Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Example: Configuring Any-Source Multicast for Draft-Rosen VPNs

Requirements

Before you begin:

• Configure the router interfaces. See the Junos® OS Network Interfaces.
• Configure an interior gateway protocol or static routing. See the Junos OS Routing Protocols Configuration Guide.
• Configure the VPN. See the Junos OS VPNs Configuration Guide.
• Configure the VPN import and VPN export policies. See Configuring Policies for the VRF Table on PE Routers in VPNs in the Junos OS VPNs Configuration Guide.
• Make sure that the routing devices support multicast tunnel (mt) interfaces for encapsulating and de-encapsulating data packets into tunnels. See Tunnel Services PICs and Multicast and Load Balancing Multicast Tunnel Interfaces Among Available PICs.

  For multicast to work on draft-rosen Layer 3 VPNs, each of the following routers must have tunnel interfaces:

  • Each provider edge (PE) router.
  • Any provider (P) router acting as the RP.
  • Any customer edge (CE) router that is acting as a source's DR or as an RP. A receiver's designated router does not need a Tunnel Services PIC.

Overview

Draft-rosen multicast virtual private networks (MVPNs) can be configured to support service provider tunnels operating in any-source multicast (ASM) mode or source-specific multicast (SSM) mode.

In this example, the term multicast Layer 3 VPNs is used to refer to draft-rosen MVPNs.

• interface lo0.1—Configures an additional unit on the loopback interface of the PE router. For the lo0.1 interface, assign an address from the VPN address space. Add the lo0.1 interface to the following places in the configuration:
  • VRF routing instance
  • PIM in the VRF routing instance
  • IGP and BGP policies to advertise the interface in the VPN address space

  In multicast Layer 3 VPNs, the multicast PE routers must use the primary loopback address (or router ID) for sessions with their internal BGP peers. If the PE routers use a route reflector and the next hop is configured as self, Layer 3 multicast over VPN will not work, because PIM cannot transmit upstream interface information for multicast sources behind remote PEs into the network core. Multicast Layer 3 VPNs require that the BGP next-hop address of the VPN route match the BGP next-hop address of the loopback VRF instance address.

• protocols pim interface—Configures the interfaces between each provider router and the PE routers. On all CE routers, include this statement on the interfaces facing toward the provider router acting as the RP.
• protocols pim mode sparse—Enables PIM sparse mode on the lo0 interface of all PE routers. You can either configure that specific interface or configure all interfaces with the interface all statement. On CE routers, you can configure sparse mode or sparse-dense mode.
• protocols pim rp local—On all routers acting as the RP, configure the address of the local lo0 interface. The P router acts as the RP router in this example.
• protocols pim rp static—On all PE and CE routers, configure the address of the router acting as the RP.

  It is possible for a PE router to be configured as the VPN customer RP (C-RP) router. A PE router can also act as the DR. This type of PE configuration can simplify configuration of customer DRs and VPN C-RPs for multicast VPNs. However, the bootstrap router (BSR) and auto-RP features are not supported. This example does not discuss the use of the PE as the VPN C-RP.

  Figure 1 shows multicast connectivity on the customer edge. In the figure, CE2 is the RP router. However, the RP router can be anywhere in the customer network.

  Figure 1: Multicast Connectivity on the CE Routers

  
• protocols pim version 2—Enables PIM version 2 on the lo0 interface of all PE routers and CE routers. You can either configure that specific interface or configure all interfaces with the interface all statement.
• group-address—In a routing instance, configure multicast connectivity for the VPN on the PE routers. Configure a VPN group address on the interfaces facing toward the router acting as the RP.

  The PIM configuration in the VPN routing and forwarding (VRF) instance on the PE routers needs to match the master PIM instance on the CE router. Therefore, the PE router contains both a master PIM instance (to communicate with the provider core) and the VRF instance (to communicate with the CE routers).

  VRF instances that are part of the same VPN share the same VPN group address. For example, all PE routers containing multicast-enabled routing instance VPN-A share the same VPN group address configuration. In Figure 2, the shared VPN group address configuration is 239.1.1.1.

  Figure 2: Multicast Connectivity for the VPN

  
• routing-instances instance-name protocols pim rib-group—Adds the routing group to the VPN's VRF instance.
• routing-options rib-groups—Configures the multicast routing group.

This example describes how to configure multicast in PIM sparse mode for a range of multicast addresses for VPN-A as shown in Figure 3.

