Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Inter-AS multicastVPN

Does pim Sparse-mode support the inter-as multicast VPN?

i guess only PIM SSM supports the multicast vpn in inter-as configuration... just to cross check...

regards

Devang Patel

47 REPLIES
Cisco Employee

Re: Inter-AS multicastVPN

Devang,

It is certainly possible to support PIM Sparse mode ASM in an InterAS context. You would simply need to use MSDP between the two ASes. SSM would definitely be simpler though. SSM does require that all routers support the mBGP MDT SAFI.

Regards,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Silver

Re: Inter-AS multicastVPN

MDT safi is only required on sender side , receiver can be used any.

regards

shivlu

Cisco Employee

Re: Inter-AS multicastVPN

Shivlu,

The PEs are both senders and receivers as far as the default MDT is concerned.

Regards,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Silver

Re: Inter-AS multicastVPN

Hritter

You are right but I am talking about mdt-safi not mdt-default, have tested in my LAB in which my source is using mdt-safi and receiver is using only MP-BGP with default mdt.

regards

shivlu

Cisco Employee

Re: Inter-AS multicastVPN

Shivlu,

The MDT SAFI is used by a PE to signal itself as a new source on the default MDT to the other PEs.

Therefore you would need to have MDT SAFI support on both sides.

Regards,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Silver

Re: Inter-AS multicastVPN

hritter

Thanks

regards

shivlu

New Member

Re: Inter-AS multicastVPN

Hi Hritter,

We use MSDP between two ASes in case we run PIM-SM in our core. Usually we run MSDP in our network on Core router -may be few Tier1 sites.. Now in case I need to run MSDP to other AS , Shall I use diff router which gets all SA from Core MSDP and then pass to diff AS ?? What is best practice ?

We might think of Option B as Inter-AS for mVPN as we already run Option B for normal L3 VPN with out partnet service provider....

Rgards,

Chintan

Silver

Re: Inter-AS multicastVPN

chintan

remember one thing it should not be extranet. Because anycast is not going to work with extranet.

SSM is the only supported for inter-as communication.

regards

shivlu jain

Cisco Employee

Re: Inter-AS multicastVPN

Shivlu,

Are you referring to Extranet or InterAS?

I am not sure what you mean by "SSM is the only supported for inter-as communication".

You could certainly have ASM to work with InterAS mVPN by having one RP in each AS exchanging Source Active (SA) messages between themselves. This would be in a option 10c context though.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Inter-AS multicastVPN

Hi Hritter,

I was going through below link for inter-AS :

http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/iasmcvpn.html

I see that option C also cisco indicates to use PIM-SSM , BGP MDT SAFI. In fact, cisco says that PIM-SSM in core is must for even default MDT for otpoin B & C.

Is it true that i can't have option C if i have PIM-SM (ASM) in core for default MDT ? I can't find any example on CCO.

Regards,

Chintan

Cisco Employee

Re: Inter-AS multicastVPN

Chintan,

You can definitely use ASM with option C. In fact, this is the only way you would be able to interoperate with the other vendor.

The idea, would be to have an RP (or group of RPs) in each AS and to run MSDP between the RPs in each AS.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Silver

Re: Inter-AS multicastVPN

hritter

The document posted by chintan is also saying that SSM should be in the core in case of inter-as mvpn. May be the document is old but I donot think so for mVPN still cisco supports anycast. Anycast with msdp is for ip vpn inter as cloud. Kindly clarify can we use anycast for mVPN if yes please provide the doc link.

To all:- One thing i would like to add if you are going for mVPN with SSM in inter-as then mdt safi should be used because in previous implementation of cisco type 2 rd is used which is actually for inter-as communication.

regards

shivlu jain

Cisco Employee

Re: Inter-AS multicastVPN

Shivlu,

I am not referring to Anycast here but rather to running ASM (pim-sm) with a separate RP per AS and then an MSDP session between the two ASes so that PEs in one AS can join the source tree to a PE in the other AS. Again, this would be your only option if you were to build an InterAS mVPN network in a dual vendor environment.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Inter-AS multicastVPN

Hi Hritter,

So, as you said I use ASM(PIM-SM) in my core for Default MDT with multivendor enviroment and also do Inter-AS with partner using MSDP between our AS RP and partnet RP. Thanks for clarification on this .

