Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Multicast VPN issue

I've got 2 core routers peered via BGP. I have deployed a Multicast VPN between them based on the following doc:

http://www.cisco.com/en/US/tech/tk828/tech_digest09186a00801a64a3.html

I actually see the multicast routes on all of the VRF's being broadcast from router to router and throughout the entire network. However, I am not able to see Multicast traffic passing. This is a very bizarre problem. Attached is the pertinent configs for the 2 routers.

Any ideas?

32 REPLIES
Silver

Re: Multicast VPN issue

Hi,

Assume you have no problems with ipv4 unicast between vpn sites?

Do you see the traffic pass through the core from PE to PE?

Does the mVPN tunnel interface come up?

Can you provide the following;

from PE

show ip pim vrf CustomerA interface

show ip mr vrf CustomerA

from CE

show ip pim interface

show ip mr

HTH

LR

Community Member

Re: Multicast VPN issue

Assume you have no problems with ipv4 unicast between vpn sites?

No problems- traffic flows normally

Do you see the traffic pass through the core from PE to PE?

regular traffic- yes- no problems, multicast traffic- I see the routes only- no multicast data

Does the mVPN tunnel interface come up?

Yes it does- for both VRFs

Cisco Employee

Re: Multicast VPN issue

Greg,

The control plane information looks good indeed. What do you use to generate the multicast stream? Can you check what TTL value you use when you generate these streams.

Regards,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: Multicast VPN issue

The test program we are using has a ttl of 15. I am looking at the client that we are using as well.

Community Member

Re: Multicast VPN issue

The actual client and multicast server we are using for the application has a ttl of 128.

Re: Multicast VPN issue

Hi,

What Multicasting mode are you running on your VRF connected routers? as I am not able to find any rp-address configuration under your vrf configuration.

regards

Devang Patel

Re: Multicast VPN issue

I mean there should be entry of "ip pim vrf customerx rp-address" if you have PIM SPARSE MODE is running for the customer end.

Cisco Employee

Re: Multicast VPN issue

Devang,

It should be fine as auto-rp is configured on Core router B:

ip pim vrf CustomerA send-rp-announce Loopback2 scope 16

ip pim vrf CustomerA send-rp-discovery Loopback2 scope 16

ip pim vrf CustomerB send-rp-announce Loopback1 scope 16

ip pim vrf CustomerB send-rp-discovery Loopback1 scope 16

!

Regards,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Silver

Re: Multicast VPN issue

Hi,

How are verifying that traffic is not passing?

PEA has no cust vrf PIM neighbours, so the traffic will not flow end to end.

Can you verify that?

LR

Community Member

Re: Multicast VPN issue

Actually, PEA has several vrf PIM neighbors on both VRFs. I have confirmed that multicast traffic flows correctly within the individual PE's, but just not over the tunnel (even though the routing information shows up). I had rebooted both routers at one point, and when that occurred, multicast traffic was flowing over the tunnel, but unicast would not traverse the bgp connection at all. We had to break the tunnel by removing the mdt default statements. Once I put those statements back in, we see what we are seeing now. When the router first rebooted we saw unicast traffic trying to traverse thru the tunnel.

Silver

Re: Multicast VPN issue

Hi,

So both CE routers see PEA as the RP, via auto-rp?

show ip pim rp map

HTH

LR

Community Member

Re: Multicast VPN issue

Everything sees PEB (Core-2) as the RP via auto-rp- this is on both VRF's

Cisco Employee

Re: Multicast VPN issue

Greg,

Could you please do a "show ip mroute count" for a specific s,g on the CE where you do have receivers. Could you also check that the RPF check is successful using "show ip rpf " on that same CE.

Regards,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: Multicast VPN issue

CustomerB Site#sh ip mroute 239.195.0.0 count

IP Multicast Statistics

30 routes using 16838 bytes of memory

16 groups, 0.87 average sources per group

Forwarding Counts: Pkt Count/Pkts(neg(-) = Drops) per second/Avg Pkt Size/Kilobits per second

Other counts: Total/RPF failed/Other drops(OIF-null, rate-limit etc)

Group: 239.195.0.0, Source count: 4, Packets forwarded: 333727, Packets received: 333733

RP-tree: Forwarding: 0/0/0/0, Other: 0/0/0

Source: 10.0.36.254/32, Forwarding: 102371/1/486/5, Other: 102377/6/0

Source: 10.0.50.254/32, Forwarding: 39902/1/458/1, Other: 39902/0/0

Source: 192.168.253.252/32, Forwarding: 160692/1/494/2, Other: 160692/0/0

Source: 192.168.253.254/32, Forwarding: 30762/1/392/3, Other: 30762/0/0

CustomerB Site#sh ip rpf 10.0.50.254

RPF information for ? (10.0.50.254)

RPF interface: Multilink1

RPF neighbor: ? (192.168.252.1)

RPF route/mask: 10.0.50.0/24

RPF type: unicast (bgp 65502)

RPF recursion count: 2

Doing distance-preferred lookups across tables

CustomerB Site#

10.0.50.254 is a server broadcasting a multicast stream for CustomerB. Its information is not making it across the Tunnel, even though the route itself is.

