mVPN Core Multicast group addresing

Answered Question
May 20th, 2009
User Badges:

Hi,


I have to run PIM-SM and PIM-SSM based both in Core. This is purely due to multivendor enviroment.


When I have all customer sites on cisco, i will run PIM-SSM ( default +data) and when i have multivendor in picture will run PIM-SM ( default) for specific customer. This will purely product team driven.


Now, I have to make sure that i use proper different Multicast group for both.


I have in mind that


1. PIM-SM - 239.192.0.0/16 range.

where 239.192.1.1 - default mdt, 239.192.2.0/24 - DATA MDT per customer

same way second customer 239.192.1.2 - default , 239.192.3.0/24 - DATA MDT


2. PIM-SSM : 239.232.0.0/16

customer -1

239.232.1.1 - default mdt

239.232.2.0/24 - data mdt

customer-2

239.232.1.2 - default mdt

293.232.3.0/24- data mdt ..so on.


With this, I have following configuation :


ip pim rp-address 1.1.1.1 SM-RANGE


ip pim ssm range SSM-RANGE


ip access-list standard SSM-RANGE

permit 239.232.0.0 0.0.255.255


ip access-list standard SM-RANGE

permit 239.192.0.0 0.0.255.255


ip vrf VPN-A

description A Customer using MVPN SM

rd 65000:65003

route-target both 65000:65000

mdt default 239.192.1.1

mdt data 239.192.2.0 0.0.0.15 threshold 1


ip vrf VPN-B

description A Customer using MVPN SSM

rd 65000:65011

route-target both 65000:65000

mdt default 239.232.1.1

mdt data 239.232.2.0 0.0.0.15 threshold


ip multicast-routing

ip multicast-routing vrf VPN-A

ip multicast-routing vrf VPN-B


Is this looking corect ? I have one doubt is, the DATA MDT range used for PIM-SM based solution should be in SM ACL or SSM ACL ??


Any suggestion on Multicast addressing for my requirment ? I would apprcieate the help !!


Regards,

Chintan


Regards,

Chitnan

Correct Answer by Laurent Aubert about 8 years 1 month ago

Hi,


Let's say you use PIM-SM for the Data-MDT and you have the same pool configured for the same Multicast Domain or mVPN.


If two PEs connected to two different customer sources using different groups choose the same Data-MDT group, each PE joining this Data-MDT will receive both traffic even if their receivers are interested only with one customer group.


If you let the PEs to switchover to the SPT, they could also choose the wrong source PE.


Here is an extract from Rozen draft about this issue:


"

7.3. Use of SSM for Data MDTs



The use of Data MDTs requires that a set of multicast P-addresses be

pre-allocated and dedicated for use as the destination addresses for

the Data MDTs.


If SSM is used to set up the Data MDTs, then each MD needs to be

assigned a set of these of multicast P-addresses. Each VRF in the MD

needs to be configured with this set (i.e., all VRFs in the MD are

configured with the same set). If there are n addresses in this set,

then each PE in the MD can be the source of n Data MDTs in that MD.


If SSM is not used for setting up Data MDTs, then each VRF needs to

be configured with a unique set of multicast P-addresses; two VRFs in

the same MD cannot be configured with the same set of addresses.

This requires the pre-allocation of many more multicast P-addresses,

and the need to configure a different set for each VRF greatly

complicates the operations and management. Therefore the use of SSM

for Data MDTs is very strongly recommended.

"


So the best design in your case is to have PIM-SM (without switchover to the SPT) for the default-MDT and PIM-SSM for the Data-MDT as already explained by Harold. This should be supported by all vendors.


Regarding your SLA, if you are using anycast RP, your convergence time is the same as for PIM-SSM, it relies only on the speed of your IGP to converge.


HTH


Laurent.

Correct Answer by Harold Ritter about 8 years 1 month ago

Chintan,


Assuming you will always use PIM SSM for the DATA MDT, you can use the same pool on all PEs as PIM SSM uses both the multicast address and the source address to identify a given multicast stream. So using the same pool on a all PEs is not an issue as long as the pool is unique on the PE.


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Harold Ritter Wed, 05/20/2009 - 18:13
User Badges:
  • Cisco Employee,

Chintan,


Picking a different approach for different customers will make this network more complicated to provision, support and troubleshoot.


