Case Study:- MVPN (Part II)

Author:- Shivlu Jain (TULIP IT)

Document Type:- Informational

Main Topology

As shown in the main topology, we are announcing loopback 10 of MPLS_PE1 as RP for group 239.1.1.1. BSR is used as protocol for the Service Provider Network and Auto-RP is used for customer network. Service Provider network consists of three routers and details are given below:-

Serial Number Router Model HostName

1 Cisco - 2811 MPLS_PE1

2 Cisco - 1841 MPLS_P

3 Maipu - 3780 MPLS_PE2

Customer End Routers Consists of:-

Serial Number Router Model HostName

1 Cisco – 2811 CPE_1

2 Cisco - 1841 CPE_2

Obejctive:- Multicast Sender will send the stream for group 224.1.1.1 and Multicast Receiver will receive the stream for that group.

Lets us see how to anounce bsr for service providr domain:-

Figure 1

In the figure 1, Loopback 10 is used as RP for group-list 1. In the group-list 1 group 239.1.1.1 is defined. If you want to add more, then in the acl you can add more groups. Next command which is send-rp-discovery is used for mapping agent, means the same router is announcing it self as rp candidate as well as rp mapping agent. Now on the other routers your have to enable ip multicast-routing and pim sparse-dense mode. Nothing more than that. After doing this you can check the pim neighbors and rp mappings. In figure 2, MPLS-CORE-PE1 is system rp as well as rp mapping agent for group 239.1.1.1 with RP as 11.0.0.2 which is the loopback 10 address.

Figure 2

Figure 3

Figure 4

From the above snap shots, it is cleared that RP information is flooded in the network correctly.

Step 2:-

Bind VRF TEST with the multicast-routing. On every PE where the VRF TEST is created should be binded with the given command.

ip multicast-routing vrf test

Step 3:-

Create MDT Default for VPN TEST. Under vrf TEST we have to add the command “mdt default 239.1.1.1”. MDT default should be added where the vrf TEST is created and wants to receive the multicast stream.

ip vrf TESTrd 1:1route-target export 1:1route-target import 1:1mdt default 239.1.1.1

After this check the Multicast Tunnel neighbourship on MPLS-CORE-PE1 & MP-3780-PE2

Figure 7

Step 4:-Check which MDT group is used for which VRF

Figure 8

Figure 9

239.1.1.1 is the MDt group for VRF TEST and Tunnel 1023 is used for forwarding and receiving the multicast traffic on Maipu with source interface is loopback 10 of the PE routers. (Loopback 10 or any loopback which is used for BGP peering should be enabled with sparse-dense mode.)Actually we have not created tunnel 1023, it is default mechanism, as soon as we enable mdt in the vrf they made their neighborships on tunnels. You can check the tunnel status by issuing the show interface tunnel 1023 command.On MP-3780-PE-2 we have checked the tunnel 1023 status and from the outcome it is very much cleared that this tunnel is used for group 239.1.1.1 with source address is 11.0.0.1 and tunnel is MULTICAST. One cannot make the changes in the tunnel. Lets try to enter in the tunnel 0. (see figure 11). It clearly states that tunnel 0 is used for multicast and configuration is not allowed.

Figure 10

Figure 11

Step 5:-CPE-2 is using its loopback 0 as RP for all the groups with the help of auto-rp. Given commands are used on CE1.

ip pim send-rp-announce FastEthernet0/0 scope 15 group-list 1ip pim send-rp-discovery scope 15

After that you can check the rp mappings on CPE-2

Figure 12

As defined above If donot bind the acl with the rp announcements then it will act the rp for all groups.

RP Mappings on MPLS-CORE-PE1 for VRF TEST

Figure 13

RP Mappings on MP-3780-PE-2 for VRF TEST

Figure 14

RP Mappings on CPE-1

Figure 15

Now CPE-1 is able to discover its RP for all groups and the same is discovered with the help of auto-rp. The main improvement of using this over static RP is that on every PE where the VRF TEST is configured should be configured with static RP information for that VRF and if any changes occurs in

RP then the same has to be changed on all the PE routers. But with the help of auto-rp this problem could be overcome.

