFI rather than the VPNv4 with a RD type 2, which was as you mentioned, a non-standard method.

Regards

James Yeo Thu, 08/21/2008 - 21:11

You can use Dense but not recommended. But you can use both sparse-mode and sparse-dense-mode.

Remember to use MSDP to exchange between AS also bearing in mind that reachability is required if peering via loopback and best practise to specify connect-source on the MSDP Peer statement. Also use "mspd peer default" so it bypasses the RPF checkup and forwards the SA messages. Then use either Cisco PIM or BSR PIM per AS and or Anycast for the multicast domain.

Hope that helps

Actions

Login or Register to take actions

This Discussion

Posted August 14, 2008 at 8:31 AM
Stats:
Replies:47 Avg. Rating:4
Views:1349 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard