Thursday, July 1, 2010

IP Multicast over DMVPN in MPLS-VPN without mVPN support from ISP

Scenario -
- we have 3 sites connected by MPLS VPN
- ISP doesn't support mVPN for carrying IP multicast

Requirement -
- Consider CE3 as Hub Site, create a DMVPN overlay to carry IP multicast over MPLS VPN backbone between the three sites.
For Unicast traffic use MPLS VPN.
For Mulicast traffic use DMVPN over MPLS VPN.

Take care of RPF.

Topology -



Solution -

- ip pim sparse-mode will be configured ONLY on Tunnel interfaces. PIM not needed on physcial interface.
- Multicast will only work from Hub to Spoke and vice-versa. Spoke to Spoke multicast is NOT supported due to RPF clause on Hub's Tunnel interface.
- RPF: Since unicast traffic flow doesnt match multicast flow in this scenario, we must manually correct the RPF check to avoid RPF failures. We'll use default static mroute for this.
- DMVPN Phase1 will do the job, Phase2 and Phase3 dont provide any advantage in this scenario cause Spoke to Spoke Multicast is anyway not supported. For sake of simplicity, Phase2 is still used in this example.
- routing protocl on DMVPN network is not needed in this scenario. PIM will generate traffic and build the NHRP tunnel.
- IPSec encryption is not used in this scenario. Its not needed cause we are using private MPLS VPN connectivity.

Verification -
CE3#ping 239.1.1.1 repeat 5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 239.1.1.1, timeout is 2 seconds:

Reply to request 0 from 172.16.1.1, 536 ms
Reply to request 1 from 172.16.1.1, 704 ms
Reply to request 2 from 172.16.1.1, 492 ms
Reply to request 3 from 172.16.1.1, 412 ms
Reply to request 4 from 172.16.1.1, 552 ms


CE1#
*Mar 1 00:49:58.435: ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.3
CE1#
*Mar 1 00:50:00.595: ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.3
CE1#
*Mar 1 00:50:02.443: ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.3
CE1#
*Mar 1 00:50:04.527: ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.3
CE1#
*Mar 1 00:50:06.551: ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.3

CE3#ping 239.1.1.1 repeat 5 so lo0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 239.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 30.30.30.30

Reply to request 0 from 172.16.1.1, 356 ms
Reply to request 1 from 172.16.1.1, 336 ms
Reply to request 2 from 172.16.1.1, 236 ms
Reply to request 3 from 172.16.1.1, 360 ms
Reply to request 4 from 172.16.1.1, 492 ms
CE3#

*Mar 1 00:53:08.319: ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.3
CE1#
*Mar 1 00:53:10.387: ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.3
CE1#
*Mar 1 00:53:12.383: ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.3
CE1#
*Mar 1 00:53:14.307: ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.3
CE1#
*Mar 1 00:53:16.275: ICMP: echo reply sent, src 172.16.1.1, dst 172.16.1.3
CE1#

