Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

inter-AS mVPN

Is there any way to implement inter-AS mVPN without mdt address-familly support on PE routers?

27 REPLIES
Bronze

Re: inter-AS mVPN

Hi,

If I understand your question you would like to enable multi-vpn without vrf support on the PE routers. This is not a recomended design but if you enable MPLS VPN on the CPE this would work. Your PE routers would then be like P routers just doing tag-switching.

Regards,

Bjornarsb

New Member

Re: inter-AS mVPN

No, I want to do inter-as multicast VPN.

Bronze

Re: inter-AS mVPN

Hi,

Until 2002, the only way to support multicast over a Multiprotocol Label Switching (MPLS) network was for the service provider to build manual generic routing encapsulation (GRE) tunnels between every source-receiver pair. Because of the large administrative costs, this manual configuration solution presents serious challenges even for companies with a small number of sites and customers.

So if you do not want GRE, actually the answer turns out to the same.

The key point is where you enable BGP.

The Interautonomous System (Inter-AS) Support for Multicast VPN feature can be configured on a VRF router, to enable forwarding of Multicast VPN traffic from one site of a VPN Red in Autonomous System 1 to another site of the VPN Red in Autonomous System 2. This feature allows multicast distribution tree (MDT) tunnels to be set up between two provider-edge routers in different autonomous systems without the need to share routing information between the two autonomous systems.

To allow two provider-edge routers to set up an MDT tunnel across autonomous systems, the MDT addresses family needs to be enabled under a Border Gateway Protocol (BGP) configuration.

So again if you enable (move) all functionality on to the CEs, your PEs will be like P routers.

HTH

Regards,

Bjornarsb

Cisco Employee

Re: inter-AS mVPN

Bjornar,

You don't necessarily need the MDT safi to deploy InterAS mVPN. Some vendors do not support this feature yet.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: inter-AS mVPN

Yes, it is possible. Without the MDT SAFI, you will loose the ability to do SSM for the default MDT. The data MDT can still use SSM though.

The way to make it work is to setup your P-domain just as you would do for normal inter-domain multicast. You need to have one or more RPs in each AS and interconnect them using MSDP.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: inter-AS mVPN

Hritter,

ok. I tried the proposed solution using PIM-SM and MSDP in P-domain. Multicast in P-domain works well between both AS, but PE router in another AS simpley does not create tunnel interface and consequently also multicast VPN traffic does not have any way to be forwarded.

Cisco Employee

Re: inter-AS mVPN

What version of IOS are you using? Can you attach the relevant config from one PE on each side.

Thanks,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: inter-AS mVPN

What version of IOS are you using? Can you attach the relevant config from one PE on each side.

Thanks,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: inter-AS mVPN

!

hostname r4

!

boot system flash:c2600-spservicesk9-mz.123-16.bin

!

!

ip vrf ABC2

rd 45:1

route-target export 45:1

route-target import 45:1

route-target import 267:1

mdt default 230.1.1.1

mdt data 230.1.2.0 0.0.0.255 threshold 2

!

ip multicast-routing

ip multicast-routing vrf ABC2

!

!

!

!

interface Loopback0

ip address 17.17.0.4 255.255.255.255

ip pim sparse-mode

no clns route-cache

!

interface FastEthernet0/0.14

encapsulation dot1Q 14

ip vrf forwarding ABC2

ip address 17.17.14.4 255.255.255.0

ip pim sparse-mode

no snmp trap link-status

!

router ospf 14 vrf ABC2

log-adjacency-changes

redistribute bgp 45 subnets

network 17.17.14.4 0.0.0.0 area 0

!

router bgp 45

!

address-family ipv4 vrf ABC2

redistribute connected

redistribute ospf 14

no auto-summary

no synchronization

exit-address-family

!

ip pim rp-address 17.17.0.4

ip pim vrf ABC2 rp-address 17.17.14.4

ip msdp peer 17.17.0.2 connect-source Loopback0 remote-as 267

ip msdp vrf ABC2 peer 17.17.76.6 connect-source FastEthernet0/0.14

!

hostname r6

!

boot system disk0:c7200-spservicesk9-mz.124-4.T6.bin

!