Step 6:-Kamal-PC-2(VLC Server) is originating stream for group 224.1.1.1 and Shivlu-PC-1 is receiver.

Configuration on CPE-2interface FastEthernet0/1ip address 30.0.0.2 255.255.255.0ip pim sparse-dense-modeip igmp join-group 224.1.1.1speed 100full-duplex

Show ip mroute output on CPE-2(192.168.2.2, 224.1.1.1), 00:01:06/00:02:59, flags: LTIncoming interface: FastEthernet0/0, RPF nbr 0.0.0.0Outgoing interface list:FastEthernet0/1, Forward/Sparse-Dense, 00:01:06/00:01:53

sh ip mroute active on CPE-2Active IP Multicast Sources - sending >= 4 kbpsGroup: 224.1.1.1, (?)Source: 192.168.2.2 (?)Rate: 168 pps/1823 kbps(1sec), 1823 kbps(last 0 secs), 1158 kbps(life avg)

Show ip mroue-cache vrf TEST MP-3780-PE2src 192.168.2.2 group 224.1.1.1 vrf test : uptime 00:11:20parent gigaethernet1.20 ingress TTL 0packets: 65198, bytes: 88408488 (total)packets: 65198, bytes: 88408488 (transmitted)packets: 0, bytes: 0 (trapped)tunnel1023 egress TTL 0 : uptime 00:11:20egress adj 0x2dbb85d8 pvc addr 0 : uptime 00:11:20

Outgoing Interface for Sending Multicast Traffic

Show ip mroute output on MPLS-Core-PE1sh ip mroute vrf test 224.1.1.1IP Multicast Routing TableFlags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, M - MSDP created entry, X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement, U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel, z - MDT-data group sender, Y - Joined MDT-data group, y - Sending to MDT-data groupOutgoing interface flags: H - Hardware switched, A - Assert winnerTimers: Uptime/ExpiresInterface state: Interface, Next-Hop or VCD, State/Mode

(*, 224.1.1.1), 01:22:20/00:02:46, RP 192.168.2.1, flags: SJCL Incoming interface: Tunnel0, RPF nbr 11.0.0.1 Outgoing interface list: FastEthernet0/1.20, Forward/Sparse-Dense, 01:22:20/00:02:46

(192.168.2.2, 224.1.1.1), 00:15:40/00:03:29, flags: LTIncoming interface: Tunnel0, RPF nbr 11.0.0.1Outgoing interface list:FastEthernet0/1.20, Forward/Sparse-Dense, 00:15:40/00:02:46

Show ip mroute output on CPE-1(192.168.2.2, 224.1.1.1), 00:15:40/00:02:59, flags: LJTIncoming interface: FastEthernet0/1, RPF nbr 10.0.0.1Outgoing interface list:FastEthernet0/0, Forward/Sparse-Dense, 00:15:40/00:02:33

Configuration of CPE-1interface FastEthernet0/1ip address 10.0.0.2 255.255.255.0ip pim sparse-dense-modeip igmp join-group 224.1.1.1duplex autospeed autoend

Multicast Traffic is receiving on tunnel ) and forwarding to Fast Ethernet 0/1.20

Configuration of MPLS-Core-PE1interface FastEthernet0/1.20bandwidth 100000encapsulation dot1Q 20ip vrf forwarding testip address 10.0.0.1 255.255.255.0ip pim sparse-dense-modeip igmp join-group 224.1.1.1no snmp trap link-status

end

MPLS-CORE-PE1ip cefno ip dhcp use vrf connected!!ip vrf testrd 1:1route-target export 1:1route-target import 1:1mdt default 239.1.1.1

!ip multicast-routingip multicast-routing vrf testmpls label protocol ldptag-switching tdp router-id Loopback10no ftp-server write-enable!!!!!!!!!