I would suggest you pick the one approach that fits all vendors (lowest common denominator) and that you use it for all customers. This will probably save lots of headaches.


Regards

chintan-shah Wed, 05/20/2009 - 22:52
User Badges:

Hi Hritter,


I agree with you but problem is we have some of customer requirments like fast convergance where PIM-SM doesn't give be nefit due to RP/MSDP Infra and so we might have to use PIM-SSM.


But there are some customers who have specially not specific SLA and some of sites on DSL for which BRAS doesn't support PIm-SSM and we are forced to give PIM-SM . that's why we feel to keep two approach and going foraward i would like to keep only PIM-SSM once vendor support this....


I am still under evaluation stage and will also have word with our cisco AS team.


Many thanks for your feedback.


Regards,

Chintan

Laurent Aubert Wed, 05/20/2009 - 18:32
User Badges:
  • Cisco Employee,

Hi,


It works for PIM SSM because the source will be different so you can use the same Data-MDT pool for the same mVPN on different PE.


But with PIM-SM, you will not be able to differentiate two different sources for which their attached PEs chose the same Data-MDT so you need a pool per mVRF instead of per mVPN


Also your configuration looks correct.


HTH


Laurent.

chintan-shah Wed, 05/20/2009 - 22:56
User Badges:

Hi Laurent,


When you say PIm-SM, I will neer pool per mVRF instead of per mVPN.


Does it mean that if i have 100 sites say connected to 20 PE in network , I will have to use total 20 different DATA POOL.


like : 239.192.2.0/24 ---239.192.21.0/24 ?


Regards,

Chintan

shivlu jain Wed, 05/20/2009 - 23:08
User Badges:
  • Silver, 250 points or more

Hi Chintan


You can use the same pool across all the PE. Because data mdt will be used as a single per PE. SO if you are using /24 pool it means 255 PE can be connetced for same mVPN custmer.


regards

shivlu jain

chintan-shah Wed, 05/20/2009 - 23:20
User Badges:

Hi Shivlu,


I had a same understanding but as per laurent it is not a case , as he says for PIM-SM, you will have to use different pool per mVRF not per mVPN.


Am I understanding something wrong here ?


REgards,

Chintan

Correct Answer
Harold Ritter Thu, 05/21/2009 - 03:13
User Badges:
  • Cisco Employee,

Chintan,


Assuming you will always use PIM SSM for the DATA MDT, you can use the same pool on all PEs as PIM SSM uses both the multicast address and the source address to identify a given multicast stream. So using the same pool on a all PEs is not an issue as long as the pool is unique on the PE.


Regards

chintan-shah Thu, 05/21/2009 - 03:42
User Badges:

Hi Hritter,


But if we use PIM-SM for DATA MDT aswell, What Laurent says is applicable and for same customer if they have 10 VRF ( i.e.PE) i have to use 10 different Multicast group range for DATA MDT.


But even I use PIM-SM for Default but DATA on PIM-SSM , What you says would be more sclable solution.


Am i correct ?



shivlu jain Thu, 05/21/2009 - 01:37
User Badges:
  • Silver, 250 points or more

Hi Laurent


It would be better if you explain with the help of some example so that we can get the proper understanding.




regards

shivlu jain

chintan-shah Thu, 05/21/2009 - 04:47
User Badges:

Hi,


Can you direct to any link explaining your input in little detail ?


Regards,

Chintan

shivlu jain Wed, 05/20/2009 - 21:26
User Badges:
  • Silver, 250 points or more

Hi Chintan


The configuration looks fine. If the customer is provisioned with SSM then data and default mdt shoudl be a part of SSM acl. If the customer is provisioned with SM then data and default mdt should be configured in SM acl.

The main logic is that mrouting of data and default should available in global mrouting table.


regards

shivlu jain

Correct Answer
Laurent Aubert Thu, 05/21/2009 - 05:18
User Badges:
  • Cisco Employee,

Hi,


Let's say you use PIM-SM for the Data-MDT and you have the same pool configured for the same Multicast Domain or mVPN.