Figure 3: Customer Edge and Service Provider Networks

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

1. Configure PIM on the P router.

   [edit]user@host# edit protocols pim[edit protocols pim]user@host# set dense-groups 224.0.1.39/32[edit protocols pim]user@host# set dense-groups 224.0.1.40/32[edit protocols pim]user@host# set rp local address 10.255.71.47[edit protocols pim]user@host# set interface all mode sparse[edit protocols pim]user@host# set interface all version 2[edit protocols pim]user@host# set interface fxp0.0 disable
2. Configure PIM on the PE1 and PE2 routers. Specify a static route to the service provider RP—the P router (10.255.71.47).
   [edit]user@host# edit protocols pim[edit protocols pim]user@host# set rp static address 10.255.71.47[edit protocols pim]user@host# set interface interface all mode sparse[edit protocols pim]user@host# set interface interface all version 2[edit protocols pim]user@host# set interface fxp0.0 disable[edit protocols pim]user@host# exit
3. Configure PIM on CE1. Specify the RP address for the VPN RP—Router CE2 (10.255.245.91).
   [edit]user@host# edit protocols pim[edit protocols pim]user@host# set rp static address 10.255.245.91[edit protocols pim]user@host# set interface all mode sparse[edit protocols pim]user@host# set interface all version 2[edit protocols pim]user@host# set interface fxp0.0 disable[edit protocols pim]user@host# exit
4. Configure PIM on CE2, which acts as the VPN RP. Specify CE2's address (10.255.245.91).
   [edit]user@host# edit protocols pim[edit protocols pim]user@host# set rp local address 10.255.245.91[edit protocols pim]user@host# set interface all mode sparse[edit protocols pim]user@host# set interface all version 2[edit protocols pim]user@host# set interface fxp0.0 disable[edit protocols pim]user@host# exit
5. On PE1, configure the routing instance (VPN-A) for the Layer 3 VPN.
   [edit]user@host# edit routing-instances VPN-A[edit routing-instances VPN-A]user@host# set instance-type vrf[edit routing-instances VPN-A]user@host# set interface t1-1/0/0:0.0[edit routing-instances VPN-A]user@host# set interface lo0.1[edit routing-instances VPN-A]user@host# set route-distinguisher 10.255.71.46:100[edit routing-instances VPN-A]user@host# set vrf-import VPNA-import[edit routing-instances VPN-A]user@host# set vrf-export VPNA-export
6. On PE1, configure the IGP policy to advertise the interfaces in the VPN address space.
   [edit routing-instances VPN-A]user@host# set protocols ospf export bgp-to-ospf[edit routing-instances VPN-A]user@host# set protocols ospf area 0.0.0.0 interface t1-1/0/0:0.0[edit routing-instances VPN-A]user@host# set protocols ospf area 0.0.0.0 interface lo0.1
7. On PE1, set the RP configuration for the VRF instance. The RP configuration within the VRF instance provides explicit knowledge of the RP address, so that the (*,G) state can be forwarded.
   [edit routing-instances VPN-A]user@host# set protocols pim vpn-group-address 239.1.1.1[edit routing-instances VPN-A]user@host# set protocols provider-tunnel pim-asm group-address 239.1.1.1user@host# set protocols pim rp static address 10.255.245.91[edit routing-instances VPN-A]user@host# set protocols pim interface t1-1/0/0:0.0 mode sparse[edit routing-instances VPN-A]user@host# set protocols pim interface t1-1/0/0:0.0 version 2[edit routing-instances VPN-A]user@host# set protocols pim interface lo0.1 mode sparse[edit routing-instances VPN-A]user@host# set protocols pim interface lo0.1 version 2[edit routing-instances VPN-A]user@host# exit
8. On PE1, configure the loopback interfaces.
   [edit]user@host# edit interface lo0[edit interface lo0]user@host# set unit 0 family inet address 192.168.27.13/32 primary[edit interface lo0]user@host# set unit 0 family inet address 127.0.0.1/32[edit interface lo0]user@host# set unit 1 family inet address 10.10.47.101/32[edit interface lo0]user@host# exit
9. As you did for the PE1 router, configure the PE2 router.
   [edit]user@host# edit routing-instances VPN-A[edit routing-instances VPN-A]user@host# set instance-type vrf[edit routing-instances VPN-A]user@host# set interface t1-2/0/0:0.0[edit routing-instances VPN-A]user@host# set interface lo0.1[edit routing-instances VPN-A]user@host# set route-distinguisher 10.255.71.51:100[edit routing-instances VPN-A]user@host# set vrf-import VPNA-import[edit routing-instances VPN-A]user@host# set vrf-export VPNA-export[edit routing-instances VPN-A]user@host# set protocols ospf export bgp-to-ospf[edit routing-instances VPN-A]user@host# set protocols ospf area 0.0.0.0 interface t1-2/0/0:0.0[edit routing-instances VPN-A]user@host# set protocols ospf area 0.0.0.0 interface lo0.1[edit routing-instances VPN-A]user@host# set protocols pim vpn-group-address 239.1.1.1[edit routing-instances VPN-A]user@host# set protocols pim rp static address 10.255.245.91[edit routing-instances VPN-A]user@host# set protocols pim interface t1-2/0/0:0.0 mode sparse[edit routing-instances VPN-A]user@host# set pim interface t1-2/0/0:0.0 version 2[edit routing-instances VPN-A]user@host# set protocols pim interface lo0.1 mode sparse[edit routing-instances VPN-A]user@host# set protocols pim interface lo0.1 version 2[edit routing-instances VPN-A]user@host# exit[edit]user@host# edit interface lo0[edit interface lo0]user@host# set unit 0 family inet address 192.168.27.14/32 primary[edit interface lo0]user@host# set unit 0 family inet address 127.0.0.1/32[edit interface lo0]user@host# set unit 1 family inet address 10.10.47.102/32
10. When one of the PE routers is running Cisco Systems IOS software, you must configure the Juniper Networks PE router to support this multicast interoperability requirement. The Juniper Networks PE router must have the lo0.0 interface in the master routing instance and the lo0.1 interface assigned to the VPN routing instance. You must configure the lo0.1 interface with the same IP address that the lo0.0 interface uses for BGP peering in the provider core in the master routing instance.