Configs -


CE1:
hostname CE1
!
ip cef
ip multicast-routing
!
interface Loopback0
ip address 10.10.10.10 255.255.255.255
ip igmp join-group 239.1.1.1
!
interface Tunnel123
ip address 172.16.1.1 255.255.255.0
no ip redirects
ip mtu 1400
ip pim sparse-mode
ip nhrp authentication CISCO123
ip nhrp map multicast dynamic
ip nhrp map multicast 30.1.1.1
ip nhrp map 172.16.1.3 30.1.1.1
ip nhrp network-id 123
ip nhrp nhs 172.16.1.3
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
!
interface FastEthernet0/0
ip address 10.1.1.1 255.255.255.0
duplex auto
speed auto
!
router ospf 1
log-adjacency-changes
redistribute connected subnets route-map RM_CONNECTED_LOOPBACK
network 10.0.0.0 0.255.255.255 area 1
!
ip mroute 0.0.0.0 0.0.0.0 172.16.1.3
!
route-map RM_CONNECTED_LOOPBACK permit 10
match interface Loopback0
CE2:
hostname CE2
!
ip multicast-routing
!
interface Loopback0
ip address 20.20.20.20 255.255.255.255
ip igmp join-group 239.2.2.2
!
interface Tunnel123
ip address 172.16.1.2 255.255.255.0
no ip redirects
ip mtu 1400
ip pim sparse-mode
ip nhrp authentication CISCO123
ip nhrp map multicast dynamic
ip nhrp map multicast 30.1.1.1
ip nhrp map 172.16.1.3 30.1.1.1
ip nhrp network-id 123
ip nhrp nhs 172.16.1.3
ip igmp join-group 239.172.2.2
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
!
interface FastEthernet0/0
ip address 20.1.1.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 2
network 20.0.0.0
no auto-summary
!
ip mroute 0.0.0.0 0.0.0.0 172.16.1.3
!
route-map RM_CONNECTED_LOOPBACK permit 10
CE3:
hostname CE3
!
ip multicast-routing
!
interface Loopback0
ip address 30.30.30.30 255.255.255.255
ip igmp join-group 239.3.3.3
!
interface Tunnel123
ip address 172.16.1.3 255.255.255.0
no ip redirects
ip mtu 1400
ip pim sparse-mode
ip nhrp authentication CISCO123
ip nhrp map multicast dynamic
ip nhrp network-id 123
ip igmp join-group 239.172.3.3
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
!
interface FastEthernet0/0
ip address 30.1.1.1 255.255.255.0
duplex auto
speed auto
!
router rip
version 2
network 30.0.0.0
no auto-summary
!
ip pim bsr-candidate Tunnel123 0
ip pim rp-candidate Tunnel123
ip mroute 0.0.0.0 0.0.0.0 172.16.1.1
PE1:
hostname PE1
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
ip cef
!
!
no ip domain-lookup
!
ip vrf VPN
rd 1:1
route-target export 1:1
route-target import 1:1
!
no mpls traffic-eng auto-bw timers frequency 0
mpls ldp router-id Loopback0 force
mpls label protocol ldp
call rsvp-sync
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip vrf forwarding VPN
ip address 10.1.1.254 255.255.255.0
duplex auto
speed auto
no clns route-cache
!
interface Serial1/0
ip address 192.168.1.1 255.255.255.252
ip router isis
mpls ip
serial restart-delay 0
!
router ospf 2 vrf VPN
log-adjacency-changes
redistribute bgp 100 subnets
network 0.0.0.0 255.255.255.255 area 1
!
router isis
net 49.0000.0000.0001.00
passive-interface Loopback0
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN
redistribute ospf 2 vrf VPN match internal external 1 external 2
no auto-summary
no synchronization
exit-address-family
!
PE2:
hostname PE2
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
ip cef
!
!
no ip domain-lookup
!
ip vrf VPN
rd 1:1
route-target export 1:1
route-target import 1:1
!
no mpls traffic-eng auto-bw timers frequency 0
mpls ldp router-id Loopback0 force
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip vrf forwarding VPN
ip address 20.1.1.254 255.255.255.0
duplex auto
speed auto
no clns route-cache
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
no clns route-cache
!
interface Serial1/0
ip address 192.168.2.1 255.255.255.252
ip router isis
mpls ip
serial restart-delay 0
!
router eigrp 2
auto-summary
!
address-family ipv4 vrf VPN
redistribute bgp 100 metric 10000 1 255 1 1500
network 20.0.0.0
auto-summary
autonomous-system 2
exit-address-family
!
router isis
net 49.0000.0000.0002.00
passive-interface Loopback0
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN
redistribute eigrp 2
no auto-summary
no synchronization
exit-address-family
!
ip classless
!
PE3:
hostname PE3
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
ip cef
!
!
no ip domain-lookup
!
ip vrf VPN
rd 1:1
route-target export 1:1
route-target import 1:1
!
no mpls traffic-eng auto-bw timers frequency 0
mpls ldp router-id Loopback0 force
mpls label protocol ldp
call rsvp-sync
!
!
!
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
no clns route-cache
!
interface FastEthernet0/0
ip vrf forwarding VPN
ip address 30.1.1.254 255.255.255.0
duplex auto
speed auto
no clns route-cache
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
no clns route-cache
!
interface Serial1/0
ip address 192.168.3.1 255.255.255.252
ip router isis
mpls ip
serial restart-delay 0
!
router isis
net 49.0000.0000.0003.00
passive-interface Loopback0
!
router rip
!
address-family ipv4 vrf VPN
redistribute bgp 100 metric 1
network 30.0.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 4.4.4.4 remote-as 100
neighbor 4.4.4.4 update-source Loopback0
!
address-family vpnv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN
redistribute rip
no auto-summary
no synchronization
exit-address-family
!
ip classless
!
!
!
P:
hostname P
!
boot-start-marker
boot-end-marker
!
!
ip subnet-zero
ip cef
!
!
no ip domain-lookup
!
no mpls traffic-eng auto-bw timers frequency 0
call rsvp-sync
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
no clns route-cache
!
interface Serial1/1
ip address 192.168.1.2 255.255.255.252
ip router isis
mpls ip
serial restart-delay 0
!
interface Serial1/2
ip address 192.168.2.2 255.255.255.252
ip router isis
mpls ip
serial restart-delay 0
!
interface Serial1/3
ip address 192.168.3.2 255.255.255.252
ip router isis
mpls ip
serial restart-delay 0
!
router isis
net 49.0000.0000.0004.00
passive-interface Loopback0
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 route-reflector-client
neighbor 1.1.1.1 send-community extended
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 route-reflector-client
neighbor 2.2.2.2 send-community extended
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 route-reflector-client
neighbor 3.3.3.3 send-community extended
exit-address-family
!
ip classless
!

5 comments:

  1. Multicast VPN can be slow sometimes since bandwidth sharing is not equal. Thanks

    ReplyDelete
  2. Thanks for this post. I've verified mine on MPLS that runs in a VPN and the results are quite great.

    data center

    ReplyDelete
  3. Hello !!! When i ping CE1 to CE3, i lost 50% packet. Can you help me ?

    Regards

    ReplyDelete