Case Study:- MVPN (Part II) Author:- Shivlu Jain (TULIP IT) Document Type:- Informational
Main Topology As shown in the main topology, we are announcing loopback 10 of MPLS_PE1 as RP for group 239.1.1.1. BSR is used as protocol for the Service Provider Network and Auto-RP is used for customer network. Service Provider network consists of three routers and details are given below:Serial Number
Router Model
HostName
1
Cisco - 2811
MPLS_PE1
2
Cisco - 1841
MPLS_P
3
Maipu - 3780
MPLS_PE2
Customer End Routers Consists of:Serial Number
Router Model
HostName
1
Cisco – 2811
CPE_1
2
Cisco - 1841
CPE_2
Obejctive:- Multicast Sender will send the stream for group 224.1.1.1 and Multicast Receiver will receive the stream for that group. Lets us see how to anounce bsr for service providr domain:-
Figure 1
In the figure 1, Loopback 10 is used as RP for group-list 1. In the group-list 1 group 239.1.1.1 is defined. If you want to add more, then in the acl you can add more groups. Next command which is send-rp-discovery is used for mapping agent, means the same router is announcing it self as rp candidate as well as rp mapping agent. Now on the other routers your have to enable ip multicastrouting and pim sparse-dense mode. Nothing more than that. After doing this you can check the pim neighbors and rp mappings. In figure 2, MPLS-CORE-PE1 is system rp as well as rp mapping agent for group 239.1.1.1 with RP as 11.0.0.2 which is the loopback 10 address.
Figure 2
Figure 3
Figure 4
From the above snap shots, it is cleared that RP information is flooded in the network correctly.
Step 2:Bind VRF TEST with the multicast-routing. On every PE where the VRF TEST is created should be binded with the given command. ip multicast-routing vrf test Step 3:Create MDT Default for VPN TEST. Under vrf TEST we have to add the command “mdt default 239.1.1.1”. MDT default should be added where the vrf TEST is created and wants to receive the multicast stream. ip vrf TEST rd 1:1 route-target export 1:1 route-target import 1:1 mdt default 239.1.1.1 After this check the Multicast Tunnel neighbourship on MPLS-CORE-PE1 & MP-3780-PE2
Figure 7
Step 4:Check which MDT group is used for which VRF
Figure 8
Figure 9 239.1.1.1 is the MDt group for VRF TEST and Tunnel 1023 is used for forwarding and receiving the multicast traffic on Maipu with source interface is loopback 10 of the PE routers. (Loopback 10 or any loopback which is used for BGP peering should be enabled with sparse-dense mode.) Actually we have not created tunnel 1023, it is default mechanism, as soon as we enable mdt in the vrf they made their neighborships on tunnels. You can check the tunnel status by issuing the show interface tunnel 1023 command. On MP-3780-PE-2 we have checked the tunnel 1023 status and from the outcome it is very much cleared that this tunnel is used for group 239.1.1.1 with source address is 11.0.0.1 and tunnel is MULTICAST. One cannot make the changes in the tunnel. Lets try to enter in the tunnel 0. (see figure 11). It clearly states that tunnel 0 is used for multicast and configuration is not allowed.
Figure 10
Figure 11
Step 5:CPE-2 is using its loopback 0 as RP for all the groups with the help of auto-rp. Given commands are used on CE1. ip pim send-rp-announce FastEthernet0/0 scope 15 group-list 1 ip pim send-rp-discovery scope 15 After that you can check the rp mappings on CPE-2
Figure 12 As defined above If donot bind the acl with the rp announcements then it will act the rp for all groups.
RP Mappings on MPLS-CORE-PE1 for VRF TEST
Figure 13
RP Mappings on MP-3780-PE-2 for VRF TEST
Figure 14 RP Mappings on CPE-1
Figure 15 Now CPE-1 is able to discover its RP for all groups and the same is discovered with the help of autorp. The main improvement of using this over static RP is that on every PE where the VRF TEST is configured should be configured with static RP information for that VRF and if any changes occurs in
RP then the same has to be changed on all the PE routers. But with the help of auto-rp this problem could be overcome. Step 6:Kamal-PC-2(VLC Server) is originating stream for group 224.1.1.1 and Shivlu-PC-1 is receiver.
Configuration on CPE-2 interface FastEthernet0/1 ip address 30.0.0.2 255.255.255.0 ip pim sparse-dense-mode ip igmp join-group 224.1.1.1 speed 100 full-duplex Show ip mroute output on CPE-2 (192.168.2.2, 224.1.1.1), 00:01:06/00:02:59, flags: LT Incoming interface: FastEthernet0/0, RPF nbr 0.0.0.0 Outgoing interface list: FastEthernet0/1, Forward/Sparse-Dense, 00:01:06/00:01:53 sh ip mroute active on CPE-2 Active IP Multicast Sources - sending >= 4 kbps Group: 224.1.1.1, (?) Source: 192.168.2.2 (?) Rate: 168 pps/1823 kbps(1sec), 1823 kbps(last 0 secs), 1158 kbps(life avg) Show ip mroue-cache vrf TEST MP-3780-PE2 src 192.168.2.2 group 224.1.1.1 vrf test : uptime 00:11:20 parent gigaethernet1.20 ingress TTL 0 packets: 65198, bytes: 88408488 (total) packets: 65198, bytes: 88408488 (transmitted) packets: 0, bytes: 0 (trapped) tunnel1023 egress TTL 0 : uptime 00:11:20 egress adj 0x2dbb85d8 pvc addr 0 : uptime 00:11:20
Outgoing Interface for Sending Multicast Traffic
Show ip mroute output on MPLS-Core-PE1 sh ip mroute vrf test 224.1.1.1 IP Multicast Routing Table Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, M - MSDP created entry, X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement, U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel, z - MDT-data group sender, Y - Joined MDT-data group, y - Sending to MDT-data group Outgoing interface flags: H - Hardware switched, A - Assert winner Timers: Uptime/Expires Interface state: Interface, Next-Hop or VCD, State/Mode (*, 224.1.1.1), 01:22:20/00:02:46, RP 192.168.2.1, flags: SJCL Incoming interface: Tunnel0, RPF nbr 11.0.0.1 Outgoing interface list: FastEthernet0/1.20, Forward/Sparse-Dense, 01:22:20/00:02:46 (192.168.2.2, 224.1.1.1), 00:15:40/00:03:29, flags: LT Incoming interface: Tunnel0, RPF nbr 11.0.0.1 Outgoing interface list: FastEthernet0/1.20, Forward/Sparse-Dense, 00:15:40/00:02:46
Show ip mroute output on CPE-1 (192.168.2.2, 224.1.1.1), 00:15:40/00:02:59, flags: LJT Incoming interface: FastEthernet0/1, RPF nbr 10.0.0.1 Outgoing interface list: FastEthernet0/0, Forward/Sparse-Dense, 00:15:40/00:02:33
Configuration of CPE-1 interface FastEthernet0/1 ip address 10.0.0.2 255.255.255.0 ip pim sparse-dense-mode ip igmp join-group 224.1.1.1 duplex auto speed auto end
Multicast Traffic is receiving on tunnel ) and forwarding to Fast Ethernet 0/1.20
Configuration of MPLS-Core-PE1 interface FastEthernet0/1.20 bandwidth 100000 encapsulation dot1Q 20 ip vrf forwarding test ip address 10.0.0.1 255.255.255.0 ip pim sparse-dense-mode ip igmp join-group 224.1.1.1 no snmp trap link-status end
MPLS-CORE-PE1 ip cef no ip dhcp use vrf connected ! ! ip vrf test rd 1:1 route-target export 1:1 route-target import 1:1 mdt default 239.1.1.1 ! ip multicast-routing ip multicast-routing vrf test mpls label protocol ldp tag-switching tdp router-id Loopback10 no ftp-server write-enable ! ! ! ! ! ! ! ! !
! ! ! ! ! ! ! controller E1 0/2/0 channel-group 0 timeslots 1-31 ! controller E1 0/2/1 channel-group 0 timeslots 1-31 ! class-map match-any test match ip precedence 5 match mpls experimental topmost 5 ! ! policy-map test class test ! ! ! ! interface Loopback10 ip address 11.0.0.2 255.255.255.255 ip pim sparse-dense-mode ! interface FastEthernet0/0 no ip address ip pim sparse-dense-mode load-interval 30 duplex auto speed auto ! interface FastEthernet0/0.20 encapsulation dot1Q 20 ip address 20.0.0.1 255.255.255.0 ip pim sparse-dense-mode no snmp trap link-status mpls label protocol ldp tag-switching ip service-policy input test ! interface FastEthernet0/0.21
! interface FastEthernet0/1 bandwidth 100000 no ip address load-interval 30 duplex auto speed auto ! interface FastEthernet0/1.20 bandwidth 100000 encapsulation dot1Q 20 ip vrf forwarding test ip address 10.0.0.1 255.255.255.0 ip pim sparse-dense-mode ip igmp join-group 224.1.1.1 no snmp trap link-status ! interface FastEthernet0/0/0 ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Serial0/2/0:0 no ip address ! interface Serial0/2/1:0 no ip address ! interface Vlan1 no ip address ! router ospf 100 router-id 11.0.0.2 log-adjacency-changes redistribute connected subnets redistribute static subnets network 10.0.0.0 0.0.0.255 area 0 network 11.0.0.2 0.0.0.0 area 0 network 20.0.0.0 0.0.0.255 area 0 ! router bgp 100 no synchronization
bgp log-neighbor-changes redistribute static neighbor 11.0.0.1 remote-as 100 neighbor 11.0.0.1 update-source Loopback10 neighbor 11.0.0.1 next-hop-self no auto-summary ! address-family vpnv4 neighbor 11.0.0.1 activate neighbor 11.0.0.1 send-community extended exit-address-family ! address-family ipv4 vrf test redistribute connected redistribute static no auto-summary no synchronization exit-address-family ! ip classless ip route vrf test 192.168.0.0 255.255.255.0 10.0.0.2 ! ! ip http server no ip http secure-server ip pim bsr-candidate Loopback10 0 ip pim rp-candidate Loopback10 group-list 1 ! access-list 1 permit 239.1.1.1 ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4
password tulip login ! scheduler allocate 20000 1000 ! end MPLS-CORE-PE1#
MPLS-P Current configuration : 2725 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname MPLS-P-Router ! boot-start-marker boot-end-marker ! enable password tulip ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! ip multicast-routing mpls label protocol ldp !
! ! ! ! ! ! ! ! ! ! ! ! ! ! ! class-map match-any ControlClass description [NETWORK - IP Prec=6,7, MPLS=6,7] match ip precedence 6 match mpls experimental topmost 6 class-map match-any PremiumClass description [VPREMIUM - IP Prec=5, MPLS=5] match ip precedence 5 match mpls experimental topmost 5 class-map match-any Match-IPP=5 match ip precedence 5 match mpls experimental topmost 5 class-map match-any GoldClass description [GOLD - IP Prec=4,3 MPLS=4,3] match ip precedence 3 4 match mpls experimental topmost 3 4 class-map match-any SilverClass description [SILVER - IP Prec=2,1 MPLS=2,1] match ip precedence 1 2 match mpls experimental topmost 1 2 ! ! policy-map TulipCos class ControlClass bandwidth percent 5 random-detect random-detect precedence 6 1000 3000 250 class PremiumClass priority percent 25 class GoldClass bandwidth percent 20
random-detect random-detect precedence 3 1000 random-detect precedence 4 2000 class SilverClass bandwidth percent 15 random-detect random-detect precedence 1 1000 random-detect precedence 2 2000 class class-default bandwidth percent 10 random-detect random-detect precedence 0 1500 policy-map Set-EXP-Bit class Match-IPP=5 set mpls experimental topmost 5 set ip precedence 5 ! ! ! ! interface FastEthernet0/0 no ip address ip pim sparse-mode load-interval 30 duplex auto speed auto ! interface FastEthernet0/0.20 encapsulation dot1Q 20 ip address 25.0.0.2 255.255.255.0 ip pim sparse-mode ip ospf network broadcast no snmp trap link-status mpls label protocol ldp mpls ip ! interface FastEthernet0/1 no ip address ip pim sparse-mode load-interval 30 duplex auto speed auto ! interface FastEthernet0/1.20 encapsulation dot1Q 20
2000 10 4000 200
2000 10 4000 200
