Navigation
Related Documentation
- J, M, MX, PTX, SRX, T Series
- Example: Configuring PIM RPF Selection
- M, MX, T Series
- Example: Configuring Source-Specific Multicast for Draft-Rosen Multicast VPNs
- Example: Configuring Any-Source Multicast for Draft-Rosen VPNs
- Understanding MVPN Interoperation with Other Vendors
- M, MX, PTX, T Series
- Configuring Draft-Rosen Multicast VPNs
Example: Configuring Draft Rosen Interoperability and a VPN Tunnel Source
This example shows how to change the behavior of draft-rosen in the Junos OS for interoperability with certain other vendors’ routing platforms.
Requirements
Before you begin:
- Configure the router interfaces. See the Junos OS Network Interfaces Configuration Guide.
- Configure an interior gateway protocol or static routing. See the Junos OS Routing Protocols Configuration Guide .
- Configure the VPN. See the Junos OS VPNs Configuration Guide .
- Make sure that the routing devices support multicast tunnel
(mt) interfaces for encapsulating and de-encapsulating data
packets into tunnels. See Tunnel Services PICs and Multicast and Load Balancing Multicast Tunnel Interfaces Among Available PICs.
For multicast to work on draft-rosen Layer 3 VPNs, each of the following routers must have tunnel interfaces:
- Each provider edge (PE) router.
- Any provider (P) router acting as the RP.
- Any customer edge (CE) router that is acting as a source's DR or as an RP. A receiver's designated router does not need a Tunnel Services PIC.
Overview
By default, the local loopback address configured in a VPN routing and forwarding (VRF) routing instance is used as the source address when PIM hello messages, join messages, and prune messages are sent over multicast tunnel interfaces.
In the Junos OS default implementation of draft-rosen, mt interfaces are created dynamically in each VRF. PIM hello messages are sent over the mt interfaces to discover neighbors in the same VPN. The Junos OS requires that the lo0.mvpn address be configured in each routing instance. The local lo0.mvpn address is used as the source address when building PIM hello, join, and prune messages over the mt interface. The lo0.mvpn address is independent in routing instances and can be different from the lo0.main address in the master instance. All the source and destination address lookups and RPF checks are done in the routing instance.
For compatibility with certain other vendors’ routers, the address used in the VRF routing instance for multicast tunnel interfaces must be the same as the primary loopback address configured in the master routing instance. In this example, mt interfaces use lo0.0 as the source address. Each VRF routing instance uses the lo0.0 address as the source address when sending PIM control packets over the mt interface.
Before configuring the loopback address used for PIM control messages to be the primary loopback address configured in the default routing instance, ensure that:
- The loopback address specified is configured in the master routing instance.
- The inet address family is enabled on the interface.
This example also configures a specific VPN tunnel source address in one routing instance. That address, instead of the lo0.main address, is used as the source address for the mt interface in that routing instance. The tunnel source is a static local address that is routable in the master instance. The routing instance uses the VPN tunnel source to form PIM neighbors over the mt interface. This enables different routing instances to take different paths even in the provider domain.
 | Note: For information about upgrading Juniper Networks routers from a software release that does not support the default-vpn-source configuration statement to a release that does, see the Juniper Networks Junos 10.1 Software Release Notes . |
This example includes the following settings:
- default-vpn-source—In the master instance, changes the draft-rosen behavior so that the primary loopback address configured in the master routing instance is the multicast tunnel interface address in all VRF routing instances. Because the configuration includes default-vpn-source, you do not need to configure loopback addresses in the routing instances.
- tunnel-source—In the vrf-blue routing instance, overrides the default-vpn-source statement. The vrf-blue routing instance (because it contains the unnel-source statement) overrides the default-vpn-source statement and uses the address configured on lo0.200 as the source address. This address is 192.27.11.136 in this example. However, vrf-white does not contain the tunnel-source statement. In this case, the default-vpn-source statement takes effect, and vrf-white uses the address configured on lo0.0 as the source address. This address is 192.27.0.136 in this example.
Figure 1 shows the topology used in this example.