!

!

ip vrf ABC1

rd 267:1

route-target export 267:1

route-target import 267:1

route-target import 45:1

mdt default 230.1.1.1

mdt data 230.1.2.0 0.0.0.255 threshold 2

!

ip multicast-routing

ip multicast-routing vrf ABC1

!

!

!

!

interface Loopback0

ip address 17.17.0.6 255.255.255.255

ip router isis

ip pim sparse-mode

!

interface Loopback16

ip vrf forwarding ABC1

ip address 17.17.76.6 255.255.255.255

ip pim sparse-mode

!

!

interface FastEthernet0/0.68

encapsulation dot1Q 68

ip vrf forwarding ABC1

ip address 17.17.68.6 255.255.255.0

ip pim sparse-mode

no snmp trap link-status

!

!

!

router ospf 67 vrf ABC1

router-id 17.17.0.16

log-adjacency-changes

redistribute bgp 267 subnets

network 17.17.68.6 0.0.0.0 area 0

!

router bgp 267

address-family ipv4 vrf ABC1

redistribute connected

redistribute ospf 67 vrf ABC1

no auto-summary

no synchronization

exit-address-family

!

!

ip pim vrf ABC1 rp-address 17.17.76.6

ip mroute 17.17.0.2 255.255.255.255 17.17.26.2

ip msdp vrf ABC1 peer 17.17.14.4 connect-source Loopback16

!

Cisco Employee

Re: inter-AS mVPN

Ales,

One thing I notice looking at these two configs is that you are missing the rp-address on R6.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: inter-AS mVPN

Harold,

R6 does not have static rp-address, beacause there is dynamic (bootstrap) protocol in R6 domain. Another router acts as RP point. P-domain actually works fine (ping responses). I don't see the reason why R4 does not register to 230.1.1.1 after configuring MDT default. Do you maybe have any ideas what statuses could be worth to check more?

New Member

Re: inter-AS mVPN

One thing to check - without MDT AFI support, there will be an RPF failure against int Tunnel0 (or whichever mGRE interface created for MDT support). Haven't labbed this up, but I'm thinking a static mroute using the Tunnel on each side may correct the issue.

HTH,

Mike

New Member

Re: inter-AS mVPN

Mike,

I see your point using mroutes. The issue is that GRE tunnel is not created on a router that resides in another AS. Is there any way to make it manually?

New Member

Re: inter-AS mVPN

I actually had mGRE in mind.

New Member

Re: inter-AS mVPN

I'd assumed you meant mGRE. The mGRE build is a function of vrf/mdt config, not MDT AFI support. So, it seems to me that you don't need to know the other PE IP addresses, just throw all mcast traffic down the tunnel and it should arrive, no?

At least that's my theory.... ;-)

Cisco Employee

Re: inter-AS mVPN

Mike,

The RPF check should not be an issue as long as the multicast traffic source address is known via a BGP NH equal to neighbor address on the tunnel interface. You do not need to configure a static mroute for this to work.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: inter-AS mVPN

Oops,

I should have been more specific. It won't be an issue if you are doing InterAs with option 10c.

Hope this helps,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: inter-AS mVPN

The issue I'm getting at is where the pim neighbor address seen in the vrf (remote PE global Loopback) fails rpf. For example, R6 receives pim hellos from 17.17.0.4 via the mdt interface. Since 17.17.0.4 is not known in the vrf, rpf for the neighbor fails.

So my suggested mroute on R6 would be something like:

ip mroute vrf ABC2 17.17.0.4 255.255.255.255 tun1 where tun1 is the mdt on R6.

Hope this makes more sense.

Cisco Employee

Re: inter-AS mVPN

Mike,

This is exactly the scenario I had in mind when I said it is not an issue if you are using InterAS with option 10c. The BGP next-hop of your VPNv4 prefix should be the same as your PIM neighbor address on the tunnel interface.