!!!!!!!controller E1 0/2/0channel-group 0 timeslots 1-31

!controller E1 0/2/1channel-group 0 timeslots 1-31

!class-map match-any testmatch ip precedence 5match mpls experimental topmost 5

!!policy-map testclass test

!!!!interface Loopback10ip address 11.0.0.2 255.255.255.255ip pim sparse-dense-mode

!interface FastEthernet0/0no ip addressip pim sparse-dense-modeload-interval 30duplex autospeed auto

!interface FastEthernet0/0.20encapsulation dot1Q 20ip address 20.0.0.1 255.255.255.0ip pim sparse-dense-modeno snmp trap link-statusmpls label protocol ldptag-switching ipservice-policy input test

!interface FastEthernet0/0.21

!interface FastEthernet0/1bandwidth 100000no ip addressload-interval 30duplex autospeed auto

!interface FastEthernet0/1.20bandwidth 100000encapsulation dot1Q 20ip vrf forwarding testip address 10.0.0.1 255.255.255.0ip pim sparse-dense-modeip igmp join-group 224.1.1.1no snmp trap link-status

!interface FastEthernet0/0/0!interface FastEthernet0/0/1!interface FastEthernet0/0/2!interface FastEthernet0/0/3!interface Serial0/2/0:0no ip address

!interface Serial0/2/1:0no ip address

!interface Vlan1no ip address

!router ospf 100router-id 11.0.0.2log-adjacency-changesredistribute connected subnetsredistribute static subnetsnetwork 10.0.0.0 0.0.0.255 area 0network 11.0.0.2 0.0.0.0 area 0network 20.0.0.0 0.0.0.255 area 0

!router bgp 100no synchronization

bgp log-neighbor-changesredistribute staticneighbor 11.0.0.1 remote-as 100neighbor 11.0.0.1 update-source Loopback10neighbor 11.0.0.1 next-hop-selfno auto-summary!address-family vpnv4neighbor 11.0.0.1 activateneighbor 11.0.0.1 send-community extendedexit-address-family!address-family ipv4 vrf testredistribute connectedredistribute staticno auto-summaryno synchronizationexit-address-family

!ip classlessip route vrf test 192.168.0.0 255.255.255.0 10.0.0.2!!ip http serverno ip http secure-serverip pim bsr-candidate Loopback10 0ip pim rp-candidate Loopback10 group-list 1!access-list 1 permit 239.1.1.1!!!control-plane!!!!!!!!!line con 0line aux 0line vty 0 4

password tuliplogin

!scheduler allocate 20000 1000!end

MPLS-CORE-PE1#

MPLS-PCurrent configuration : 2725 bytes!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname MPLS-P-Router!boot-start-markerboot-end-marker!enable password tulip!no aaa new-model!resource policy!mmi polling-interval 60no mmi auto-configureno mmi pvcmmi snmp-timeout 180ip subnet-zeroip cef!!no ip dhcp use vrf connected!!ip multicast-routingmpls label protocol ldp!

!!!!!!!!!!!!!!!class-map match-any ControlClass description [NETWORK - IP Prec=6,7, MPLS=6,7]match ip precedence 6match mpls experimental topmost 6

class-map match-any PremiumClass description [VPREMIUM - IP Prec=5, MPLS=5]match ip precedence 5match mpls experimental topmost 5

class-map match-any Match-IPP=5match ip precedence 5match mpls experimental topmost 5

class-map match-any GoldClass description [GOLD - IP Prec=4,3 MPLS=4,3]match ip precedence 3 4match mpls experimental topmost 3 4

class-map match-any SilverClass description [SILVER - IP Prec=2,1 MPLS=2,1]match ip precedence 1 2match mpls experimental topmost 1 2

!!policy-map TulipCosclass ControlClass

bandwidth percent 5 random-detect random-detect precedence 6 1000 3000 250class PremiumClass

priority percent 25class GoldClass

bandwidth percent 20

random-detect random-detect precedence 3 1000 2000 10 random-detect precedence 4 2000 4000 200class SilverClass

bandwidth percent 15 random-detect random-detect precedence 1 1000 2000 10 random-detect precedence 2 2000 4000 200class class-default

bandwidth percent 10 random-detect random-detect precedence 0 1500 3000 100policy-map Set-EXP-Bitclass Match-IPP=5

set mpls experimental topmost 5 set ip precedence 5!!!!interface FastEthernet0/0no ip addressip pim sparse-modeload-interval 30duplex autospeed auto

