MPLS MVPN

From IPFlow Netflow Collector

MPLS Multicast VPN Example

This is a simple example of MPLS Multicast VPN configuration on Cisco routers (using Dynamips and GNS3).

Author: Christophe Fillot - 03-Nov-2007


Table of contents
1 Topology
2 Description
3 Configuring Multicast VPN
4 IOS configurations
5 Output of some commands
6 PCAP captures
7 Dynamips/Dynagen/GNS3 configuration
[edit]

Topology

Image:MPLS_MVPN_topo.png


[edit]

Description

This scenario explains how to deploy Multicast in MPLS/VPNs.


[edit]

Configuring Multicast VPN

  • Configure a classical MPLS VPN backbone
  • Enable multicast on your MPLS core
  • Make sure you have enabled multicast on the loopback interfaces used for MP-BGP


Typical configuration: 

ip vrf VPN1
 rd 100:1
 route-target export 100:1
 route-target import 100:1
 mdt default 239.232.0.1
 mdt data 239.232.1.0 0.0.0.255 threshold 1
!
ip multicast-routing vrf VPN1
!
ip pim ssm range 1
access-list 1 permit 239.232.0.0 0.0.255.255
!


[edit]

IOS configurations

IOS configurations for P and PE routers:

  • P (http://www.ipflow.utc.fr/configs/MPLS_MVPN/P.cfg)
  • PE1 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/PE1.cfg)
  • PE2 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/PE2.cfg)
  • PE3 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/PE3.cfg)
  • PE4 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/PE4.cfg)


IOS configurations for CE routers:

  • CE1 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/CE1.cfg)
  • CE2 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/CE2.cfg)
  • CE3 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/CE3.cfg)
  • CE4 (http://www.ipflow.utc.fr/configs/MPLS_MVPN/CE4.cfg)


[edit]

Output of some commands 

PE3#sh ip pim mdt 
  * implies group is the MDT default group
  MDT Group       Interface   Source                   VRF
* 239.232.0.1     Tunnel0     Loopback0                VPN1
* 239.232.0.2     Tunnel1     Loopback0                VPN2
* 239.232.0.3     Tunnel2     Loopback0                VPN3

PE3#sh ip pim mdt bgp
Peer (Route Distinguisher + IPv4)                                  Next Hop
  MDT group 239.232.0.3
   2:300:1:10.10.0.1                                               10.10.0.1
   2:300:1:10.10.0.2                                               10.10.0.2
   2:300:1:10.10.0.4                                               10.10.0.4
  MDT group 239.232.0.2
   2:200:1:10.10.0.1                                               10.10.0.1
   2:200:1:10.10.0.2                                               10.10.0.2
   2:200:1:10.10.0.4                                               10.10.0.4
  MDT group 239.232.0.1
   2:100:1:10.10.0.1                                               10.10.0.1
   2:100:1:10.10.0.2                                               10.10.0.2
   2:100:1:10.10.0.4                                               10.10.0.4

Global multicast routing table: 

PE3#sh ip mro  
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(10.10.0.3, 239.232.1.0), 00:04:36/00:02:48, flags: sPT
  Incoming interface: Loopback0, RPF nbr 0.0.0.0
  Outgoing interface list: Null

(10.10.0.3, 239.232.0.2), 00:54:40/00:03:16, flags: sT
  Incoming interface: Loopback0, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse-Dense, 00:54:34/00:03:11

(10.10.0.4, 239.232.0.2), 00:55:02/00:02:46, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN2, Forward/Sparse-Dense, 00:55:02/00:02:05

(10.10.0.2, 239.232.0.2), 00:55:02/00:02:46, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN2, Forward/Sparse-Dense, 00:55:02/00:02:05
          
(10.10.0.1, 239.232.0.2), 00:55:02/00:02:45, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN2, Forward/Sparse-Dense, 00:55:02/00:02:05

(10.10.0.3, 239.232.0.3), 00:54:42/00:03:15, flags: sT
  Incoming interface: Loopback0, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse-Dense, 00:54:34/00:03:08

(10.10.0.4, 239.232.0.3), 00:55:02/00:02:45, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN3, Forward/Sparse-Dense, 00:55:02/00:02:05

