MPLS MVPN (Multcast VPN) [Cisco Config Sample]

MPLS MVPN - IPFlow Netflow Collector

MPLS MVPN

From IPFlow Netflow Collector

MPLS Multicast VPN Example

This is a simple example of MPLS Multicast VPN configuration on Cisco routers (using Dynamips and GNS3).

Author: Christophe Fillot - 03-Nov-2007

Table of contents

1 Topology

2 Description

3 Configuring Multicast VPN

4 IOS configurations

5 Output of some commands

6 PCAP captures

7 Dynamips/Dynagen/GNS3 configuration

[edit]

Topology

[edit]

Description

This scenario explains how to deploy Multicast in MPLS/VPNs.

[edit]

Configuring Multicast VPN

• Configure a classical MPLS VPN backbone


• Enable multicast on your MPLS core


• Make sure you have enabled multicast on the loopback interfaces used for MP-BGP

Typical configuration:

ip vrf VPN1
 rd 100:1
 route-target export 100:1
 route-target import 100:1
 mdt default 239.232.0.1
 mdt data 239.232.1.0 0.0.0.255 threshold 1
!
ip multicast-routing vrf VPN1
!
ip pim ssm range 1
access-list 1 permit 239.232.0.0 0.0.255.255
!

[edit]

IOS configurations

IOS configurations for P and PE routers:

• 
  


• P (http://www.ipflow.utc.fr/configs/MPLS_MVPN/P.cfg)
  


• PE1 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/PE1.cfg)
  


• PE2 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/PE2.cfg)
  


• PE3 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/PE3.cfg)
  


• PE4 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/PE4.cfg)

IOS configurations for CE routers:

• 
  


• CE1 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/CE1.cfg)
  


• CE2 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/CE2.cfg)
  


• CE3 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/CE3.cfg)
  


• CE4 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/CE4.cfg)

[edit]

Output of some commands

PE3#sh ip pim mdt
  * implies group is the MDT default group
  MDT Group       Interface   Source                   VRF
* 239.232.0.1     Tunnel0     Loopback0                VPN1
* 239.232.0.2     Tunnel1     Loopback0                VPN2
* 239.232.0.3     Tunnel2     Loopback0                VPN3

PE3#sh ip pim mdt bgp
Peer (Route Distinguisher + IPv4)                                  Next Hop
  MDT group 239.232.0.3
   2:300:1:10.10.0.1                                               10.10.0.1
   2:300:1:10.10.0.2                                               10.10.0.2
   2:300:1:10.10.0.4                                               10.10.0.4
  MDT group 239.232.0.2
   2:200:1:10.10.0.1                                               10.10.0.1
   2:200:1:10.10.0.2                                               10.10.0.2
   2:200:1:10.10.0.4                                               10.10.0.4
  MDT group 239.232.0.1
   2:100:1:10.10.0.1                                               10.10.0.1
   2:100:1:10.10.0.2                                               10.10.0.2
   2:100:1:10.10.0.4                                               10.10.0.4

Global multicast routing table:

PE3#sh ip mro 
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(10.10.0.3, 239.232.1.0), 00:04:36/00:02:48, flags: sPT
  Incoming interface: Loopback0, RPF nbr 0.0.0.0
  Outgoing interface list: Null

(10.10.0.3, 239.232.0.2), 00:54:40/00:03:16, flags: sT
  Incoming interface: Loopback0, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse-Dense, 00:54:34/00:03:11

(10.10.0.4, 239.232.0.2), 00:55:02/00:02:46, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN2, Forward/Sparse-Dense, 00:55:02/00:02:05

(10.10.0.2, 239.232.0.2), 00:55:02/00:02:46, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN2, Forward/Sparse-Dense, 00:55:02/00:02:05
         
(10.10.0.1, 239.232.0.2), 00:55:02/00:02:45, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN2, Forward/Sparse-Dense, 00:55:02/00:02:05

(10.10.0.3, 239.232.0.3), 00:54:42/00:03:15, flags: sT
  Incoming interface: Loopback0, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse-Dense, 00:54:34/00:03:08

(10.10.0.4, 239.232.0.3), 00:55:02/00:02:45, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN3, Forward/Sparse-Dense, 00:55:02/00:02:05

