Example: Configuring PIM Join Load Balancing on Draft-Rosen Multicast VPN
This example shows how to configure multipath routing for external and internal virtual private network (VPN) routes with unequal interior gateway protocol (IGP) metrics, and Protocol Independent Multicast (PIM) join load balancing on provider edge (PE) routers running Draft-Rosen multicast VPN (MVPN). This feature allows customer PIM (C-PIM) join messages to be load-balanced across external and internal BGP (EIBGP) upstream paths when the PE router has both external BGP (EBGP) and internal BGP (IBGP) paths toward the source or rendezvous point (RP).
Requirements
This example requires the following hardware and software components:
Three routers that can be a combination of M Series Multiservice Edge Routers, MX Series 5G Universal Routing Platforms, or T Series Core Routers.
Junos OS Release 12.1 or later running on all the devices.
Before you begin:
Configure the device interfaces.
Configure the following routing protocols on all PE routers:
OSPF
MPLS
LDP
PIM
BGP
Configure a multicast VPN.
Overview and Topology
Junos OS Release 12.1 and later support multipath configuration along with PIM join load balancing. This allows C-PIM join messages to be load-balanced across unequal EIBGP routes, if a PE router has EBGP and IBGP paths toward the source (or RP). In previous releases, only the active EBGP path was used to send the join messages. This feature is applicable to IPv4 C-PIM join messages.
During load balancing, if a PE router loses one or more EBGP paths toward the source (or RP), the C-PIM join messages that were previously using the EBGP path are moved to a multicast tunnel interface, and the reverse path forwarding (RPF) neighbor on the multicast tunnel interface is selected based on a hash mechanism.
On discovering the first EBGP path toward the source (or RP), only the new join messages get load-balanced across EIBGP paths, whereas the existing join messages on the multicast tunnel interface remain unaffected.
Though the primary goal for multipath PIM join load balancing is to utilize unequal EIBGP paths for multicast traffic, potential join loops can be avoided if a PE router chooses only the EBGP path when there are one or more join messages for different groups from a remote PE router. If the remote PE router’s join message arrives after the PE router has already chosen IBGP as the upstream path, then the potential loops can be broken by changing the selected upstream path to EBGP.
During a graceful Routing Engine switchover (GRES), the EIBGP path selection for C-PIM join messages can vary, because the upstream interface selection is performed again for the new Routing Engine based on the join messages it receives from the CE and PE neighbors. This can lead to disruption of multicast traffic depending on the number of join messages received and the load on the network at the time of the graceful restart. However, the nonstop active routing feature is not supported and has no impact on the multicast traffic in a Draft-Rosen MVPN scenario.
In this example, PE1 and PE2 are the upstream PE routers for which the multipath PIM join load-balancing feature is configured. Routers PE1 and PE2 have one EBGP path and one IBGP path each toward the source. The Source and Receiver attached to customer edge (CE) routers are Free BSD hosts.
On PE routers that have EIBGP paths toward the source (or RP), such as PE1 and PE2, PIM join load balancing is performed as follows:
The existing join-count-based load balancing is performed such that the algorithm first selects the least loaded C-PIM interface. If there is equal or no load on all the C-PIM interfaces, the join messages get distributed equally across the available upstream interfaces.
In Figure 1, if the PE1 router receives PIM join messages from the CE2 router, and if there is equal or no load on both the EBGP and IBGP paths toward the source, the join messages get load-balanced on the EIBGP paths.
If the selected least loaded interface is a multicast tunnel interface, then there can be a potential join loop if the downstream list of the customer join (C-join) message already contains the multicast tunnel interface. In such a case, the least loaded interface among EBGP paths is selected as the upstream interface for the C-join message.
Assuming that the IBGP path is the least loaded, the PE1 router sends the join messages to PE2 using the IBGP path. If PIM join messages from the PE3 router arrive on PE1, then the downstream list of the C-join messages for PE3 already contains a multicast tunnel interface, which can lead to a potential join loop, because both the upstream and downstream interfaces are multicast tunnel interfaces. In this case, PE1 uses only the EBGP path to send the join messages.