3000 100
ip address 20.0.0.2 255.255.255.0 ip pim sparse-mode ip ospf network broadcast no snmp trap link-status mpls label protocol ldp mpls ip ! router ospf 100 log-adjacency-changes redistribute connected subnets network 20.0.0.0 0.0.0.255 area 0 network 25.0.0.0 0.0.0.255 area 0 ! ip classless ! ! ip http server no ip http secure-server ! ! ! ! control-plane ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 password tulip login ! end
MP-3780-PE-2#sh run Building Configuration...done ! Current configuration : 3660 bytes ! ! Last configuration change at UTC THU JAN 01 04:59:16 1970 ! Flash config last updated at UTC THU JAN 01 04:39:39 1970 ! Configuration version 0.26 ! !software version 6.1.7(integrity) !software image file flash0: /flash/rp2-i-6.1.7.bin !compiled on Jul 29 2008, 20:58:50 hostname MP-3780-PE-2 no service password-encrypt no service new-encrypt service login-secure
enable password RXSXZWWWNX encrypt
ip mef ip load-sharing per-destination
no ip flow enable ip access-list standard 10 10 permit host 239.1.1.2 exit ip access-list extended 1001 10 permit udp host 192.168.2.2 any exit mpls ip ip vrf test rd 1:1 route-target export 1:1
route-target import 1:1 mdt default 239.1.1.1 exit ip multicast-routing ip multicast-routing vrf test
class-map match-all voip match mpls experimental 6 exit class-map match-all video match mpls experimental 5 exit class-map match-all sap match mpls experimental 4 exit class-map match-all qos1 match qos-group 1 exit class-map match-all flow-sub-intf-1 exit class-map match-all 1001 match access-group 1001 exit policy-map qospolicy_new class voip bandwidth percent 25 exit class video bandwidth percent 50 exit class sap bandwidth percent 25 exit exit policy-map qos class qos1 shape-average 160000 service-policy qospolicy_new exit exit policy-map intput-father exit
policy-map qos-input class 1001 set qos-group 1 exit exit
interface loopback10 ip address 11.0.0.1 255.255.255.255 ip pim sparse-dense-mode exit
interface gigaethernet0 bandwidth 1000 rate 10 load-interval 30 ip pim sparse-dense-mode service-policy output qos exit
interface gigaethernet0.20 ip address 25.0.0.1 255.255.255.0 mtu 1492 encapsulation dot1q 20 ip pim sparse-dense-mode ip ospf network broadcast ip ospf mtu-ignore mpls ip mpls ldp no snmp trap link-status exit
interface gigaethernet1 bandwidth 1000 rate 10 load-interval 30 ip pim sparse-dense-mode exit
interface gigaethernet1.20 ip vrf forwarding test ip address 30.0.0.1 255.255.255.0 encapsulation dot1q 20 ip pim sparse-dense-mode service-policy input qos-input no snmp trap link-status exit !slot_1_LPU_RM3A_8E1BH interface serial1/0 encapsulation hdlc ip address 10.173.250.22 255.255.255.252 bandwidth 1984 timeslot 1-31 ts16 crc4 tcrc4 exit
interface serial1/1 encapsulation hdlc bandwidth 2048 exit
interface serial1/2 encapsulation hdlc bandwidth 2048 exit
interface serial1/3 encapsulation hdlc bandwidth 2048 exit
interface serial1/4 encapsulation hdlc bandwidth 2048 exit
interface serial1/5 encapsulation hdlc bandwidth 2048 exit
interface serial1/6 encapsulation hdlc bandwidth 2048 exit
interface serial1/7 encapsulation hdlc bandwidth 2048 exit !end
interface null0 exit
router ospf 100 router-id 11.0.0.1 network 11.0.0.1 0.0.0.0 area 0 network 25.0.0.0 0.0.0.255 area 0 network 30.0.0.0 0.0.0.255 area 0 redistribute connected redistribute static exit router bgp 100 no auto-summary no synchronization redistribute static neighbor 11.0.0.2 remote-as 100 neighbor 11.0.0.2 update-source loopback10 neighbor 11.0.0.2 next-hop-self address-family vpnv4 neighbor 11.0.0.2 activate neighbor 11.0.0.2 send-community extended exit-address-family address-family ipv4 vrf test
redistribute connected redistribute static exit-address-family exit mpls ldp transport-address 11.0.0.1 exit ip pim bsr-candidate loopback10 ip pim rp-candidate loopback10
ip route vrf test 192.168.2.0 255.255.255.0 30.0.0.2
!end
MP-3780-PE-2#
CPE-1#sh run Building configuration... Current configuration : 1277 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname CPE-1 ! boot-start-marker boot-end-marker ! enable password tulip !