    Configure the same IP address on the lo0.0 and lo0.1 loopback interfaces of the Juniper Networks PE router at the [edit interfaces lo0] hierarchy level, and assign the address used for BGP peering in the provider core in the master routing instance. In this alternate example, unit 0 and unit 1 are configured for Cisco IOS interoperability.

    [edit interface lo0]user@host# set unit 0 family inet address 192.168.27.14/32 primary[edit interface lo0]user@host# set unit 0 family inet address 127.0.0.1/32[edit interface lo0]user@host# set unit 1 family inet address 192.168.27.14/32[edit interface lo0]user@host# exit
11. Configure the multicast routing table group. This group accesses inet.2 when doing RPF checks. However, if you are using inet.0 for multicast RPF checks, this step will prevent your multicast configuration from working.
    [edit]user@host# edit routing-options[edit routing-options]user@host# set interface-routes rib-group inet VPNA-mcast-rib[edit routing-options]user@host# set rib-groups VPNA-mcast-rib export-rib VPN-A.inet.2[edit routing-options]user@host# set rib-groups VPNA-mcast-rib import-rib VPN-A.inet.2[edit routing-options]user@host# exit
12. Activate the multicast routing table group in the VPN's VRF instance.
    [edit]user@host# edit routing-instances VPN-A[edit routing-instances VPN-A]user@host# set protocols pim rib-group inet VPNA-mcast-rib

13. If you are done configuring the device, commit the configuration.

    [edit routing-instances VPN-A]user@host# commit

Results

Confirm your configuration by entering the show interfaces, show protocols, show routing-instances, and show routing-options commands from configuration mode. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration. This output shows the configuration on PE1.

Verification

1. Display multicast tunnel information and the number of neighbors by using the show pim interfaces instance instance-name command from the PE1 or PE2 router. When issued from the PE1 router, the output display is:
   user@host> show pim interfaces instance VPN-A

   Instance: PIM.VPN-A
   Name                   Stat Mode       IP V State Count DR address
   lo0.1                  Up   Sparse      4 2 DR        0 10.10.47.101
   mt-1/1/0.32769         Up   Sparse      4 2 DR        1
   mt-1/1/0.49154         Up   Sparse      4 2 DR        0
   pe-1/1/0.32769         Up   Sparse      4 1 P2P       0
   t1-2/1/0:0.0           Up   Sparse      4 2 P2P       1
   

   You can also display all PE tunnel interfaces by using the show pim join command from the provider router acting as the RP.

2. Display multicast tunnel interface information, DR information, and the PIM neighbor status between VRF instances on the PE1 and PE2 routers by using the show pim neighbors instance instance-name command from either PE router. When issued from the PE1 router, the output is as follows:
   user@host> show pim neighbors instance VPN-A

   Instance: PIM.VPN-A
   Interface           IP V Mode        Option      Uptime Neighbor addr
   mt-1/1/0.32769       4 2             HPL       01:40:46 10.10.47.102
   t1-1/0/0:0.0         4 2             HPL       01:41:41 192.168.196.178