If the selected least loaded interface is a multicast tunnel interface and the multicast tunnel interface is not present in the downstream list of the C-join messages, the loop prevention mechanism is not necessary. If any PE router has already advertised data multicast distribution tree (MDT) type, length, and values (TLVs), that PE router is selected as the upstream neighbor.
When the PE1 router sends the join messages to PE2 using the least loaded IBGP path, and if PE3 sends its join messages to PE2, no join loop is created.
If no data MDT TLV corresponds to the C-join message, the least loaded neighbor on a multicast tunnel interface is selected as the upstream interface.
On PE routers that have only IBGP paths toward the source (or RP), such as PE3, PIM join load balancing is performed as follows:
The PE router only finds a multicast tunnel interface as the RPF interface, and load balancing is done across the C-PIM neighbors on a multicast tunnel interface.
Router PE3 load-balances PIM join messages received from the CE4 router across the IBGP paths to the PE1 and PE2 routers.
If any PE router has already advertised data MDT TLVs corresponding to the C-join messages, that PE router is selected as the RPF neighbor.
For a particular C-multicast flow, at least one of the PE routers having EIBGP paths toward the source (or RP) must use only the EBGP path to avoid or break join loops. As a result of the loop avoidance mechanism, a PE router is constrained to choose among EIBGP paths when a multicast tunnel interface is already present in the downstream list.
In Figure 1, assuming that the CE2 host is interested in receiving traffic from the Source and CE2 initiates multiple PIM join messages for different groups (Group 1 with group address 203.0.113.1, and Group 2 with group address 203.0.113.2), the join messages for both groups arrive on the PE1 router.
Router PE1 then equally distributes the join messages between the EIBGP paths toward the Source. Assuming that Group 1 join messages are sent to the CE1 router directly using the EBGP path, and Group 2 join messages are sent to the PE2 router using the IBGP path, PE1 and PE2 become the RPF neighbors for Group 1 and Group 2 join messages, respectively.
When the CE3 router initiates Group 1 and Group 2 PIM join messages, the join messages for both groups arrive on the PE2 router. Router PE2 then equally distributes the join messages between the EIBGP paths toward the Source. Since PE2 is the RPF neighbor for Group 2 join messages, it sends the Group 2 join messages directly to the CE1 router using the EBGP path. Group 1 join messages are sent to the PE1 router using the IBGP path.
However, if the CE4 router initiates multiple Group 1 and Group 2 PIM join messages, there is no control over how these join messages received on the PE3 router get distributed to reach the Source. The selection of the RPF neighbor by PE3 can affect PIM join load balancing on EIBGP paths.
If PE3 sends Group 1 join messages to PE1 and Group 2 join messages to PE2, there is no change in RPF neighbor. As a result, no join loops are created.
If PE3 sends Group 1 join messages to PE2 and Group 2 join messages to PE1, there is a change in the RPF neighbor for the different groups resulting in the creation of join loops. To avoid potential join loops, PE1 and PE2 do not consider IBGP paths to send the join messages received from the PE3 router. Instead, the join messages are sent directly to the CE1 router using only the EBGP path.
The loop avoidance mechanism in a Draft-Rosen MVPN has the following limitations:
Because the timing of arrival of join messages on remote PE routers determines the distribution of join messages, the distribution could be sub-optimal in terms of join count.
Because join loops cannot be avoided and can occur due to the timing of join messages, the subsequent RPF interface change leads to loss of multicast traffic. This can be avoided by implementing the PIM make-before-break feature.