no aaa new-model ! resource policy ! no network-clock-participate wic 0 ip subnet-zero ! ! ip cef no ip dhcp use vrf connected ! ! ip multicast-routing no ftp-server write-enable ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! controller E1 0/0/0 channel-group 0 timeslots 1-31 ! controller E1 0/0/1 channel-group 0 timeslots 1-31 ! ! ! interface FastEthernet0/0 ip address 192.168.0.1 255.255.255.0 ip pim sparse-dense-mode duplex auto speed auto ! interface FastEthernet0/1
ip address 10.0.0.2 255.255.255.0 ip pim sparse-dense-mode ip igmp join-group 224.1.1.1 duplex auto speed auto ! interface FastEthernet0/2/0 ! interface FastEthernet0/2/1 ! interface FastEthernet0/2/2 ! interface FastEthernet0/2/3 ! interface Serial0/0/0:0 no ip address ! interface Serial0/0/1:0 ip address 10.173.250.21 255.255.255.252 ! interface Vlan1 no ip address ! ip classless ip route 0.0.0.0 0.0.0.0 10.0.0.1 ! ! ip http server no ip http secure-server ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0
line vty 0 4 password tulip login ! scheduler allocate 20000 1000 ! end CPE-1#
CPE-2#sh run Building configuration... Current configuration : 1710 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname CPE-2 ! boot-start-marker boot-end-marker ! enable password tulip ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! !
no ip dhcp use vrf connected ! ! ip multicast-routing ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! controller E1 0/0/0 ! controller E1 0/0/1 ! class-map match-all voip match access-group name voip class-map match-all sap match access-group name sap class-map match-all video match access-group name video ! ! policy-map qos class voip set ip precedence 6 set mpls experimental topmost 6 class video set ip precedence 5 set mpls experimental topmost 5 class sap set ip precedence 4 set mpls experimental topmost 4 ! ! !
! interface FastEthernet0/0 ip address 192.168.2.1 255.255.255.0 ip pim sparse-dense-mode duplex auto speed auto ! interface FastEthernet0/1 ip address 30.0.0.2 255.255.255.0 ip pim sparse-dense-mode ip igmp join-group 224.1.1.1 speed 100 full-duplex service-policy output qos ! ip classless ip route 0.0.0.0 0.0.0.0 30.0.0.1 ! ! ip http server no ip http secure-server ip pim send-rp-announce FastEthernet0/0 scope 15 group-list 1 ip pim send-rp-discovery scope 15 ! ip access-list extended sap permit udp host 192.168.2.2 eq 7000 any eq 7000 ip access-list extended video permit udp host 192.168.2.2 any ip access-list extended voip permit udp host 192.168.2.2 eq 5000 any eq 5000 ! access-list 1 permit 224.1.1.1 disable-eadi ! ! ! control-plane ! ! ! ! ! ! ! !
line con 0 line aux 0 line vty 0 4 password tulip login ! end CPE-2#