Obviously, this is different if you use option 10a or 10b as 17.17.0.4 is most probably not known to the egress PE.

Cheers,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: inter-AS mVPN

Sorry,

I misunderstood your point. You are referring to the RPF check failure on default MDT itself (p-domain) rather than on the customer traffic (c-domain). Again this will not be an issue if you are doing option 10c as the egress PE learns loopback interfaces addresses for PEs in the remote AS.

This is obviously an issue if you deploy option 10a or 10b without the MDT SAFI.

Cheers,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: inter-AS mVPN

Ales,

Thanks for the info. I just wanted to make sure you had a configured RP.

Does R4 register? R6 should indeed register as soon as you configure the MDT default. Can you do a "show ip pim rp map" on R4.

Thanks,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: inter-AS mVPN

R6 did register, but R4 didn't:

r6#sh ip mro

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,

L - Local, P - Pruned, R - RP-bit set, F - Register flag,

T - SPT-bit set, J - Join SPT, M - MSDP created entry,

X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,

U - URD, I - Received Source Specific Host Report,

Z - Multicast Tunnel, z - MDT-data group sender,

Y - Joined MDT-data group, y - Sending to MDT-data group

Outgoing interface flags: H - Hardware switched, A - Assert winner

Timers: Uptime/Expires

Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 230.1.1.1), 00:00:04/00:02:55, RP 17.17.0.2, flags: SJCZ

Incoming interface: FastEthernet0/0.26, RPF nbr 17.17.26.2, Mroute

Outgoing interface list:

MVRF ABC1, Forward/Sparse, 00:00:04/00:02:55

(*, 224.0.1.40), 00:00:04/00:02:55, RP 0.0.0.0, flags: DCL

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

Loopback0, Forward/Sparse, 00:00:04/00:02:55

r6#

r4#sh ip mro

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,

L - Local, P - Pruned, R - RP-bit set, F - Register flag,

T - SPT-bit set, J - Join SPT, M - MSDP created entry,

X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,

U - URD, I - Received Source Specific Host Report,

Z - Multicast Tunnel, z - MDT-data group sender,

Y - Joined MDT-data group, y - Sending to MDT-data group

Outgoing interface flags: H - Hardware switched, A - Assert winner

Timers: Uptime/Expires

Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.0.1.40), 1d02h/00:03:02, RP 17.17.0.4, flags: SJCL

Incoming interface: Null, RPF nbr 0.0.0.0

Outgoing interface list:

Loopback0, Forward/Sparse, 1d02h/00:02:08

FastEthernet0/0.45, Forward/Sparse, 1d02h/00:03:02

r4#

R4 has statically configured RP, R6 in another AS has dynamically assigned RP:

r6#sh ip pim rp mapping

PIM Group-to-RP Mappings

Group(s) 224.0.0.0/4

RP 17.17.0.2 (?), v2

Info source: 17.17.0.2 (?), via bootstrap, priority 0, holdtime 210

Uptime: 4d03h, expires: 00:03:24

r6#ő

r4#

r4#sh ip pim rp ma

PIM Group-to-RP Mappings

Group(s): 224.0.0.0/4, Static

RP: 17.17.0.4 (?)

r4#

Cisco Employee

Re: inter-AS mVPN

Interesting. Can you please post the entire config for R4.

Thanks,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: inter-AS mVPN

Ales,

Could you confirm whether the tunnel interface was created or not (sh ip int brief and then show int tuX for the specific tunnel).

Thanks,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: inter-AS mVPN

Tunnel interface was not created.

Anyway, I found the solution. I changed the IOS sw of R4 to the one of R6 and R4 registered to MDT default normally :-) So it was the IOS sw issue :-(

Cisco Employee

Re: inter-AS mVPN

Ales,

Glad you solved the issue. Thanks for the feedback.

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: inter-AS mVPN

Thank you for your help.

328
Views
10
Helpful
27
Replies
CreatePlease to create content