Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

mVPN Core Multicast group addresing

Hi,

I have to run PIM-SM and PIM-SSM based both in Core. This is purely due to multivendor enviroment.

When I have all customer sites on cisco, i will run PIM-SSM ( default +data) and when i have multivendor in picture will run PIM-SM ( default) for specific customer. This will purely product team driven.

Now, I have to make sure that i use proper different Multicast group for both.

I have in mind that

1. PIM-SM - 239.192.0.0/16 range.

where 239.192.1.1 - default mdt, 239.192.2.0/24 - DATA MDT per customer

same way second customer 239.192.1.2 - default , 239.192.3.0/24 - DATA MDT

2. PIM-SSM : 239.232.0.0/16

customer -1

239.232.1.1 - default mdt

239.232.2.0/24 - data mdt

customer-2

239.232.1.2 - default mdt

293.232.3.0/24- data mdt ..so on.

With this, I have following configuation :

ip pim rp-address 1.1.1.1 SM-RANGE

ip pim ssm range SSM-RANGE

ip access-list standard SSM-RANGE

permit 239.232.0.0 0.0.255.255

ip access-list standard SM-RANGE

permit 239.192.0.0 0.0.255.255

ip vrf VPN-A

description A Customer using MVPN SM

rd 65000:65003

route-target both 65000:65000

mdt default 239.192.1.1

mdt data 239.192.2.0 0.0.0.15 threshold 1

ip vrf VPN-B

description A Customer using MVPN SSM

rd 65000:65011

route-target both 65000:65000

mdt default 239.232.1.1

mdt data 239.232.2.0 0.0.0.15 threshold

ip multicast-routing

ip multicast-routing vrf VPN-A

ip multicast-routing vrf VPN-B

Is this looking corect ? I have one doubt is, the DATA MDT range used for PIM-SM based solution should be in SM ACL or SSM ACL ??

Any suggestion on Multicast addressing for my requirment ? I would apprcieate the help !!

Regards,

Chintan

Regards,

Chitnan

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: mVPN Core Multicast group addresing

Chintan,

Assuming you will always use PIM SSM for the DATA MDT, you can use the same pool on all PEs as PIM SSM uses both the multicast address and the source address to identify a given multicast stream. So using the same pool on a all PEs is not an issue as long as the pool is unique on the PE.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
Cisco Employee

Re: mVPN Core Multicast group addresing

Hi,

Let's say you use PIM-SM for the Data-MDT and you have the same pool configured for the same Multicast Domain or mVPN.

If two PEs connected to two different customer sources using different groups choose the same Data-MDT group, each PE joining this Data-MDT will receive both traffic even if their receivers are interested only with one customer group.

If you let the PEs to switchover to the SPT, they could also choose the wrong source PE.

Here is an extract from Rozen draft about this issue:

"

7.3. Use of SSM for Data MDTs

The use of Data MDTs requires that a set of multicast P-addresses be

pre-allocated and dedicated for use as the destination addresses for

the Data MDTs.

If SSM is used to set up the Data MDTs, then each MD needs to be

assigned a set of these of multicast P-addresses. Each VRF in the MD

needs to be configured with this set (i.e., all VRFs in the MD are

configured with the same set). If there are n addresses in this set,

then each PE in the MD can be the source of n Data MDTs in that MD.

If SSM is not used for setting up Data MDTs, then each VRF needs to

be configured with a unique set of multicast P-addresses; two VRFs in

the same MD cannot be configured with the same set of addresses.

This requires the pre-allocation of many more multicast P-addresses,

and the need to configure a different set for each VRF greatly

complicates the operations and management. Therefore the use of SSM

for Data MDTs is very strongly recommended.

"

So the best design in your case is to have PIM-SM (without switchover to the SPT) for the default-MDT and PIM-SSM for the Data-MDT as already explained by Harold. This should be supported by all vendors.

Regarding your SLA, if you are using anycast RP, your convergence time is the same as for PIM-SSM, it relies only on the speed of your IGP to converge.

HTH

Laurent.