Figure 1: VPN Tunnel Source Topology
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
[edit]set interfaces ge-1/0/0 vlan-tagging set interfaces ge-1/0/0 unit 10 vlan-id 10 set interfaces ge-1/0/0 unit 10 family inet address 10.136.174.1/30 set interfaces ge-1/0/0 unit 10 family mpls set interfaces ge-1/0/0 unit 11 vlan-id 11 set interfaces ge-1/0/0 unit 11 family inet address 11.136.174.1/30 set interfaces ge-1/0/0 unit 11 family mpls set interfaces ge-1/0/1 vlan-tagging set interfaces ge-1/0/1 unit 10 vlan-id 10 set interfaces ge-1/0/1 unit 10 family inet address 10.130.136.1/30 set interfaces ge-1/0/1 unit 11 vlan-id 11 set interfaces ge-1/0/1 unit 11 family inet address 11.130.136.1/30 set interfaces lo0 unit 0 family inet address 192.27.0.136/32 preferred set interfaces lo0 unit 0 family inet address 127.0.0.1/32 set interfaces lo0 unit 0 family iso address 49.0027.0000.0000.0136.00 set interfaces lo0 unit 200 family inet address 127.0.0.1/32 set interfaces lo0 unit 200 family inet address 192.27.11.136/32 set interfaces lo0 unit 200 family iso address 49.0027.0000.0000.0136.00 set policy-options policy-statement blue-lo0 from protocol static set policy-options policy-statement blue-lo0 from route-filter 192.27.11.136/32 exact set policy-options policy-statement blue-lo0 from route-filter 192.27.0.136/32 exact set policy-options policy-statement blue-lo0 then accept set policy-options policy-statement blue-nh from community vpn-blue set policy-options policy-statement blue-nh then next-hop 192.27.11.136 set policy-options policy-statement blue-nh then accept set policy-options policy-statement export-vpn-blue term 10 from protocol static set policy-options policy-statement export-vpn-blue term 10 from protocol direct set policy-options policy-statement export-vpn-blue term 10 from protocol bgp set policy-options policy-statement export-vpn-blue term 10 then community add vpn-blue set policy-options policy-statement export-vpn-blue term 10 then accept set policy-options policy-statement export-vpn-blue term default then reject set policy-options policy-statement import-vpn-blue term 10 from protocol bgp set policy-options policy-statement import-vpn-blue term 10 from protocol direct set policy-options policy-statement import-vpn-blue term 10 from protocol static set policy-options policy-statement import-vpn-blue term 10 from community vpn-blue set policy-options policy-statement import-vpn-blue term 10 then accept set policy-options policy-statement import-vpn-blue term default then reject set policy-options policy-statement ospf-ldp from route-filter 192.27.0.136/32 exact set policy-options policy-statement ospf-ldp from route-filter 192.27.11.136/32 exact set policy-options policy-statement ospf-ldp then accept set policy-options community vpn-blue members target:100:200 set protocols bgp local-address 192.27.0.136 set protocols bgp vpn-apply-export set protocols bgp group btgs-pe type internal set protocols bgp group btgs-pe family inet-vpn any set protocols bgp group btgs-pe export blue-nh set protocols bgp group btgs-pe neighbor 192.27.0.92 set protocols bgp group btgs-pe neighbor 192.27.0.58 set protocols ospf area 0.0.0.10 interface ge-1/0/0.10 interface-type p2p set protocols ospf area 0.0.0.10 interface ge-1/0/0.10 bfd-liveness-detection minimum-interval 300 set protocols ospf area 0.0.0.10 interface ge-1/0/0.10 bfd-liveness-detection multiplier 3 set protocols ospf area 0.0.0.10 interface lo0.0 set protocols ldp egress-policy ospf-ldp set protocols ldp interface all set protocols pim rp static address 192.27.0.92 set protocols pim interface all set protocols pim default-vpn-source interface-name lo0.0 set routing-instances blue instance-type no-forwarding set routing-instances blue interface ge-1/0/0.11 set routing-instances blue routing-options interface-routes rib-group inet blue-white set routing-instances blue routing-options static route 192.27.11.136/32 receive set routing-instances blue routing-options router-id 