!interface FastEthernet0/0.20encapsulation dot1Q 20ip address 25.0.0.2 255.255.255.0ip pim sparse-modeip ospf network broadcastno snmp trap link-statusmpls label protocol ldpmpls ip

!interface FastEthernet0/1no ip addressip pim sparse-modeload-interval 30duplex autospeed auto

!interface FastEthernet0/1.20encapsulation dot1Q 20

ip address 20.0.0.2 255.255.255.0ip pim sparse-modeip ospf network broadcastno snmp trap link-statusmpls label protocol ldpmpls ip

!router ospf 100log-adjacency-changesredistribute connected subnetsnetwork 20.0.0.0 0.0.0.255 area 0network 25.0.0.0 0.0.0.255 area 0

!ip classless!!ip http serverno ip http secure-server!!!!control-plane!!!!!!!!line con 0line aux 0line vty 0 4password tuliplogin

!end

MP-3780-PE-2#sh runBuilding Configuration...done

! Current configuration : 3660 bytes!! Last configuration change at UTC THU JAN 01 04:59:16 1970! Flash config last updated at UTC THU JAN 01 04:39:39 1970! Configuration version 0.26!

!software version 6.1.7(integrity)!software image file flash0: /flash/rp2-i-6.1.7.bin!compiled on Jul 29 2008, 20:58:50

hostname MP-3780-PE-2no service password-encryptno service new-encryptservice login-secure

enable password RXSXZWWWNX encrypt

ip mef

ip load-sharing per-destination

no ip flow enable

ip access-list standard 1010 permit host 239.1.1.2exit

ip access-list extended 100110 permit udp host 192.168.2.2 anyexit

mpls ipip vrf testrd 1:1route-target export 1:1

route-target import 1:1mdt default 239.1.1.1exit

ip multicast-routingip multicast-routing vrf test

class-map match-all voipmatch mpls experimental 6exit

class-map match-all videomatch mpls experimental 5exit

class-map match-all sapmatch mpls experimental 4exit

class-map match-all qos1match qos-group 1exit

class-map match-all flow-sub-intf-1exit

class-map match-all 1001match access-group 1001exit

policy-map qospolicy_newclass voip

bandwidth percent 25 exitclass video

bandwidth percent 50 exitclass sap

bandwidth percent 25 exitexit

policy-map qosclass qos1

shape-average 160000 service-policy qospolicy_new exitexit

policy-map intput-fatherexit

policy-map qos-inputclass 1001

set qos-group 1 exitexit

interface loopback10ip address 11.0.0.1 255.255.255.255ip pim sparse-dense-modeexit

interface gigaethernet0bandwidth 1000rate 10load-interval 30ip pim sparse-dense-modeservice-policy output qosexit

interface gigaethernet0.20ip address 25.0.0.1 255.255.255.0mtu 1492encapsulation dot1q 20ip pim sparse-dense-modeip ospf network broadcastip ospf mtu-ignorempls ipmpls ldpno snmp trap link-statusexit

interface gigaethernet1bandwidth 1000rate 10load-interval 30ip pim sparse-dense-modeexit

interface gigaethernet1.20ip vrf forwarding testip address 30.0.0.1 255.255.255.0encapsulation dot1q 20ip pim sparse-dense-modeservice-policy input qos-inputno snmp trap link-statusexit

!slot_1_LPU_RM3A_8E1BH

interface serial1/0encapsulation hdlcip address 10.173.250.22 255.255.255.252bandwidth 1984timeslot 1-31ts16crc4 tcrc4exit

interface serial1/1encapsulation hdlcbandwidth 2048exit

interface serial1/2encapsulation hdlcbandwidth 2048exit

interface serial1/3encapsulation hdlcbandwidth 2048exit

interface serial1/4encapsulation hdlcbandwidth 2048exit

interface serial1/5encapsulation hdlcbandwidth 2048exit

interface serial1/6encapsulation hdlcbandwidth 2048exit

interface serial1/7encapsulation hdlcbandwidth 2048exit

!end

interface null0exit

router ospf 100router-id 11.0.0.1network 11.0.0.1 0.0.0.0 area 0network 25.0.0.0 0.0.0.255 area 0network 30.0.0.0 0.0.0.255 area 0redistribute connectedredistribute staticexit