(10.10.0.2, 239.232.0.3), 00:55:02/00:02:45, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN3, Forward/Sparse-Dense, 00:55:02/00:02:05

(10.10.0.1, 239.232.0.3), 00:55:02/00:02:45, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN3, Forward/Sparse-Dense, 00:55:02/00:02:05

(10.10.0.3, 239.232.0.1), 00:54:38/00:03:15, flags: sT
  Incoming interface: Loopback0, RPF nbr 0.0.0.0
  Outgoing interface list:
    FastEthernet0/0, Forward/Sparse-Dense, 00:54:34/00:03:11

(10.10.0.4, 239.232.0.1), 00:55:02/00:02:45, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN1, Forward/Sparse-Dense, 00:55:02/00:02:05

(10.10.0.2, 239.232.0.1), 00:55:02/00:02:45, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN1, Forward/Sparse-Dense, 00:55:02/00:02:05

(10.10.0.1, 239.232.0.1), 00:55:02/00:02:55, flags: sTIZ
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list:
    MVRF VPN1, Forward/Sparse-Dense, 00:55:02/00:02:05

(*, 224.0.1.40), 01:13:21/00:02:40, RP 10.10.0.0, flags: SJPCL
  Incoming interface: FastEthernet0/0, RPF nbr 10.0.3.1
  Outgoing interface list: Null


During a Ping of CE3 to 239.1.2.3, using the Default MDT: 

PE3#sh ip mro vrf VPN1 239.1.2.3
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 239.1.2.3), 00:14:29/stopped, RP 100.1.0.1, flags: SPF
  Incoming interface: Tunnel0, RPF nbr 10.10.0.1
  Outgoing interface list: Null

(100.1.3.2, 239.1.2.3), 00:00:13/00:03:21, flags: FT
  Incoming interface: Serial1/0, RPF nbr 0.0.0.0
  Outgoing interface list:
    Tunnel0, Forward/Sparse-Dense, 00:00:13/00:03:16

When sending to Data MDT: 

PE3#sh ip mrou vrf VPN1 239.1.2.3
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 239.1.2.3), 00:16:44/stopped, RP 100.1.0.1, flags: SPF
  Incoming interface: Tunnel0, RPF nbr 10.10.0.1
  Outgoing interface list: Null

(100.1.3.2, 239.1.2.3), 00:00:43/00:03:06, flags: FTy
  Incoming interface: Serial1/0, RPF nbr 0.0.0.0
  Outgoing interface list:
    Tunnel0, Forward/Sparse-Dense, 00:02:28/00:02:59

Data MDT status on PE3 and PE1 (would be similar for PE2 and PE4): 

PE3#sh ip pim vrf VPN1 mdt send
MDT-data send list for VRF: VPN1
  (source, group)                     MDT-data group      ref_count
  (100.1.3.2, 239.1.2.3)              239.232.1.0         1

PE1#sh ip pim vrf VPN1 mdt receive

Joined MDT-data [group : source]  uptime/expires for VRF: VPN1
 [239.232.1.0 : 10.10.0.3]  00:00:33/00:02:26


[edit]

PCAP captures

The following Wireshark captures show how multicast packets are transmitted through the network. The frames were captured on interface FastEthernet2/0 of "P" router. A ping to 239.1.2.3 is started from CE3. Routers CE1, CE2, and CE4 have joined this group with the command "ip igmp join-group 239.1.2.3".

Here are the screenshots from Wireshark:

  • Ping on Default MDT (http://www.ipflow.utc.fr/configs/MPLS_MVPN/wireshark_ping_def_mdt.png)
  • Ping on Data MDT (http://www.ipflow.utc.fr/configs/MPLS_MVPN/wireshark_ping_data_mdt.png)


As you can see with the captures, the packets are sent through a GRE tunnel, with a destination address set to the default MDT group address, or a data MDT group address.


[edit]

Dynamips/Dynagen/GNS3 configuration

You can use this configuration file (http://www.ipflow.utc.fr/configs/MPLS_MVPN/mpls_mvpn.net) directly with Dynagen or GNS3. Change the working directory and Cisco IOS image path to match your needs.

Retrieved from "http://www.ipflow.utc.fr/index.php/MPLS_MVPN"