The PIM make-before-break feature is an approach to detect and break C-PIM join loops in a Draft-Rosen MVPN. The C-PIM join messages are sent to the new RPF neighbor after establishing the PIM neighbor relationship, but before updating the related multicast forwarding entry. Though the upstream RPF neighbor would have updated its multicast forwarding entry and started sending the multicast traffic downstream, the downstream router does not forward the multicast traffic (because of RPF check failure) until the multicast forwarding entry is updated with the new RPF neighbor. This helps to ensure that the multicast traffic is available on the new path before switching the RPF interface of the multicast forwarding entry.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
PE1
set routing-instances vpn1 instance-type vrf set routing-instances vpn1 interface ge-5/0/4.0 set routing-instances vpn1 interface ge-5/2/0.0 set routing-instances vpn1 interface lo0.1 set routing-instances vpn1 route-distinguisher 1:1 set routing-instances vpn1 vrf-target target:1:1 set routing-instances vpn1 routing-options multipath vpn-unequal-cost equal-external-internal set routing-instances vpn1 protocols bgp export direct set routing-instances vpn1 protocols bgp group bgp type external set routing-instances vpn1 protocols bgp group bgp local-address 192.0.2.4 set routing-instances vpn1 protocols bgp group bgp family inet unicast set routing-instances vpn1 protocols bgp group bgp neighbor 192.0.2.5 peer-as 3 set routing-instances vpn1 protocols bgp group bgp1 type external set routing-instances vpn1 protocols bgp group bgp1 local-address 192.0.2.1 set routing-instances vpn1 protocols bgp group bgp1 family inet unicast set routing-instances vpn1 protocols bgp group bgp1 neighbor 192.0.2.2 peer-as 4 set routing-instances vpn1 protocols pim group-address 198.51.100.1 set routing-instances vpn1 protocols pim rp static address 10.255.8.168 set routing-instances vpn1 protocols pim interface all set routing-instances vpn1 protocols pim join-load-balance
PE2
set routing-instances vpn1 instance-type vrf set routing-instances vpn1 interface ge-2/0/3.0 set routing-instances vpn1 interface ge-4/0/5.0 set routing-instances vpn1 interface lo0.1 set routing-instances vpn1 route-distinguisher 2:2 set routing-instances vpn1 vrf-target target:1:1 set routing-instances vpn1 routing-options multipath vpn-unequal-cost equal-external-internal set routing-instances vpn1 protocols bgp export direct set routing-instances vpn1 protocols bgp group bgp1 type external set routing-instances vpn1 protocols bgp group bgp1 local-address 10.90.10.1 set routing-instances vpn1 protocols bgp group bgp1 family inet unicast set routing-instances vpn1 protocols bgp group bgp1 neighbor 10.90.10.2 peer-as 45 set routing-instances vpn1 protocols bgp group bgp type external set routing-instances vpn1 protocols bgp group bgp local-address 10.50.10.2 set routing-instances vpn1 protocols bgp group bgp family inet unicast set routing-instances vpn1 protocols bgp group bgp neighbor 10.50.10.1 peer-as 4 set routing-instances vpn1 protocols pim group-address 198.51.100.1 set routing-instances vpn1 protocols pim rp static address 10.255.8.168 set routing-instances vpn1 protocols pim interface all set routing-instances vpn1 protocols pim join-load-balance
Procedure
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode. To configure the PE1 router:
Repeat this procedure for every Juniper Networks router in the MVPN domain, after modifying the appropriate interface names, addresses, and any other parameters for each router.
Configure a VPN routing and forwarding (VRF) instance.
[edit routing-instances vpn1] user@PE1# set instance-type vrf user@PE1# set interface ge-5/0/4.0 user@PE1# set interface ge-5/2/0.0 user@PE1# set interface lo0.1 user@PE1# set route-distinguisher 1:1 user@PE1# set vrf-target target:1:1
Enable protocol-independent load balancing for the VRF instance.
[edit routing-instances vpn1] user@PE1# set routing-options multipath vpn-unequal-cost equal-external-internal
Configure BGP groups and neighbors to enable PE to CE routing.