192.27.11.136 set routing-instances blue protocols ospf rib-group blue-white set routing-instances blue protocols ospf export blue-lo0 set routing-instances blue protocols ospf area 0.0.0.10 interface ge-1/0/0.11 interface-type p2p set routing-instances vrf-blue instance-type vrf set routing-instances vrf-blue interface ge-1/0/1.11 set routing-instances vrf-blue interface lo0.200 set routing-instances vrf-blue route-distinguisher 192.27.11.136:100 set routing-instances vrf-blue vrf-import import-vpn-blue set routing-instances vrf-blue vrf-export export-vpn-blue set routing-instances vrf-blue vrf-table-label set routing-instances vrf-blue protocols bgp group blue-ce type external set routing-instances vrf-blue protocols bgp group blue-ce peer-as 65100 set routing-instances vrf-blue protocols bgp group blue-ce neighbor 11.130.136.2 set routing-instances vrf-blue provider-tunnel pim-asm family inet tunnel-source 192.27.11.136set routing-instances vrf-blue provider-tunnel pim-asm family inet group-address 239.0.11.1set routing-instances vrf-blue protocols pim rp local address 11.130.136.1 set routing-instances vrf-blue protocols pim interface all set routing-instances vrf-white instance-type vrf set routing-instances vrf-white interface ge-1/0/1.10 set routing-instances vrf-white route-distinguisher 192.27.0.136:100 set routing-instances vrf-white vrf-target target:100:100 set routing-instances vrf-white vrf-table-label set routing-instances vrf-white protocols bgp group white-ce type external set routing-instances vrf-white protocols bgp group white-ce peer-as 65010 set routing-instances vrf-white protocols bgp group white-ce neighbor 10.130.136.2 set routing-instances vrf-white provider-tunnel pim-asm family inet group-address 238.0.10.1 set routing-instances vrf-white protocols pim vpn-group-address 238.0.10.1 set routing-instances vrf-white protocols pim rp local address 10.130.136.1 set routing-instances vrf-white protocols pim interface all set routing-options static route 172.16.0.0/12 next-hop 172.26.27.1 set routing-options static route 172.16.0.0/12 no-readvertise set routing-options static route 192.27.11.136/32 next-table blue.inet.0 set routing-options rib-groups blue-white import-rib blue.inet.0 set routing-options rib-groups blue-white import-rib inet.0 set routing-options router-id 192.27.0.136 set routing-options autonomous-system 65000
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide .
To change the default draft-rosen behavior and configure a VPN tunnel source in a routing instance:
On the PE routers, configure the interfaces.
[edit]user@host# edit interfaces[edit interfaces]user@host# set ge-1/0/0 vlan-tagging [edit interfaces]user@host# set ge-1/0/0 unit 10 vlan-id 10 [edit interfaces]user@host# set ge-1/0/0 unit 10 family inet address 10.136.174.1/30 [edit interfaces]user@host# set ge-1/0/0 unit 10 family mpls [edit interfaces]user@host# set ge-1/0/0 unit 11 vlan-id 11 [edit interfaces]user@host# set ge-1/0/0 unit 11 family inet address 11.136.174.1/30 [edit interfaces]user@host# set ge-1/0/0 unit 11 family mpls [edit interfaces]user@host# set ge-1/0/1 vlan-tagging [edit interfaces]user@host# set ge-1/0/1 unit 10 vlan-id 10 [edit interfaces]user@host# set ge-1/0/1 unit 10 family inet address 10.130.136.1/30 [edit interfaces]user@host# set ge-1/0/1 unit 11 vlan-id 11 [edit interfaces]user@host# set ge-1/0/1 unit 11 family inet address 11.130.136.1/30 [edit interfaces]user@host# set lo0 unit 0 family inet address 192.27.0.136/32 preferred [edit interfaces]user@host# set lo0 unit 0 family inet address 127.0.0.1/32 [edit interfaces]user@host# set lo0 unit 0 family iso address 49.0027.0000.0000.0136.00 [edit interfaces]user@host# set lo0 unit 200 family inet address 127.0.0.1/32 [edit interfaces]user@host# set lo0 unit 200 family inet address 192.27.11.136/32 [edit interfaces]user@host# set lo0 unit 200 family iso address 49.0027.0000.0000.0136.00 [edit interfaces]user@host# exitConfigure the routing policies.