But at the same time i will still require to use RFP Vector, BGP connector attribute for option C for RPF check on remote AS P router?? and i guess that is too also only supported in cisco so can i still go ahead with multivendor enviroment ??

I would apprcieate if you can share some case study , document for Inter-AS when i have ASM in Core and use MSDP between two AS.

Thanks again,

Regards,

Chintan

Cisco Employee

Re: Inter-AS multicastVPN

Chintan,

RPF Vector and the connector attribute are not required for option 10c.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: Inter-AS multicastVPN

Chintan,

Let me explain why the connector attribute and the RPF vector are generally not required in an option 10c scenario.

The connector attribute is used instead of the VPNv4 NH to perform the RPF check for C-Domain multicast streams received on the default or data MDT. This is required in an option 10b scenario as the VPNv4 NH will be changed by the ASBR, which would normally cause the RPF check to fail. In the case of option 10c, the VPNv4 session is from PE to PE or from RR to RR and the VPNv4 NH is not changed in either cases.

The RPF vector is used to forward PIM control messages towards the source and perform the RPF check in an option 10b scenario. Since the PIM routers in one AS have no routing information for PEs Loopback addresses (sources) in the other AS, the RPF vector (generally the BGP NH for the MDT SAFI updates) is used instead of the source address. Again, This is not required in an option 10c context, as PE's loopback addresses are available between the two ASes.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Inter-AS multicastVPN

Hi Hritter,

Thanks for good explanation. I understand that Option C doesn't not change BGP NH so that PE in one AS has routing info avialable of PE in second AS, which is not a case in Option B.

But still in option C, P router ( I.e PIM router) still need to have knowledge of remtoe AS PE loopack ( source), and if AS is BGP-free core, how will that know ? in that case, i guess , still RPF vector will require but not connector attribute.

The reason i asked because we have plan to hae BGP less free core or it might be the case for our partner AS.

please correct me if i am wrong.

Thanks

Chintan

Cisco Employee

Re: Inter-AS multicastVPN

Chintan,

That is correct. BGP free core is a case in which you would need to use the RPF vector. Otherwise, it is not required in option 10c.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Inter-AS multicastVPN

Hi Hritter,

Thanks for clarification and clearing my understanding.

so if i have BGP free core and need to use RPF vector , It doesn't mean i still have to have BGP MDT SAFI right ? I can still use Option C without BGP MDT SAFI.

May be one of AS has BGP free core and other still have BGP running :-).

Regards,

Chintan

Cisco Employee

Re: Inter-AS multicastVPN

Chintan,

I don't think you need the MDT SAFI updates to use the RPF vector but the issue is that the RPF vector needs to be supported by the edge devices (initiating the joins towards the source) and by the core routers (in the BGP free core). Since this RPF Vector is not currently supported by Juniper, this will be a problem in a mix network.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: Inter-AS multicastVPN

Chintan,

Here is the draft defining the RPF Vector.

http://tools.ietf.org/html/draft-ietf-pim-rpf-vector-08

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Inter-AS multicastVPN

Ah, One more pity in mix network, It is really become frustrating for service provider.

The problem is Juniper is drving more towards NG MVPN so it is almost impossible that now Juniper support BGP MDT SAFI.

We will have to wait till NG MVPN beccome standard and both Cisco and Juniper agree to support.

Another problem I have is, we already have Option B as Inter-As option with our partner for unicast MPLS VPN and they are planning PIM-SSM in Corr (draft-rosen) as they have single vendor ( Cisco).

In that case option i see, use PIM-SSM in core and don't terminate mVPN customer on Juniper ( still they are Very very less comapre to Cisco as PE).

Or use PIM-SM lowest one for both juniper and Cisco and work with partner to see alternative solution , looks difficult although.

But I must heartly thank you on your continued quick response and sharing good info and very good discussion among all of us. This is one of my best discusison on Netpro till now :-)

I keep you disturb you guys in case i have further doubt, i am intial stage of design and want to go to right direction from begining...

Cisco Employee

Re: Inter-AS multicastVPN

Chintan,

> Ah, One more pity in mix network, It is really become frustrating for service provider.

