Question on Multicast VPN

Answered Question
Jan 7th, 2009
User Badges:

Hi,


In service provider to provide Multicast VPN to customer, they run PIM-SM or PIM-SSM. PIM-SM for default MDT.


PIM-SM require RP and i learnt that best to use Anycast RP.


Now, I have 13 locations having P route connected to form core. Do i need to run Anycast RP on each core local to location and run MSDP between them to exchange SA?


What should be best solution to support PIM-SM in Core for Multicast VPN on MPLS network ?


I guess, Custoemr RP,MSDP would be under VRF instance for each customer.


Please correct me if i am wrong , can suggest any good document.


Regards,

Chintan






Correct Answer by Harold Ritter about 8 years 6 months ago

Shivlu,


For the PE to use SSM, it needs to somehow learn the source address(es).


For the data MDT, the method to signal the source address is described in draft-rosen-vpn-mcast section 7.2, which is supported by both IOS and JUNOS.


http://www.potaroo.net/ietf/idref/draft-rosen-vpn-mcast/#page-19



For the default MDT, the signaling in IOS is done using draft-nalawade-idr-mdt-safi, which is not supported in JUNOS.


http://tools.ietf.org/html/draft-nalawade-idr-mdt-safi-03


Let me know if I answered your question.



Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (4 ratings)
Loading.
Harold Ritter Wed, 01/07/2009 - 10:57
User Badges:
  • Cisco Employee,

Chintan,


The best option would be to use PIM-SSM for both the default and data MDT. But This might not be possible if you run in a multivendor environment. That being said, I agree that AnycastRP is the best option if you have to run PIM-SM.


You do not need to have an RP per site though. I would select a few sites (maybe 3 or 4) to host an RP. You will need to run MSDP between them as you mentioned.


The solution chosen by the customer is completely independent from what you do in the core. Customer can use any technology they want (AnycastRP, AutoRP, BSR, Static RP) so they don't necessarily need MSDP. But yes, the MSDP configuration would be inside a VRF context if they decided to use AnycastRP.


Regards

chintan-shah Wed, 01/07/2009 - 19:22
User Badges:

Hi Hritter,


As you said it is not require to select all site to host an RP. I can select few sites ( core -Large POP) as an RP. Does it means that othe core/P router which are not configured as RP, I will need to configure ip pim rp-address on those P router along with on all PE.


Regarding PIM SSM, Core will be Cisco, but Edge will be more of Cisco but some of Juniper. IS there any issue you'r already aware of i can use PIM-SSM ?


Thanks agian,

REgards,

Chintan

shivlu jain Thu, 01/08/2009 - 01:18
User Badges:
  • Silver, 250 points or more

hi chintan


As per my understanding you are looking for how to announce the rp address to you PEs, correct if I am wrong.

You can use auto-rp or static rp mechanism to advertise you anycast rp. Auro-r runs only on cisco platform if you are using multivendor then you must go with static rp address which is really a hectic job.


regards

shivlu jain


chintan-shah Thu, 01/08/2009 - 06:51
User Badges:

Hi shivlu,


I agree with hriteer. Anycast RP is much simple in terms of optimal routing and redudancy. Auto-RP you will have RP selection again and there are known issue with that...


Regards,

Chintan

Harold Ritter Thu, 01/08/2009 - 06:56
User Badges:
  • Cisco Employee,

Chintan,


What Shivlu meant is that you could use auto-rp to distribute the AnycastRP address instead of using static RP on all routers. I have seen a few customers doing that but personally I prefer using AnycastRP in conjunction with static RP.


Regards

chintan-shah Thu, 01/08/2009 - 07:16
User Badges:

hritter,


Yeap, i misunderstood. Thanks for clarification...


Regards,

Chintan


Harold Ritter Thu, 01/08/2009 - 06:38
User Badges:
  • Cisco Employee,

Chintan,


You definitely need to configure "ip pim rp-address " on all routers (Ps and PEs) including the RPs themselves.


You will not be able to use SSM for the default MDT as this is implemented via the MDT SAFI, which is not supported in JUNOS. There is no problem to use SSM for the data MDT though.


Regards

chintan-shah Thu, 01/08/2009 - 06:53
User Badges:

Hi hritter,


Thanks for clarification on SSM. I learnt that MDT SAFI ( IPV4 MDT) you can configure for PIM-SSM default MDT with new SAFI capability in BGP. What is standard for this ?