[edit]user@host# edit policy-options[edit policy-options]user@host# set policy-statement blue-lo0 from protocol static [edit policy-options]user@host# set policy-statement blue-lo0 from route-filter 192.27.11.136/32 exact [edit policy-options]user@host# set policy-options policy-statement blue-lo0 from route-filter 192.27.0.136/32 exact [edit policy-options]user@host# set policy-statement blue-lo0 then accept [edit policy-options]user@host# set policy-statement blue-nh from community vpn-blue [edit policy-options]user@host# set policy-statement blue-nh then next-hop 192.27.11.136 [edit policy-options]user@host# set policy-statement blue-nh then accept [edit policy-options]user@host# set policy-statement export-vpn-blue term 10 from protocol static [edit policy-options]user@host# set policy-statement export-vpn-blue term 10 from protocol direct [edit policy-options]user@host# set policy-statement export-vpn-blue term 10 from protocol bgp [edit policy-options]user@host# set policy-statement export-vpn-blue term 10 then community add vpn-blue [edit policy-options]user@host# set policy-statement export-vpn-blue term 10 then accept [edit policy-options]user@host# set policy-options policy-statement export-vpn-blue term default then reject [edit policy-options]user@host# set policy-statement import-vpn-blue term 10 from protocol bgp [edit policy-options]user@host# set policy-statement import-vpn-blue term 10 from protocol direct [edit policy-options]user@host# set policy-statement import-vpn-blue term 10 from protocol static [edit policy-options]user@host# set policy-statement import-vpn-blue term 10 from community vpn-blue [edit policy-options]user@host# set policy-statement import-vpn-blue term 10 then accept [edit policy-options]user@host# set policy-statement import-vpn-blue term default then reject [edit policy-options]user@host# set policy-statement ospf-ldp from route-filter 192.27.0.136/32 exact [edit policy-options]user@host# set policy-options policy-statement ospf-ldp from route-filter 192.27.11.136/32 exact [edit policy-options]user@host# set policy-statement ospf-ldp then accept [edit policy-options]user@host# set community vpn-blue members target:100:200 [edit policy-options]user@host# exitConfigure the routing protocols in the master instance.
[edit]user@host# edit protocols[edit protocols]user@host# set bgp local-address 192.27.0.136 [edit protocols]user@host# set bgp vpn-apply-export [edit protocols]user@host# set bgp group btgs-pe type internal [edit protocols]user@host# set bgp group btgs-pe family inet-vpn any [edit protocols]user@host# set bgp group btgs-pe export blue-nh [edit protocols]user@host# set bgp group btgs-pe neighbor 192.27.0.92 [edit protocols]user@host# set bgp group btgs-pe neighbor 192.27.0.58 [edit protocols]user@host# set ospf area 0.0.0.10 interface ge-1/0/0.10 interface-type p2p [edit protocols]user@host# set ospf area 0.0.0.10 interface ge-1/0/0.10 bfd-liveness-detection minimum-interval 300 [edit protocols]user@host# set ospf area 0.0.0.10 interface ge-1/0/0.10 bfd-liveness-detection multiplier 3 [edit protocols]user@host# set ospf area 0.0.0.10 interface lo0.0 set ldp egress-policy ospf-ldp [edit protocols]user@host# set ldp interface all set pim rp static address 192.27.0.92 [edit protocols]user@host# set pim interface all set protocols pim default-vpn-source interface-name lo0.0 [edit protocols]user@host# exitConfigure a no-forwarding routing instance.
[edit]user@host# edit routing-instances[edit routing-instances]user@host# set blue instance-type no-forwarding set blue interface ge-1/0/0.11 [edit routing-instances]user@host# set blue routing-options interface-routes rib-group inet blue-white [edit routing-instances]user@host# set blue routing-options static route 192.27.11.136/32 receive [edit routing-instances]user@host# set blue routing-options router-id 192.27.11.136 [edit routing-instances]user@host# set blue protocols ospf rib-group blue-white [edit routing-instances]user@host# set blue protocols ospf export blue-lo0 [edit routing-instances]user@host# set blue protocols ospf area 0.0.0.10 interface ge-1/0/0.11 interface-type p2p [edit routing-instances]user@host# exitConfigure the vrf-blue routing instance, with the tunnel-source statement.