20 REPLIES
Cisco Employee

Re: mVPN Core Multicast group addresing

Chintan,

Picking a different approach for different customers will make this network more complicated to provision, support and troubleshoot.

I would suggest you pick the one approach that fits all vendors (lowest common denominator) and that you use it for all customers. This will probably save lots of headaches.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: mVPN Core Multicast group addresing

Hi Hritter,

I agree with you but problem is we have some of customer requirments like fast convergance where PIM-SM doesn't give be nefit due to RP/MSDP Infra and so we might have to use PIM-SSM.

But there are some customers who have specially not specific SLA and some of sites on DSL for which BRAS doesn't support PIm-SSM and we are forced to give PIM-SM . that's why we feel to keep two approach and going foraward i would like to keep only PIM-SSM once vendor support this....

I am still under evaluation stage and will also have word with our cisco AS team.

Many thanks for your feedback.

Regards,

Chintan

Cisco Employee

Re: mVPN Core Multicast group addresing

Hi,

It works for PIM SSM because the source will be different so you can use the same Data-MDT pool for the same mVPN on different PE.

But with PIM-SM, you will not be able to differentiate two different sources for which their attached PEs chose the same Data-MDT so you need a pool per mVRF instead of per mVPN

Also your configuration looks correct.

HTH

Laurent.

New Member

Re: mVPN Core Multicast group addresing

Hi Laurent,

When you say PIm-SM, I will neer pool per mVRF instead of per mVPN.

Does it mean that if i have 100 sites say connected to 20 PE in network , I will have to use total 20 different DATA POOL.

like : 239.192.2.0/24 ---239.192.21.0/24 ?

Regards,

Chintan

Silver

Re: mVPN Core Multicast group addresing

Hi Chintan

You can use the same pool across all the PE. Because data mdt will be used as a single per PE. SO if you are using /24 pool it means 255 PE can be connetced for same mVPN custmer.

regards

shivlu jain

New Member

Re: mVPN Core Multicast group addresing

Hi Shivlu,

I had a same understanding but as per laurent it is not a case , as he says for PIM-SM, you will have to use different pool per mVRF not per mVPN.

Am I understanding something wrong here ?

REgards,

Chintan

Silver

Re: mVPN Core Multicast group addresing

Hi Chintan

It is truly said by laurent.

Please check the section 4.1 of the given link

http://tools.ietf.org/html/draft-rosen-vpn-mcast-07

regards

shivlu jain

Cisco Employee

Re: mVPN Core Multicast group addresing

Chintan,

Assuming you will always use PIM SSM for the DATA MDT, you can use the same pool on all PEs as PIM SSM uses both the multicast address and the source address to identify a given multicast stream. So using the same pool on a all PEs is not an issue as long as the pool is unique on the PE.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México 
Paseo de la Reforma 222 Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: mVPN Core Multicast group addresing

Hi Hritter,

But if we use PIM-SM for DATA MDT aswell, What Laurent says is applicable and for same customer if they have 10 VRF ( i.e.PE) i have to use 10 different Multicast group range for DATA MDT.

But even I use PIM-SM for Default but DATA on PIM-SSM , What you says would be more sclable solution.

Am i correct ?

Silver

Re: mVPN Core Multicast group addresing

Hi Laurent

It would be better if you explain with the help of some example so that we can get the proper understanding.

regards

shivlu jain

New Member

Re: mVPN Core Multicast group addresing

Hi,

Can you direct to any link explaining your input in little detail ?

Regards,

Chintan

Silver

Re: mVPN Core Multicast group addresing

Hi Chintan

The configuration looks fine. If the customer is provisioned with SSM then data and default mdt shoudl be a part of SSM acl. If the customer is provisioned with SM then data and default mdt should be configured in SM acl.

The main logic is that mrouting of data and default should available in global mrouting table.

regards

shivlu jain

Cisco Employee

Re: mVPN Core Multicast group addresing

Hi,

Let's say you use PIM-SM for the Data-MDT and you have the same pool configured for the same Multicast Domain or mVPN.