(10.10.0.2, 239.232.0.3), 00:55:02/00:02:45, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN3, Forward/Sparse-Dense, 00:55:02/00:02:05

(10.10.0.1, 239.232.0.3), 00:55:02/00:02:45, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN3, Forward/Sparse-Dense, 00:55:02/00:02:05

(10.10.0.3, 239.232.0.1), 00:54:38/00:03:15, flags: sT
  Incoming interface: Loopback0, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse-Dense, 00:54:34/00:03:11

(10.10.0.4, 239.232.0.1), 00:55:02/00:02:45, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN1, Forward/Sparse-Dense, 00:55:02/00:02:05

(10.10.0.2, 239.232.0.1), 00:55:02/00:02:45, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN1, Forward/Sparse-Dense, 00:55:02/00:02:05

(10.10.0.1, 239.232.0.1), 00:55:02/00:02:55, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN1, Forward/Sparse-Dense, 00:55:02/00:02:05

(*, 224.0.1.40), 01:13:21/00:02:40, RP 10.10.0.0, flags: SJPCL
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list: Null

During a Ping of CE3 to 239.1.2.3, using the Default MDT:

PE3#sh ip mro vrf VPN1 239.1.2.3
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 239.1.2.3), 00:14:29/stopped, RP 100.1.0.1, flags: SPF
  Incoming interface: Tunnel0, RPF nbr 10.10.0.1
  Outgoing interface list: Null

(100.1.3.2, 239.1.2.3), 00:00:13/00:03:21, flags: FT
  Incoming interface: Serial1/0, RPF nbr 0.0.0.0
  Outgoing interface list:
    Tunnel0, Forward/Sparse-Dense, 00:00:13/00:03:16

When sending to Data MDT:

PE3#sh ip mrou vrf VPN1 239.1.2.3
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 239.1.2.3), 00:16:44/stopped, RP 100.1.0.1, flags: SPF
  Incoming interface: Tunnel0, RPF nbr 10.10.0.1
  Outgoing interface list: Null

(100.1.3.2, 239.1.2.3), 00:00:43/00:03:06, flags: FTy
  Incoming interface: Serial1/0, RPF nbr 0.0.0.0
  Outgoing interface list:
    Tunnel0, Forward/Sparse-Dense, 00:02:28/00:02:59

Data MDT status on PE3 and PE1 (would be similar for PE2 and PE4):

PE3#sh ip pim vrf VPN1 mdt send
MDT-data send list for VRF: VPN1
  (source, group)                     MDT-data group      ref_count
  (100.1.3.2, 239.1.2.3)              239.232.1.0         1

PE1#sh ip pim vrf VPN1 mdt receive

Joined MDT-data [group : source]  uptime/expires for VRF: VPN1
 [239.232.1.0 : 10.10.0.3]  00:00:33/00:02:26

[edit]

PCAP captures

The following Wireshark captures show how multicast packets are transmitted through the network. The frames were captured on interface FastEthernet2/0 of "P" router. A ping to 239.1.2.3 is started from CE3. Routers CE1, CE2, and CE4 have joined this group with the command "ip igmp join-group 239.1.2.3".

• 
  


• PCAP capture with packets sent on Default MDT (http://www.ipflow.utc.fr/configs/MPLS_MVPN/mpls_mvpn_def_mdt.cap)
  


• PCAP capture with packets sent on Data MDT (http://www.ipflow.utc.fr/configs/MPLS_MVPN/mpls_mvpn_data_mdt.cap)

Here are the screenshots from Wireshark:

• 
  


• Ping on Default MDT (http://www.ipflow.utc.fr/configs/MPLS_MVPN/wireshark_ping_def_mdt.png)
  


• Ping on Data MDT (http://www.ipflow.utc.fr/configs/MPLS_MVPN/wireshark_ping_data_mdt.png)

As you can see with the captures, the packets are sent through a GRE tunnel, with a destination address set to the default MDT group address, or a data MDT group address.

[edit]

Dynamips/Dynagen/GNS3 configuration

You can use this configuration file (http://www.ipflow.utc.fr/configs/MPLS_MVPN/mpls_mvpn.net) directly with Dynagen or GNS3. Change the working directory and Cisco IOS image path to match your needs.

Retrieved from "http://www.ipflow.utc.fr/index.php/MPLS_MVPN"