Rate and give feedback:  Feedback Received. Thank You!

Rate and give feedback: 

X

This document helped resolve my issue

Yes No

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:  

E-mail: 

Enter a valid Email ID

Need product assistance? Contact Juniper Support

Submit

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.

English  

English

Example: Configuring MSDP in a Routing Instance

Requirements

Before you begin:

• Configure the router interfaces. See the Junos® OS Network Interfaces.
• Configure an interior gateway protocol or static routing. See the Junos OS Routing Protocols Configuration Guide.
• Enable PIM. See PIM Overview.

Overview

• Forwarding
• No forwarding
• Virtual router
• VPLS
• VRF

The main use of MSDP in a routing instance is to support anycast RPs in the network, which allows you to configure redundant RPs. Anycast RP addressing requires MSDP support to synchronize the active sources between RPs.

A designated router (DR) sends periodic join messages and prune messages toward a group-specific rendezvous point (RP) for each group for which it has active members. When a Protocol Independent Multicast (PIM) router learns about a source, it originates an MSDP source-address message if it is the DR on the upstream interface.

• authentication-key—By default, multicast routers accept and process any properly formatted MSDP messages from the configured peer address. This default behavior might violate the security policies in many organizations because MSDP messages by definition come from another routing domain beyond the control of the security practices of the multicast router's organization.

  The router can authenticate MSDP messages using the TCP message digest 5 (MD5) signature option for MSDP peering sessions. This authentication provides protection against spoofed packets being introduced into an MSDP peering session. Two organizations implementing MSDP authentication must decide on a human-readable key on both peers. This key is included in the MD5 signature computation for each MSDP segment sent between the two peers.

  You configure an MSDP authentication key on a per-peer basis, whether the MSDP peer is defined in a group or individually. If you configure different authentication keys for the same peer one in a group and one individually, the individual key is used.

  The peer key can be a text string up to 16 letters and digits long. Strings can include any ASCII characters with the exception of (,), &, and [. If you include spaces in an MSDP authentication key, enclose all characters in quotation marks (“ ”).

  Adding, removing, or changing an MSDP authentication key in a peering session resets the existing MSDP session and establishes a new session between the affected MSDP peers. This immediate session termination prevents excessive retransmissions and eventual session timeouts due to mismatched keys.

• import and export—All routing protocols use the routing table to store the routes that they learn and to determine which routes they advertise in their protocol packets. Routing policy allows you to control which routes the routing protocols store in, and retrieve from, the routing table.

  You can configure routing policy globally, for a group, or for an individual peer. This example shows how to configure the policy for an individual peer.

  If you configure routing policy at the group level, each peer in a group inherits the group's routing policy.

  The import statement applies policies to source-active messages being imported into the source-active cache from MSDP. The export statement applies policies to source-active messages being exported from the source-active cache into MSDP. If you specify more than one policy, they are evaluated in the order specified, from first to last, and the first matching policy is applied to the route. If no match is found for the import policy, MSDP shares with the routing table only those routes that were learned from MSDP routers. If no match is found for the export policy, the default MSDP export policy is applied to entries in the source-active cache. See Table 1 for a list of match conditions.

  Table 1: MSDP Source-Active Message Filter Match Conditions

  Match Condition	Matches On
  interface	Router interface or interfaces specified by name or IP address
  neighbor	Neighbor address (the source address in the IP header of the source-active message)
  route-filter	Multicast group address embedded in the source-active message
  source-address-filter	Multicast source address embedded in the source-active message

• local-address—Identifies the address of the router you are configuring as an MSDP router (the local router). When you configure MSDP, the local-address statement is required. The router must also be a Protocol Independent Multicast (PIM) sparse-mode rendezvous point (RP).
• peer—An MSDP router must know which routers are its peers. You define the peer relationships explicitly by configuring the neighboring routers that are the MSDP peers of the local router. After peer relationships are established, the MSDP peers exchange messages to advertise active multicast sources. You must configure at least one peer for MSDP to function. When you configure MSDP, the peer statement is required. The router must also be a Protocol Independent Multicast (PIM) sparse-mode rendezvous point (RP).