[edit routing-instances]user@host# set vrf-blue instance-type vrf [edit routing-instances]user@host# set vrf-blue interface ge-1/0/1.11 [edit routing-instances]user@host# set vrf-blue interface lo0.200 [edit routing-instances]user@host# set vrf-blue route-distinguisher 192.27.11.136:100 [edit routing-instances]user@host# set vrf-blue vrf-import import-vpn-blue [edit routing-instances]user@host# set vrf-blue vrf-export export-vpn-blue [edit routing-instances]user@host# set vrf-blue vrf-table-label [edit routing-instances]user@host# set vrf-blue protocols bgp group blue-ce type external [edit routing-instances]user@host# set vrf-blue protocols bgp group blue-ce peer-as 65100 [edit routing-instances]user@host# set vrf-blue protocols bgp group blue-ce neighbor 11.130.136.2 user@host# set vrf-blue provider-tunnel pim-asm family inet tunnel-source 192.27.11.136user@host# set vrf-blue provider-tunnel pim-asm family inet group-address 239.0.11.1user@host# set vrf-blue protocols pim rp local address 11.130.136.1 [edit routing-instances]user@host# set vrf-blue protocols pim interface allConfigure the vrf-white routing instance, without the tunnel-source statement.
[edit routing-instances]user@host# set vrf-white instance-type vrf [edit routing-instances]user@host# set vrf-white interface ge-1/0/1.10 [edit routing-instances]user@host# set vrf-white route-distinguisher 192.27.0.136:100 [edit routing-instances]user@host# set vrf-white vrf-target target:100:100 [edit routing-instances]user@host# set vrf-white vrf-table-label [edit routing-instances]user@host# set vrf-white protocols bgp group white-ce type external [edit routing-instances]user@host# set vrf-white protocols bgp group white-ce peer-as 65010 [edit routing-instances]user@host# set vrf-white protocols bgp group white-ce neighbor 10.130.136.2 user@host# set vrf-white provider-tunnel pim-ssm group-address 238.0.10.1 user@host# set vrf-white protocols pim rp local address 10.130.136.1 [edit routing-instances]user@host# set vrf-white protocols pim interface all [edit routing-instances]user@host# exitConfigure the routing table options.
[edit]user@host# set routing-options[edit routing-options]user@host# set static route 172.16.0.0/12 next-hop 172.26.27.1 [edit routing-options]user@host# set static route 172.16.0.0/12 no-readvertise [edit routing-options]user@host# set static route 192.27.11.136/32 next-table blue.inet.0 [edit routing-options]user@host# set rib-groups blue-white import-rib blue.inet.0 [edit routing-options]user@host# set rib-groups blue-white import-rib inet.0 [edit routing-options]user@host# set router-id 192.27.0.136 [edit routing-options]user@host# set autonomous-system 65000If you are done configuring the devices, commit the configuration.