[edit routing-instances vpn1 protocols] user@PE1# set bgp export direct user@PE1# set bgp group bgp type external user@PE1# set bgp group bgp local-address 192.0.2.4 user@PE1# set bgp group bgp family inet unicast user@PE1# set bgp group bgp neighbor 192.0.2.5 peer-as 3 user@PE1# set bgp group bgp1 type external user@PE1# set bgp group bgp1 local-address 192.0.2.1 user@PE1# set bgp group bgp1 family inet unicast user@PE1# set bgp group bgp1 neighbor 192.0.2.2 peer-as 4
Configure PIM to enable PE to CE multicast routing.
[edit routing-instances vpn1 protocols] user@PE1# set pim group-address 198.51.100.1 user@PE1# set pim rp static address 10.255.8.168
Enable PIM on all network interfaces.
[edit routing-instances vpn1 protocols] user@PE1# set pim interface all
Enable PIM join load balancing for the VRF instance.
[edit routing-instances vpn1 protocols] user@PE1# set pim join-load-balance
Results
From configuration mode, confirm your configuration by entering the show routing-instances command. If the output does not display the intended configuration, repeat the instructions in this example to correct the configuration.
routing-instances { vpn1 { instance-type vrf; interface ge-5/0/4.0; interface ge-5/2/0.0; interface lo0.1; route-distinguisher 1:1; vrf-target target:1:1; routing-options { multipath { vpn-unequal-cost equal-external-internal; } } protocols { bgp { export direct; group bgp { type external; local-address 192.0.2.4; family inet { unicast; } neighbor 192.0.2.5 { peer-as 3; } } group bgp1 { type external; local-address 192.0.2.1; family inet { unicast; } neighbor 192.0.2.2 { peer-as 4; } } } pim { group-address 198.51.100.1; rp { static { address 10.255.8.168; } } interface all; join-load-balance; } } } }
If you are done configuring the device, enter commit from configuration mode.
Verification
Confirm that the configuration is working properly.
Verifying PIM Join Load Balancing for Different Groups of Join Messages
Purpose
Verify PIM join load balancing for the different groups of join messages received on the PE1 router.
Action
From operational mode, run the show pim join instance extensive command.
user@PE1>show pim join instance extensive
Instance: PIM.vpn1 Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
Group: 203.0.113.1
Source: *
RP: 10.255.8.168
Flags: sparse,rptree,wildcard
Upstream interface: ge-5/2/0.1
Upstream neighbor: 10.10.10.2
Upstream state: Join to RP
Downstream neighbors:
Interface: ge-5/0/4.0
10.40.10.2 State: Join Flags: SRW Timeout: 207
Group: 203.0.113.2
Source: *
RP: 10.255.8.168
Flags: sparse,rptree,wildcard
Upstream interface: mt-5/0/10.32768
Upstream neighbor: 19.19.19.19
Upstream state: Join to RP
Downstream neighbors:
Interface: ge-5/0/4.0
10.40.10.2 State: Join Flags: SRW Timeout: 207
Group: 203.0.113.3
Source: *
RP: 10.255.8.168
Flags: sparse,rptree,wildcard
Upstream interface: ge-5/2/0.1
Upstream neighbor: 10.10.10.2
Upstream state: Join to RP
Downstream neighbors:
Interface: ge-5/0/4.0
10.40.10.2 State: Join Flags: SRW Timeout: 207
Group: 203.0.113.4
Source: *
RP: 10.255.8.168
Flags: sparse,rptree,wildcard
Upstream interface: mt-5/0/10.32768
Upstream neighbor: 19.19.19.19
Upstream state: Join to RP
Downstream neighbors:
Interface: ge-5/0/4.0
10.40.10.2 State: Join Flags: SRW Timeout: 207
Meaning
The output shows how the PE1 router has load-balanced the C-PIM join messages for four different groups.
For Group 1 (group address: 203.0.113.1) and Group 3 (group address: 203.0.113.3) join messages, the PE1 router has selected the EBGP path toward the CE1 router to send the join messages.
For Group 2 (group address: 203.0.113.2) and Group 4 (group address: 203.0.113.4) join messages, the PE1 router has selected the IBGP path toward the PE2 router to send the join messages.