Intra-AS mVPN
- MDT – multicast distribution tree, built by PE for every mcast domain
- MDT extended community:
- type 0x0009, RD = type 2
- ASN + root address + MDT group
- sent in Update on creating default MDT
- on receive – SSM join, no import into VRF
- for older IOS
- SAFI = 66 (newer IOS)
- P router: mcast entries only in global RIB
- CE router PIM neighborship only with PE
- mcast state in core does not depend on mcast state in client VRFs
- VRF mcast groups are mapped to a single mcast group in the core
- GRE encapsulation, IP multicast in core, no labels
- PIM SM, SSM
- RPF: if mcast prefix is received via BGP, then RPF interface = MTI (BGP next-hop ≡ PIM neighbor)
- multicast tunnel interface (MTI)
- distributes mcast info
- RPF check
- PIM SD mode
- inherits parameters from BGP interface (mcast enabled)
- MDT
- default:
- transports control plane traffic (always)
- transports low-bandwidth traffic to all PEs
- all PEs join, even if there are no listener/streamer (SSM)
- immediate SPT switchover, every PE is a root for its tree (threshold = infinity|BiDir)
- ToS of C-packets is copied to ToS of P-packets
- data:
- transports high-bandwidth traffic to subscribed PEs
- dynamically created from mcast group pool once threshold is exceeded
- threshold is checked per stream ((S,G), not (*,G))
- messages:
- Data-MDT join:
- passed within default MDT on creating data MDT
- VPN source, VPN group, Data-MDT group
- 224.0.0.13, UDP 3232
- PE waits for a while before switching to data MDT
- if no listeners present, PEs cache the message
- Data-MDT join:
- timers:
- data MDT:
- 1 min default
- sending data MDT join
- MDT delay:
- 3s default
- delay before switching to data MDT
- data MDT:
- default:
(config)# ip pim vrf <NAME> ...
(config)# ip msdp vrf <NAME> ...
(config)# ip multicast-routing vrf <NAME> ...
; use another VRF RIB for RPF
(config)# ip mroute vrf <NAME> <mrange> fallback-lookup global | vrf <SRC>
; restrict mgroup for fallback-lookup
(config)# ip multicast vrf <NAME> rpf select vrf <SRC> group-list <ACL>(config)# interface loopback 0
; PIM has to be enabled on BGP source interface
(config-if)# ip pim sparse (config-vrf)# mdt default <default group>
; ACL limits (S,G) that can use data MDT; enough on source PE only; on overflow – reuse addresses
(config-vrf)# mdt data <group> <mask> threshold <kbps> [list <ACL>]; default MDT; send – data MDT
# show ip pim mdt <receive|send>
# show ip pim vrf <NAME>
# show ip msdp vrf <NAME>
# show ip igmp vrf <NAME>Inter-AS mVPN
- elements:
- MDT SAFI (older IOS used RD type 2 and extcommunity)
- BGP connector
- RPF proxy vector (PIM extension)
- BGP-free core: Ps do not know addresses of PEs from other AS
- MDT SAFI
- 66
- MP_NLRI = RD:PE_IPv4 addr:MDT group addr (PE_IPv4 – BGP peer address)
- MP_NEXT_HOP = BGP peer IPv4 address (does not have to match PE address – bgp next-hop)
- PIM SSM
- VPN mcast traffic is transported within MDT
- PE discovery for SSM – BGP autodiscovery (BGP-AD)
- PIM is used to build MDT tunnels between PEs in different AS
RPF proxy vector
- PIM TLV, contains IPv4 address of proxy for RPF check and PIM Join (ASBR within AS)
- PIM Joins are sent to PE IPv4 address (de jure); TLV is added to next-hop so Joins are sent towards next-hop proxy ASBR (de facto)
- PIM TLV is removed only by proxy ASBR
- tradeoff: number of states for mcast RIB on P ≈ PE * mVPN
BGP connector
- transitive optional
- contains IPv4 PE from other AS
- along with VPNv4 prefixes on advertising PE
- required for inter-AS RPF check: packet is received from PE address but RPF prefix is known via ASBR – would result in RPF fail
- C-PIM uses for RPF check and PIM Join next-hop
Without BGP connector R1 would check RPF via R3 when packet would be received from R5 – fail.
Without PIM Proxy Vector R2 does not know about R5 = cannot send Join further – fail.
PE1B in MDT – address used to source BGP updates.
BGP Connector preserves next-hop address of PE1B.
MDT SAFI → group, next-hop, proxy vector
Source ← BGP Connector
; on PE, use proxy for MDT in VRF
(config)# ip multicast vrf <NAME> rpf proxy rd vector
; on P or ASBR
(config)# ip multicast rpf proxy vector
(config)# ip pim ssm default; exchange MDT SAFI, discover mcast PE for SSM (BGP-AD)
(config-router)# address-family ipv4 mdt
; mcast BGP: in case unicast/mcast paths differ
(config-router)# address-family ipv4 multicast
(config-router-af)# neighbor <IP> next-hop-self # show ip pim mdt [bgp]
# show ip mroute <group> proxyMVPN
- SAFI = 129, RFC 6514
- uses BGP to exchange active src, default/data MDT instead of PIM
- uses MCAST-VPN NLRI (27), PMSI Tunnel (23)
- I-PMSI ≡ default MDT, S-PMSI ≡ data MDT
- MPSI NLRI include Tunnel attributes
- on receiving source tree Join while using PIM-SM, PE sends source active A-D because (S,G) is created if PE is RP
- each site has its own RP, exchange sources via RT5 ⇒ MSDP not needed
- I-PMSI = inclusive P-multicast service interface
- S-PMSI = selective P-multicast service interface
MCAST-VPN NLRI
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Route type | Length | \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Data /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+Route type:
- 1 = Intra-AS I-PMSI A-D
- 2 = Inter-AS I-PMSI A-D
- 3 = S-PMSI A-D
- 4 = Leaf A-D
- 5 = source active A-D
- C-multicast:
- 6 = shared tree join
- 7 = source tree join
Intra-AS I-PMSI A-D
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RD |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Originating IP |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+All PEs
Inter-AS I-PMSI A-D
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RD |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source AS |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+All ASBR
S-PMSI A-D / Source Active A-D
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RD |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source AS |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mcast src len | \
+-+-+-+-+-+-+-+-+ Multicast source address /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mcast grp len | \
+-+-+-+-+-+-+-+-+ Multicast group address /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Originating IP |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+Originating IP: only for S-PMSI A-D
S-PMSI: PE data-MDT signalling
Source Active: customer source announcement (PIM-SM)
C-multicast route
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| RD |
| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source AS |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mcast src len | \
+-+-+-+-+-+-+-+-+ Multicast source address /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Mcast grp len | \
+-+-+-+-+-+-+-+-+ Multicast group address /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+On receiving PIM Join
Leaf A-D
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ Route key /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Originating IP |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+In reply to S-PMSI A-D
PMSI Tunnel
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+
| Reserved |L|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Tunnel type | MPLS label |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
\ \
/ Tunnel ID /
\ \
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+L: 1 = leaf info required
Types:
- 0 = no tunnel info present
- 1 = RSVP-TE P2MP LSP
- 2 = mLDP P2MP LSP
- 3 = PIM-SSM
- 4 = PIM-SM
- 5 = PIM-BD
- 6 = ingress replication
- 7 = mLDP MP2MP LSP
Networking and IT 