I can understand the frustration. Drafts and RFCs are written in IETF but are not necessarily followed by all vendors.

> The problem is Juniper is drving more towards NG MVPN so it is almost impossible that now Juniper support BGP MDT SAFI.

I heard rumors from one customer of mine, that they would soon support the MDT SAFI. Probably because of customer pressure.

> We will have to wait till NG MVPN beccome standard and both Cisco and Juniper agree to support.

This might happen but it might take a while. I would recommend to use what has been proven and deployed rather then what might be. Again I know it is difficult to find the right mixture.

> In that case option i see, use PIM-SSM in core and don't terminate mVPN customer on Juniper ( still they are Very very less comapre to Cisco as PE).

This would be one of the few options I guess.

> Or use PIM-SM lowest one for both juniper and Cisco and work with partner to see alternative solution , looks difficult although.

This would be another. The only issue is making sure you avoid using any of the features not supported by both vendors.

> But I must heartly thank you on your continued quick response and sharing good info and very good discussion among all of us. This is one of my best discusison on Netpro till now :-)

It is always a pleasure for me to have that kind of discussions.

> I keep you disturb you guys in case i have further doubt, i am intial stage of design and want to go to right direction from begining...

You are certainly not disturbing, on the contrary. I am sure that many people who find themselves in that same situation will find this thread very interesting.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Inter-AS multicastVPN

> The problem is Juniper is drving more towards NG MVPN so it is almost impossible that now Juniper support BGP MDT SAFI.

I heard rumors from one customer of mine, that they would soon support the MDT SAFI. Probably because of customer pressure.

==>> Hope this is not rumors and it is true. I will also try to pressure Juniper through my managment for this :-).

I should also thank Shivlu for his contribution and help on sharing some info.

Shivlu- I already joined your blog of MPLSVPN and see good mails every day morning :-).

last but not least , thanks to Devang opening this thread that give us opprtunity :-).

Cheers,

New Member

Re: Inter-AS multicastVPN

Hi Hritter,

I think you were right , it is not rumours but true that Juniper is going to support MDT SAFI. In fact, they have now support avialable in JunOs 9.4 onwards.

- Chapter -17 - on Draft-rosen

(http://www.juniper.net/techpubs/software/junos/junos94/swconfig-multicast/swconfig-multicast.pdf)

BTW, I also go to know this was only done to pressure from some big customer but goingforward Multicast VPN will be based on P2MP LSP , this is way Juniper is going ahead.

I see this year Networks Online session on Multicast and find taht Cisco is already working on mLDP and P2MP LSP for labelled based mVPN. This will interoperate with other vendor...

Not sure, if you can give some info on Cisco's apporach on this new technology for mVPN and it looks far better than PIM based to avoid scalability issue and having PIM Free Core :)..

Regards,

Chintan

Re: Inter-AS multicastVPN

Hritter/Sivlu,

Good discussion is going on MVPN! Okay so if I will leak the loopback of PEs in each other AS then are there any chances of RFP failure; if yes then what will be requirement to avoid the RFP failure (I am talking about option B)?

I am not talking about of using Multicast family in BGP!

thanks,

Devang Patel

New Member

Re: Inter-AS multicastVPN

Hi Devang,

What i learnt from Hritter and shivlu from this discussion that , if you want to go with optoin -B , you need BGP MDT address-family support and that don't need to leak loopback of PEs. so everythign will be fine. But as i have multivendor enviroment, it will be tough , as say juniper doesn't support BGP MDT SAFI.

But if we use PIM-SM (ASM) for default and PIM-SSM for DATA MDT as per draft rosen , we can't have Option -B and we have to use option A or C. For option C you any way exchange PE loopback between two AS throgh RR peering so RPF will not be problem.

But one thing i am still waitning from hritter that what if Core is BGP free whee i wil not have information on remote AS PE loopback and have to do RPF check.

REgards,

Chintan

New Member

Re: Inter-AS multicastVPN

This is my understanding from this discusion.

Hritter , if you see i have wrong understanding, please correct me.

Regards,

Cisco Employee

Re: Inter-AS multicastVPN

Chintan,

Your understanding is correct.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
1500
Views
12
Helpful
47
Replies