If two PEs connected to two different customer sources using different groups choose the same Data-MDT group, each PE joining this Data-MDT will receive both traffic even if their receivers are interested only with one customer group.


If you let the PEs to switchover to the SPT, they could also choose the wrong source PE.


Here is an extract from Rozen draft about this issue:


"

7.3. Use of SSM for Data MDTs



The use of Data MDTs requires that a set of multicast P-addresses be

pre-allocated and dedicated for use as the destination addresses for

the Data MDTs.


If SSM is used to set up the Data MDTs, then each MD needs to be

assigned a set of these of multicast P-addresses. Each VRF in the MD

needs to be configured with this set (i.e., all VRFs in the MD are

configured with the same set). If there are n addresses in this set,

then each PE in the MD can be the source of n Data MDTs in that MD.


If SSM is not used for setting up Data MDTs, then each VRF needs to

be configured with a unique set of multicast P-addresses; two VRFs in

the same MD cannot be configured with the same set of addresses.

This requires the pre-allocation of many more multicast P-addresses,

and the need to configure a different set for each VRF greatly

complicates the operations and management. Therefore the use of SSM

for Data MDTs is very strongly recommended.

"


So the best design in your case is to have PIM-SM (without switchover to the SPT) for the default-MDT and PIM-SSM for the Data-MDT as already explained by Harold. This should be supported by all vendors.


Regarding your SLA, if you are using anycast RP, your convergence time is the same as for PIM-SSM, it relies only on the speed of your IGP to converge.


HTH


Laurent.

chintan-shah Thu, 05/21/2009 - 05:37
User Badges:

Hi Laurent,


Many thanks for excellent explanation on pointing on draft-rosen section. Now I understood well.


I will change my configuation to keep PIN-SM ACL for only Default MDT and PIM-SSM for DATA MDT.


And also can use PIM-SSM Default MDT from same SSM based range.


Sorry for multiple mails but i understood well now.


Thanks Hritter for your help too !!


Regards,

Chintan

Laurent Aubert Thu, 05/21/2009 - 05:57
User Badges:
  • Cisco Employee,

My pleasure ;-)


What you can do is :


239.192.0.0/16 for default-MDT

239.232.0.0/16 for Data-MDT.


For each Default-MDT group, you create a pool of 256 addresses from 239.232.0.0/16


This way you can have up to 256 mVPN


HTH


Laurent.

chintan-shah Thu, 05/21/2009 - 06:04
User Badges:

Thanks agian for your suggestion.


I just had slight modification in terms of allocation while configuring.



1. PIM-SM Default

239.192.0.0/16 - Default MDT


2. PIM-SSM Default

239.232.0.0/24 - Default MDT


3. PIM-SSM DATA

239.232.1.0/24.....so on..


So, I use same 239.232.0.0/16 in SSM ACL used for Default and DATA MDT both but defined proper addressing schema during allocation for customer.


Does it make sense ?


Regards,

Chintan

Laurent Aubert Thu, 05/21/2009 - 06:08
User Badges:
  • Cisco Employee,

Why do you use PIM-SSM for default-MDT ?


Just use PIM-SM for all your default-MDT.


Laurent.



chintan-shah Thu, 05/21/2009 - 06:17
User Badges:

I had a same in mind but i have been told that PIM-SSM for Default provides better convergance speically where tight SLA is involved so I prefer to use this only when that specific high SLA customer comes. The driver was speically Fast convergance ( sub-second kind of).



Regards,

Chintan



Laurent Aubert Thu, 05/21/2009 - 06:22
User Badges:
  • Cisco Employee,

Most of the multicast convergence time relies on the convergence time of your IGP so if you are using anycast RP to provide RP redundancy, there should be not difference with PIM-SSM (i'm assuming you are not switching to the SPT)


HTH


Laurent.

chintan-shah Thu, 05/21/2009 - 06:24
User Badges:

Ok, Thanks for you feedback.

I wil plan to test this and SSM both and see the difference. will keep in mind i will have swidtching to SPT when using PIM-SM.


But Does MSDP not involved in convergance imaing two MSDP peer isloadted in core for some time and SA referesh is 60 seconds ?


I will have setup in late June/July start, will keep updating on this.


Regards,

Chintan

Actions

This Discussion