Regards,

Chintan

shivlu jain Fri, 01/09/2009 - 07:05
User Badges:
  • Silver, 250 points or more

hi hritter


I am not clear from this "You will not be able to use SSM for the default MDT as this is implemented via the MDT SAFI, which is not supported in JUNOS. There is no problem to use SSM for the data MDT though."

Kindly explain or provide a link to document.


regards

shivlu jain


Correct Answer
Harold Ritter Fri, 01/09/2009 - 10:25
User Badges:
  • Cisco Employee,

Shivlu,


For the PE to use SSM, it needs to somehow learn the source address(es).


For the data MDT, the method to signal the source address is described in draft-rosen-vpn-mcast section 7.2, which is supported by both IOS and JUNOS.


http://www.potaroo.net/ietf/idref/draft-rosen-vpn-mcast/#page-19



For the default MDT, the signaling in IOS is done using draft-nalawade-idr-mdt-safi, which is not supported in JUNOS.


http://tools.ietf.org/html/draft-nalawade-idr-mdt-safi-03


Let me know if I answered your question.



Regards

chintan-shah Mon, 01/12/2009 - 07:15
User Badges:

Hi Hritter,


In case we use SSM for default MDT via MDT SAFI, will this avoid flooding multicast traffic in MD to all PE like PIM-SM default MDT and traffic will be forwarded to only PE who has receiver ? as Here also we use common Multicast group


Regards,

Chintan




Harold Ritter Mon, 01/12/2009 - 07:27
User Badges:
  • Cisco Employee,

Chintan,


No. Traffic on the default MDT reaches all PEs by definition. This doesn't change whether you use ASM or SSM. The only way to alleviate that is to use a data MDT.


Regards

chintan-shah Mon, 01/12/2009 - 07:30
User Badges:

Hi,


Thanks for clarifiation. So only advantage i get is i dont need to use any RP, MSDP etc on P router..


Any other benefit of SSM (default MDT) vs. SM ( default MDT) ??


Harold Ritter Mon, 01/12/2009 - 09:08
User Badges:
  • Cisco Employee,

Chintan,


This is the only advantage as far as I can think of. But in my view, the fact that you don't need to support an RP infrastructure simplifies things quite a bit.


Regards



chintan-shah Mon, 01/12/2009 - 09:33
User Badges:

Hi Hritter,


I agree that It would at least simplifies RP Infrastrcture...


BTW,Is there any SP who only runs DATA MDT ? I would doubt because that will require loads of number (S,G)states on Core , almost = Number of VPN X Number of MC per VPN X Number of PE Per MC reciver unlike Number of VPN X Number of PE for Default right ?


Thanks agian.


Regards,

Chintan

shivlu jain Mon, 01/12/2009 - 10:35
User Badges:
  • Silver, 250 points or more

hi hritter


thanks for your links.


chintan:- What i think if we ssm instead of sm one major advantage which we get in ssm is that no more flooding of join or register for PE which really save lot of processes. Another adavantage is that in case of Anycast msdp flooding occurs every 180 sec whether it is having new sa or not but in case of ssm it doesnot happen.

In ssm what i feel bad is that you cannot use ip pim spt thrashold infinity because there is no *,G entry. As per me if you are desiging a proposal for financial trading company which is having lot of groups then you might go with anycase becasue in that you use ip pim spt threshold infinity.


regards

shivlu jain

Harold Ritter Mon, 01/12/2009 - 11:04
User Badges:
  • Cisco Employee,

Shivlu,


Even if you are designing a proposal for a financial customer with thousands of states, these states will not be seen in the SP core (P-Domain), which is really the upside of mVPN.


Regards

Harold Ritter Mon, 01/12/2009 - 11:21
User Badges:
  • Cisco Employee,

Shivlu,


One more thing, you are correct about the register messages but the periodic PIM join messages are still being used in SSM mode.


Regards

shivlu jain Thu, 01/15/2009 - 22:46
User Badges:
  • Silver, 250 points or more

Hritter


As per me there should not be periodic pim join messgages in the SSM mode. In SSM source is my MP-BGP loopback address and groud will be mdt.