Community Member

Re: Multicast VPN issue

CustomerA Site>sh ip mroute 239.194.0.0 count

Multicast route-limit: 200000

IP Multicast Statistics

23 routes using 13408 bytes of memory

12 groups, 0.91 average sources per group

Forwarding Counts: Pkt Count/Pkts(neg(-) = Drops) per second/Avg Pkt Size/Kilobits per second

Other counts: Total/RPF failed/Other drops(OIF-null, rate-limit etc)

Group: 239.194.0.0, Source count: 4, Packets forwarded: 31713, Packets received: 31738

RP-tree: Forwarding: 2280/0/212/0, Other: 2305/0/25

Source: 10.105.0.250/32, Forwarding: 679/0/212/0, Other: 679/0/0

Source: 10.105.0.253/32, Forwarding: 1287/0/359/0, Other: 1287/0/0

Source: 10.105.0.254/32, Forwarding: 3585/0/496/0, Other: 3585/0/0

Source: 10.105.8.10/32, Forwarding: 23882/1/458/3, Other: 23882/0/0

CustomerA Site>sh ip rpf 10.105.0.254

RPF information for ? (10.105.0.254)

RPF interface: Serial5/1

RPF neighbor: ? (10.105.255.1)

RPF route/mask: 10.105.0.0/24

RPF type: unicast (bgp 65512)

RPF recursion count: 2

Doing distance-preferred lookups across tables

CustomerA Site>

10.105.0.254 is a server off of Core-1 that is broadcasting a stream over to Core-2 thru the tunnel. The route is making it, however, the actual information is not. CustomerA Site is off of Core-2

Cisco Employee

Re: Multicast VPN issue

Greg,

The counters above are incrementing, showing that not only the control plane is functioning as it should but also the data plane.

According to output you posted before, these streams are forwarded on interface Gig0/1.

(10.105.0.254, 239.194.0.0), 12:43:14/00:03:24, flags: T

Incoming interface: Serial5/1, RPF nbr 10.105.255.1

Outgoing interface list:

GigabitEthernet0/1, Forward/Sparse-Dense, 12:43:14/00:02:32

What is connected to that interface? Are there any receivers connected to CustomerA_Site?

Regards,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Community Member

Re: Multicast VPN issue

yes, there are about 70 users that are supposed to be receiving the data stream. All we see is the control stream though. We've done wireshark traces- and all we are seeing is control traffic.

Cisco Employee

Re: Multicast VPN issue

Greg,

My point is that the multicast streams are getting to this specific box. On which interfaces are the end users connected and is PIM enabled on these interfaces.

Regards,

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Silver

Re: Multicast VPN issue

from the config I come to know that there is sparse-mode for the backhaul connectivity; but donot you think that there is should be ip pim auto-rp listener command for the flooding of group of 39 and 40.

regards

shivlu

Community Member

Re: Multicast VPN issue

Shivlu,

Can you give me an example of what that should look like? I'm more than willing to give it a try...

Silver

Re: Multicast VPN issue

what i means, it u r using spare-mode then ip pim auto-rp listner is required.Becasue without this the group to rp mapping won't happen in case of rp loose. Another thing is that are u advertising your rp by using access list. Becasue if u are not using a access-list for your group, so by default it will be using 224.0.0.0 group but for auto-rp you damn need 239 group. So create acl fo r239 grp and bind it with the auro command in advertising.

regards

shivlu

Silver

Re: Multicast VPN issue

command is ip pim auto-rp listner.

Actually what happens when you configure auto-rp it requires 224.0.0.39 and 224.0.0.40 group and these groups has been identified with the help of dense mode. But in configs you are using sparse mode; so the intial group information is not flooded. When you entered the command in every router you see the the twp above mentioned groups.Once you get this all will work fine.

regards

shivlu

Community Member

Re: Multicast VPN issue

I entered the "ip pim autorp listener" command in the routers in question. I see little bits of traffic traversing the tunnel- but nothing with consistency. I dont understand what you were talking about with the access lists. I added simply that command- what else is this requiring?

Thanks

Greg

Silver

Re: Multicast VPN issue

Greg,

Ok , Please let me know are you using auto-rp or BSR. If auto-RP is there, then r u using pim-sparse mode or pim sparse-dense-mode.

regards

shivlu

Community Member

Re: Multicast VPN issue

We are using auto-RP. Based on the config guide for this- we are using sparse-dense mode for the connections to CE routers, sparse-mode between the cores.

Community Member

Re: Multicast VPN issue

That's the really strange part- I see that traffic shows up on the routers- but when I put a wireshark client on the network- I dont see the multicast streams making it out. Nor do I see it on any of the machines. It looks like controls are making it thru the tunnel, the streams are not.

Silver

Re: Multicast VPN issue

can you post the output of shouw ip mroute for vrf specific

regards

shivlu

Community Member

Re: Multicast VPN issue

Here are the show ip mroute commands- Like I said before - the control packets (and routes) come thru fine. The data just isnt traversing the tunnels correctly

Community Member

Re: Multicast VPN issue

End users are connected to many of the different interfaces on the PE. They are all ip pim sparse-dense-mode. Im getting really confused by this problem. None of our guys can figure this out.

984
Views
0
Helpful
32
Replies
CreatePlease to create content