If two PEs connected to two different customer sources using different groups choose the same Data-MDT group, each PE joining this Data-MDT will receive both traffic even if their receivers are interested only with one customer group.

If you let the PEs to switchover to the SPT, they could also choose the wrong source PE.

Here is an extract from Rozen draft about this issue:

"

7.3. Use of SSM for Data MDTs

The use of Data MDTs requires that a set of multicast P-addresses be

pre-allocated and dedicated for use as the destination addresses for

the Data MDTs.

If SSM is used to set up the Data MDTs, then each MD needs to be

assigned a set of these of multicast P-addresses. Each VRF in the MD

needs to be configured with this set (i.e., all VRFs in the MD are

configured with the same set). If there are n addresses in this set,

then each PE in the MD can be the source of n Data MDTs in that MD.

If SSM is not used for setting up Data MDTs, then each VRF needs to

be configured with a unique set of multicast P-addresses; two VRFs in

the same MD cannot be configured with the same set of addresses.

This requires the pre-allocation of many more multicast P-addresses,

and the need to configure a different set for each VRF greatly

complicates the operations and management. Therefore the use of SSM

for Data MDTs is very strongly recommended.

"

So the best design in your case is to have PIM-SM (without switchover to the SPT) for the default-MDT and PIM-SSM for the Data-MDT as already explained by Harold. This should be supported by all vendors.

Regarding your SLA, if you are using anycast RP, your convergence time is the same as for PIM-SSM, it relies only on the speed of your IGP to converge.

HTH

Laurent.

New Member

Re: mVPN Core Multicast group addresing

Hi Laurent,

Many thanks for excellent explanation on pointing on draft-rosen section. Now I understood well.

I will change my configuation to keep PIN-SM ACL for only Default MDT and PIM-SSM for DATA MDT.

And also can use PIM-SSM Default MDT from same SSM based range.

Sorry for multiple mails but i understood well now.

Thanks Hritter for your help too !!

Regards,

Chintan

Cisco Employee

Re: mVPN Core Multicast group addresing

My pleasure ;-)

What you can do is :

239.192.0.0/16 for default-MDT

239.232.0.0/16 for Data-MDT.

For each Default-MDT group, you create a pool of 256 addresses from 239.232.0.0/16

This way you can have up to 256 mVPN

HTH

Laurent.

New Member

Re: mVPN Core Multicast group addresing

Thanks agian for your suggestion.

I just had slight modification in terms of allocation while configuring.

1. PIM-SM Default

239.192.0.0/16 - Default MDT

2. PIM-SSM Default

239.232.0.0/24 - Default MDT

3. PIM-SSM DATA

239.232.1.0/24.....so on..

So, I use same 239.232.0.0/16 in SSM ACL used for Default and DATA MDT both but defined proper addressing schema during allocation for customer.

Does it make sense ?

Regards,

Chintan

Cisco Employee

Re: mVPN Core Multicast group addresing

Why do you use PIM-SSM for default-MDT ?

Just use PIM-SM for all your default-MDT.

Laurent.

New Member

Re: mVPN Core Multicast group addresing

I had a same in mind but i have been told that PIM-SSM for Default provides better convergance speically where tight SLA is involved so I prefer to use this only when that specific high SLA customer comes. The driver was speically Fast convergance ( sub-second kind of).

Regards,

Chintan

Cisco Employee

Re: mVPN Core Multicast group addresing

Most of the multicast convergence time relies on the convergence time of your IGP so if you are using anycast RP to provide RP redundancy, there should be not difference with PIM-SSM (i'm assuming you are not switching to the SPT)

HTH

Laurent.

New Member

Re: mVPN Core Multicast group addresing

Ok, Thanks for you feedback.

I wil plan to test this and SSM both and see the difference. will keep in mind i will have swidtching to SPT when using PIM-SM.

But Does MSDP not involved in convergance imaing two MSDP peer isloadted in core for some time and SA referesh is 60 seconds ?

I will have setup in late June/July start, will keep updating on this.

Regards,

Chintan

639
Views
0
Helpful
20
Replies
CreatePlease login to create content