Correct me if i am wrong.


regards

shivlu jain

Harold Ritter Fri, 01/16/2009 - 07:26
User Badges:
  • Cisco Employee,

Shivlu,


SSM uses PIM-SM with a few modifications. RFC4601 section 4.8.1 defines the modifications to the PIM SM protocol to support SSM. Beyond these modifications, all normal PIM SM functionality and messages are required, including periodic join messages.


http://tools.ietf.org/html/rfc4601


Regards

shivlu jain Sat, 01/17/2009 - 02:47
User Badges:
  • Silver, 250 points or more

thanks hritter; Now I am more cleared about SSM.


regards

shivlu jain

Harold Ritter Mon, 01/12/2009 - 11:09
User Badges:
  • Cisco Employee,

Chintan,


The default MDT is required for control plane communication between the PEs (PIM messages between the PEs). It is also through that the more data MDT you have, the more states as well. There is a trade-off between the more efficient of multicast traffic and the number of states.


Regards

chintan-shah Mon, 01/26/2009 - 22:28
User Badges:

Hi Hritter, Sivlu,


Thanks for your extensive help. It might be possible that we go with PIM-SM( Default MDT) and PIM-SSM( DATA MDT) due to multivendor enviroment.


We also have one requirment to have Inter-AS mVPN as we are already running Inter-AS VPN.


Now, we run RP on our some of few coure router. In case we want to go with Option B for Inter-AS mVPN , we will need to do MSDP with our partner to share SA message.


Question is : Since we plan to run MSDP on Core, how do we establish MSDP with Partner ?

We will use one ASBR to connect to partner so can we get all MSDP from core to ASBR and then run MSDP with partner ?


I also see in opton-B they talk about SSM and BGP MDT SAFI but in case i don't run PIM-SSM in core for default , will option B supported with PIM-SM ??


Thanks in advance for your help,


Regards,

Chintan

chintan-shah Wed, 01/28/2009 - 22:17
User Badges:

Hi,


I could find out from other thread where you guys have given your feedback on inter-AS.


I understood that it is better to go with Option-A -back to back VRF if i don't ahve PIM-SSM in Core for default & data MDT both this is due to fact that still mutlivendor support for PIM-SSM in core not avilable.


Please correct me , If I'm wrong.


Regards,

Chintan

Harold Ritter Thu, 01/29/2009 - 05:51
User Badges:
  • Cisco Employee,

Chintan,


This is correct. For interoperability between vendors you need to go with either option A or C. A is the simples by far.


Regards

Harold Ritter Thu, 01/29/2009 - 05:45
User Badges:
  • Cisco Employee,

Chintan,


Option B means no ipv4 route exchange between the two ASes (except for the MDT SAFI), only VPNv4. Again, I will not be able to get option b to work in a multi-vendor context. You will need to go to either option A or C.


Regards

Mohamed Sobair Thu, 01/29/2009 - 11:46
User Badges:
  • Gold, 750 points or more

Hi,


Cisco Highly recommend the use of Data-mdt to optimize multicast traffic and 2 support high bandwidth multicast application uses SSM.


Multicast using NBMA Access:


This solution creates MTI , unlike GRE tunnel , this is not a point to point tunnel, this tunnel Tracks the remote PE and unicast the multicast packet to the remote PE.


PEs Signal the Use of Data-mdt via udp port 3232 , Only CEs intend receipent of Data Join the group.


The Default-mdt is used to forward pim control messages.


a Unique Group per each customer is required, a unique Source is also requires , this Source recommended to be the Looback address of the Origination BGP Session ID.


Only a Single Mvrf per customer is supported.


The Provider facing customer Interfaces should be configured with (Pim Sparse-dense mode) , This will make sure all customer Pim Control messages and bootstrap messages are forwarded.


The PE facing P Interfaces should be configured with (Pim Sparse-mode) since its the only Pim mode supported , Pim Bidirectional will be supported once it proves stability.


The RPF check is performed a gainst the MTI (The Origination BGP session Id).


The Provider Network is completely transparent to the customer multicast traffic.


So, a customer can use any Pim mode, Only PEs has to be a customer CE pim neighbors.


For the Provider Network (P or PE) devices, you dont need to run Anycast RP or MSDP, since its a single AS.


Anycast RP would provide redundancy and loadsharing capability for the Provider Network.