router bgp 100no auto-summaryno synchronizationredistribute staticneighbor 11.0.0.2 remote-as 100neighbor 11.0.0.2 update-source loopback10neighbor 11.0.0.2 next-hop-selfaddress-family vpnv4

neighbor 11.0.0.2 activate neighbor 11.0.0.2 send-community extended exit-address-familyaddress-family ipv4 vrf test

redistribute connected redistribute static exit-address-familyexit

mpls ldptransport-address 11.0.0.1exit

ip pim bsr-candidate loopback10ip pim rp-candidate loopback10

ip route vrf test 192.168.2.0 255.255.255.0 30.0.0.2

!end

MP-3780-PE-2#

CPE-1#sh runBuilding configuration...

Current configuration : 1277 bytes!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname CPE-1!boot-start-markerboot-end-marker!enable password tulip!

no aaa new-model!resource policy!no network-clock-participate wic 0ip subnet-zero!!ip cefno ip dhcp use vrf connected!!ip multicast-routingno ftp-server write-enable!!!!!!!!!!!!!!!!controller E1 0/0/0channel-group 0 timeslots 1-31

!controller E1 0/0/1channel-group 0 timeslots 1-31

!!!interface FastEthernet0/0ip address 192.168.0.1 255.255.255.0ip pim sparse-dense-modeduplex autospeed auto

!interface FastEthernet0/1

ip address 10.0.0.2 255.255.255.0ip pim sparse-dense-modeip igmp join-group 224.1.1.1duplex autospeed auto

!interface FastEthernet0/2/0!interface FastEthernet0/2/1!interface FastEthernet0/2/2!interface FastEthernet0/2/3!interface Serial0/0/0:0no ip address

!interface Serial0/0/1:0ip address 10.173.250.21 255.255.255.252

!interface Vlan1no ip address

!ip classlessip route 0.0.0.0 0.0.0.0 10.0.0.1!!ip http serverno ip http secure-server!!!!control-plane!!!!!!!!!line con 0line aux 0

line vty 0 4password tuliplogin

!scheduler allocate 20000 1000!end

CPE-1#

CPE-2#sh runBuilding configuration...

Current configuration : 1710 bytes!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname CPE-2!boot-start-markerboot-end-marker!enable password tulip!no aaa new-model!resource policy!mmi polling-interval 60no mmi auto-configureno mmi pvcmmi snmp-timeout 180ip subnet-zeroip cef!!

no ip dhcp use vrf connected!!ip multicast-routing!!!!!!!!!!!!!!!!controller E1 0/0/0!controller E1 0/0/1!class-map match-all voipmatch access-group name voip

class-map match-all sapmatch access-group name sap

class-map match-all videomatch access-group name video

!!policy-map qosclass voip

set ip precedence 6 set mpls experimental topmost 6class video

set ip precedence 5 set mpls experimental topmost 5class sap

set ip precedence 4 set mpls experimental topmost 4!!!

!interface FastEthernet0/0ip address 192.168.2.1 255.255.255.0ip pim sparse-dense-modeduplex autospeed auto

!interface FastEthernet0/1ip address 30.0.0.2 255.255.255.0ip pim sparse-dense-modeip igmp join-group 224.1.1.1speed 100full-duplexservice-policy output qos

!ip classlessip route 0.0.0.0 0.0.0.0 30.0.0.1!!ip http serverno ip http secure-serverip pim send-rp-announce FastEthernet0/0 scope 15 group-list 1ip pim send-rp-discovery scope 15!ip access-list extended sappermit udp host 192.168.2.2 eq 7000 any eq 7000

ip access-list extended videopermit udp host 192.168.2.2 any

ip access-list extended voippermit udp host 192.168.2.2 eq 5000 any eq 5000

!access-list 1 permit 224.1.1.1disable-eadi!!!control-plane!!!!!!!!

line con 0line aux 0line vty 0 4password tuliplogin

!end

CPE-2#