[edit routing-options]user@host# commit
Results
From configuration mode, confirm your configuration by entering the show interfaces, show policy-options, show protocols, show routing-instances, and show routing-options commands. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
user@host# show interfacesge-1/0/0 {vlan-tagging;unit 10 {vlan-id 10;family inet {address 10.136.174.1/30;}family mpls;}unit 11 {vlan-id 11;family inet {address 11.136.174.1/30;}family mpls;}}ge-1/0/1 {vlan-tagging;unit 10 {vlan-id 10;family inet {address 10.130.136.1/30;}}unit 11 {vlan-id 11;family inet {address 11.130.136.1/30;}}}lo0 {unit 0 {family inet {address 192.27.0.136/32 {preferred;}address 127.0.0.1/32;}family iso {address 49.0027.0000.0000.0136.00;}}unit 200 {family inet {address 127.0.0.1/32;address 192.27.11.136/32;}family iso {address 49.0027.0000.0000.0136.00;}}}
user@host# show policy-optionspolicy-statement blue-lo0 {from {protocol static;route-filter 192.27.11.136/32 exact;route-filter 192.27.0.136/32 exact;}then accept;}policy-statement blue-nh {from community vpn-blue;then {next-hop 192.27.11.136;accept;}}policy-statement export-vpn-blue {term 10 {from protocol [ static direct bgp ];then {community add vpn-blue;accept;}}term default {then reject;}}policy-statement import-vpn-blue {term 10 {from {protocol [ bgp direct static ];community vpn-blue;}then accept;}term default {then reject;}}policy-statement ospf-ldp {from {route-filter 192.27.0.136/32 exact;route-filter 192.27.11.136/32 exact;}then accept;}community vpn-blue members target:100:200;
user@host# show protocolsbgp {local-address 192.27.0.136;vpn-apply-export;group btgs-pe {type internal;family inet-vpn {any;}export blue-nh;neighbor 192.27.0.92;neighbor 192.27.0.58;}}ospf {area 0.0.0.10 {interface ge-1/0/0.10 {interface-type p2p;bfd-liveness-detection {minimum-interval 300;multiplier 3;}}interface lo0.0;}}ldp {egress-policy ospf-ldp;interface all;}pim {rp {static {address 192.27.0.92;}}interface all;default-vpn-source {interface-name lo0.0;}}
user@host# show routing-intancesblue {instance-type no-forwarding;interface ge-1/0/0.11;routing-options {interface-routes {rib-group inet blue-white;}static {route 192.27.11.136/32 receive;}router-id 192.27.11.136;}protocols {ospf {rib-group blue-white;export blue-lo0;area 0.0.0.10 {interface ge-1/0/0.11 {interface-type p2p;}}}}}vrf-blue {instance-type vrf;interface ge-1/0/1.11;interface lo0.200;route-distinguisher 192.27.11.136:100;vrf-import import-vpn-blue;vrf-export export-vpn-blue;vrf-table-label;provider-tunnel {pim-asm {family {inet {group-address 239.0.11.1;tunnel-source 192.27.11.136;}}}}protocols {bgp {group blue-ce {type external;peer-as 65100;neighbor 11.130.136.2;}}pim {vpn-tunnel-source 192.27.11.136;vpn-group-address 239.0.11.1;rp {local {address 11.130.136.1;}}interface all;}}}vrf-white {instance-type vrf;interface ge-1/0/1.10;route-distinguisher 192.27.0.136:100;vrf-target target:100:100;vrf-table-label;provider-tunnel {pim-ssm {group-address 238.0.10.1;}}protocols {bgp {group white-ce {type external;peer-as 65010;neighbor 10.130.136.2;}}pim {vpn-group-address 238.0.10.1;rp {local {address 10.130.136.1;}}interface all;}}}
user@host# show routing-optionsstatic {route 172.16.0.0/12 {next-hop 172.26.27.1;no-readvertise;}route 192.27.11.136/32 next-table blue.inet.0;}rib-groups {blue-white {import-rib [ blue.inet.0 inet.0 ];}}router-id 192.27.0.136;autonomous-system 65000;
Verification
To verify the configuration, run the show pim mdt, show pim neighbors, and show pim join instance insance-name commands.
Related Documentation
- J, M, MX, PTX, SRX, T Series
- Example: Configuring PIM RPF Selection
- M, MX, T Series
- Example: Configuring Source-Specific Multicast for Draft-Rosen Multicast VPNs
- Example: Configuring Any-Source Multicast for Draft-Rosen VPNs
- Understanding MVPN Interoperation with Other Vendors
- M, MX, PTX, T Series
- Configuring Draft-Rosen Multicast VPNs
Published: 2012-06-27
Related Documentation
- J, M, MX, PTX, SRX, T Series
- Example: Configuring PIM RPF Selection
- M, MX, T Series
- Example: Configuring Source-Specific Multicast for Draft-Rosen Multicast VPNs
- Example: Configuring Any-Source Multicast for Draft-Rosen VPNs
- Understanding MVPN Interoperation with Other Vendors
- M, MX, PTX, T Series
- Configuring Draft-Rosen Multicast VPNs