HTH

Mohamed

chintan-shah Thu, 01/29/2009 - 19:02
User Badges:

Hi,


I still have one doubt on PIM-SSM for Default MDT. It was calrified by Hritter and shivlu that if we use PIM-SSM for default MDT, there will be still flodding.


But now say i have 5 P E part of VPN, and use Default MDT so i will have 5 (S,G) entry where source will be each 5 PE loopback and G will one Default MDT Multicast group.


Now i still fail to understand that say PE1 send join (S,G) to PE2 or it is alwasy that PE1 will send (S,G) to all reset PE in Default MDT and Multicast traffic will be flooded. If there is an still traffic flodded , it would be tradeoff to maintain so many (S,G) entry. right ?


Regards,

Chintan



Harold Ritter Fri, 01/30/2009 - 09:22
User Badges:
  • Cisco Employee,

Chintan,


You will have one (s,g) per PE whether you use ASM or SSM for the default MDT. With ASM, PEs will first join the RPT (*,g) but will switch over to the SPT (s,g) right after by default.


If you use SSM, then PE1 for instance will send a (s,g) towards all sources that have been learned via BGP MDT SAFI for a specific VPN (specific RT).


The multicast control traffic is always flooded to all PEs that have joined the default MDT.


Multicast streams are sent to all PEs that have joined the default MDT by default.


Multicast streams are sent to PEs with interested receivers if data MDT is configured and that the threshold has been reached.


This is regardless of whether you use SSM or ASM.


Regards

chintan-shah Sat, 01/31/2009 - 21:12
User Badges:


Hi Hritter,


Thanks for very good explanation on Multicast control and stream flooding in Default MDT regardless of SSM or ASM.


As you told by default with ASM, Recevier PE will switchover to STP (S,G) and i think that can again creat loads of (s,G) so i belive that it would be recommonded to keep SPT threshold infinity for ASM and keep (*,G) only state and for higher traffic switchover to DATA-MDT by configuring apprporiate threshold to defind higher traffic.


Do you agree ?


Chintan


 


 


 

Harold Ritter Sun, 02/01/2009 - 14:01
User Badges:
  • Cisco Employee,


Chintan,


Disabling SPT switchover might be a way to scale. If you really have lots of PEs, a better way might be to use PIM Bidir for the default MDT. PIM Birdir will require one (*,G) per default-MDT (per VPN), which can help tremendously when trying to scale to a very high number of VPNs and PEs.


 


Regards

chintan-shah Sun, 02/01/2009 - 20:40
User Badges:

Hi Hritter,


Thanks. PIM Birdir is supported on all platform ? like 7600, 12K,7200. These are the platform used by PE and CRS & 12 K as P router in network.


I read some of documents but still PIM-Birdir is not being used most extensively in SP network considering reliability. What is your opinion on this ?


Regards,

Harold Ritter Mon, 02/02/2009 - 11:24
User Badges:
  • Cisco Employee,

Chintan,


PIM Bidir is supported on all platforms you mentioned. It has been available for quite a while now. Again, bear in mind that JUNOS doesn't support it.


Regards

chintan-shah Mon, 02/02/2009 - 18:35
User Badges:

Hi Hritter,


Thanks for clarification and further information on Juniper. It is really pitty that Multicast is quite tough in multivendor enviroment as other vendor like juniper doesn't support best one..like PIM-BIR, PIM-SSM ..


But any way thanks for clarification. It is good Info.


Regards,

Chintan

chintan-shah Mon, 02/02/2009 - 18:48
User Badges:

I mean Juniper doesn't suport PIM-SSM for Default MDT and BGP MDT SAFI so that SP can have PIM-SSM in Core :-).


Harold Ritter Tue, 02/03/2009 - 06:59
User Badges:
  • Cisco Employee,

Chintan,


Well, as it is always the case when working with multiple implementations, you need to determine what the lowest common denominator is and make the best of it.


Regards

chintan-shah Tue, 02/03/2009 - 09:21
User Badges:

Hi Hritter,


You are very true that have to determine lowest common denominator and make the best of it.


I was going through one white paper of Juniper mVPN and they proposed NGMVPN ( Next Gen MVPN) and also explain benefit of NGMVPN over draft-rosen implementation. I think NGMVPN is driven by IETF. Does cisco support that ?


What is RFC/Draft for NGMVPN mentioned by Juniper ??