  You can arrange MSDP peers into groups. Each group must contain at least one peer. Arranging peers into groups is useful if you want to block sources from some peers and accept them from others, or set tracing options on one group and not others. This example shows how to configure the MSDP peers in groups. If you configure MSDP peers in a group, each peer in a group inherits all group-level options.

Figure 1 shows the topology for this example.

Figure 1: MSDP in a VRF Instance Topology

Configuration

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.

Step-by-Step Procedure

1. Configure the BGP export policy.

   [edit policy-options]user@host# set policy-statement bgp-to-ospf term 1 from protocol bgpuser@host# set policy-statement bgp-to-ospf term 1 then accept
2. Configure a policy that filters out certain source and group addresses and accepts all other source and group addresses.
   [edit policy-options]user@host# set policy-statement sa-filter term bad-groups from route-filter 224.0.1.2/32 exact user@host# set policy-statement sa-filter term bad-groups from route-filter 224.0.1.2/32 exact user@host# set policy-statement sa-filter term bad-groups from route-filter 224.77.0.0/16 orlonger user@host# set policy-statement sa-filter term bad-groups then reject user@host# set policy-statement sa-filter term bad-sources from source-address-filter 10.0.0.0/8 orlonger user@host# set policy-statement sa-filter term bad-sources from source-address-filter 127.0.0.0/8 orlonger user@host# set policy-statement sa-filter term bad-sources then reject user@host# set policy-statement sa-filter term accept-everything-else then accept
3. Configure the routing instance type and interfaces.
   [edit routing-instances]user@host# set VPN-100 instance-type vrf user@host# set VPN-100 interface ge-0/0/0.100 user@host# set VPN-100 interface lo0.100
4. Configure the routing instance route distinguisher and VRF target.
   [edit routing-instances]user@host# set VPN-100 route-distinguisher 10.255.120.36:100 user@host# set VPN-100 vrf-target target:100:1
5. Configure OSPF in the routing instance.
   [edit routing-instances]user@host# set VPN-100 protocols ospf export bgp-to-ospf user@host# set VPN-100 protocols ospf area 0.0.0.0 interface lo0.100 user@host# set VPN-100 protocols ospf area 0.0.0.0 interface ge-0/0/0.100
6. Configure PIM in the routing instance.
   [edit routing-instances]user@host# set VPN-100 protocols pim rp static address 11.11.47.100 user@host# set VPN-100 protocols pim interface lo0.100 mode sparse-dense user@host# set VPN-100 protocols pim interface lo0.100 version 2 user@host# set VPN-100 protocols pim interface ge-0/0/0.100 mode sparse-dense user@host# set VPN-100 protocols pim interface ge-0/0/0.100 version 2
7. Configure MSDP in the routing instance.
   [edit routing-instances]user@host# set VPN-100 protocols msdp export sa-filter user@host# set VPN-100 protocols msdp import sa-filter user@host# set VPN-100 protocols msdp group 100 local-address 10.10.47.100 user@host# set VPN-100 protocols msdp group 100 peer 10.255.120.39 authentication-key “New York”[edit routing-instances]user@host# set VPN-100 protocols msdp group to_pe local-address 10.10.47.100 [edit routing-instances]user@host# set VPN-100 protocols msdp group to_pe peer 11.11.47.100

8. If you are done configuring the device, commit the configuration.

   [edit routing-instances]user@host# commit

Results

Confirm your configuration by entering the show policy-options command and the show routing-instances command from configuration mode. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.

Verification

To verify the configuration, run the following commands:

• show msdp instance VPN-100
• show msdp source-active VPN-100
• show multicast usage instance VPN-100
• show route table VPN-100.inet.4