Here is white paper, I am talking about :


http://www.juniper.net/solutions/literature/white_papers/200291.pdf


Regards,

Chintan


Harold Ritter Tue, 02/03/2009 - 13:49
User Badges:
  • Cisco Employee,

Chintan,


This is currently at the draft level and there seems a lot of divergent opinions on where that should go. It might take a while before we get interoperable implementations. Meanwhile, draft Rosen is interoperable and widely deployed. I think the choice is clear, at least for now.


Regards

Mohamed Sobair Thu, 01/29/2009 - 19:35
User Badges:
  • Gold, 750 points or more


The Data-mdt has been introduced to support High Multicast Bandwidth by creating Groups On demand based On a Bandwidth threshhold.


Cisco recommends using 232.239/16, Once a customer reach certain threshhold and there still bandwidth in demand, then another Group is dynamically created from the Range.


and Yes, Since its not a point to point Multicast tunnel interface, There will be 5 Sources entry for each PE. Think of it like mGRE. Why? it will provide redundancy within the provider Network to carry multicast traffic and it has to track each PE in the (P Network).


HTH

Mohamed

shivlu jain Thu, 01/29/2009 - 21:31
User Badges:
  • Silver, 250 points or more

Chintan


I want to add one more point in the mohamed post. The data mdt groups are limited to 256 if you are having data mdt customers PE more than 256 at that time the the least used group will be replaced.


During design process it should be considered.


regards

shivlu jain


chintan-shah Thu, 01/29/2009 - 21:49
User Badges:

Hi Shivlu,


Do you mean 256 group per customer ( i.e mVRF ?) or per PE ( i.e number of customer)?


Regards,

Chintan

chintan-shah Thu, 01/29/2009 - 22:07
User Badges:

Hi Guys,


I have one question. In case i use anycast, i understood that i don't need MSDP as per RFC4610.


How does each RP knows source from other RP ?


REgards,

Chintan

Harold Ritter Fri, 01/30/2009 - 13:15
User Badges:
  • Cisco Employee,

Chintan,


RFC4610 defines Anycast RP without the need to run MSDP. This is currently not available in IOS, you therefore still need MSDP if you are going to deploy Anycast RP with IOS.


Regards

Harold Ritter Fri, 01/30/2009 - 13:24
User Badges:
  • Cisco Employee,

Chintan,


Sorry, I didn't read your question till the end. RFC4610 allows you to run Anycast RP without MSDP by having the RP receiving the register message to replicate this message to the other RP(s) in the RP set.


Section 3 of RFC4610 explains this mechanism in details.


http://www.ietf.or/rfc/rfc4610.txt?number=4610


Regards

chintan-shah Sat, 01/31/2009 - 21:17
User Badges:


Hi Hritter,


Thanks for confirmation on non-avilability fo support for RFC4610 in IOS yet. So, I will keep MSDP still in some of few core routers in my design for mVPN design.


I will have a look on link given by you. Thanks for link.


Chintan


 


 


 


 

Harold Ritter Fri, 01/30/2009 - 10:01
User Badges:
  • Cisco Employee,

Just as a precision,the limitation is 256 multicast groups for data MDT per VRF per PE.


Regards

chintan-shah Sat, 01/31/2009 - 21:24
User Badges:


Hi Hritter,


Thanks for clarification. Since limitation is 256 Multicast groups for DATA MDT per VRF.


One of our customer is looking for mVPN and have following requirements :




Number of groups is currently 520 and increasing in the near future.




Multicast currently 30Mbps moving towards 40Mbps soon and is very bursty in nature , could be microseconds burst up to 160 Mbps.


I will have to think of threshold value to switch over to Default to DATA first but major question is how do i accomodate 520 groups of customer where i have 255 limitation per VRF per Data MDT. in practical, there could be unlikely that all 520 will switchvoer to DATA MDT at at time but still if in worst case even 60% group reachces to threshold at one time due to burst for sometime, how can be it taken care with this limitation ??


Any of your suggetion welcome ?


 


 


Harold Ritter Sun, 02/01/2009 - 14:13
User Badges:
  • Cisco Employee,


Chintan,


 


It is certainly possible to go over 256 customer multicast streams. If you go over the limit, the data MDT groups will be reused for additional customer multicast streams.


 


Regards

Actions

This Discussion