ON THIS PAGE
Example: Configuring Data MDTs and Provider Tunnels Operating in Source-Specific Multicast Mode
This example shows how to configure data multicast distribution trees (MDTs) for a provider edge (PE) router attached to a VPN routing and forwarding (VRF) instance in a draft-rosen Layer 3 multicast VPN operating in source-specific multicast (SSM) mode. The example is based on the Junos OS implementation of RFC 4364, BGP/MPLS IP Virtual Private Networks (VPNs) and on section 7 of the IETF Internet draft draft-rosen-vpn-mcast-07.txt, Multicast in MPLS/BGP IP VPNs.
Requirements
Before you begin:
Make sure that the routing devices support multicast tunnel (mt) interfaces.
A tunnel-capable PIC supports a maximum of 512 multicast tunnel interfaces. Both default and data MDTs contribute to this total. The default MDT uses two multicast tunnel interfaces (one for encapsulation and one for de-encapsulation). To enable an M Series or T Series router to support more than 512 multicast tunnel interfaces, another tunnel-capable PIC is required. See "Tunnel Services PICs and Multicast” and "Load Balancing Multicast Tunnel Interfaces Among Available PICs” in the Multicast Protocols User Guide.
Make sure that the PE router has been configured for a draft-rosen Layer 3 multicast VPN operating in SSM mode in the provider core.
In this type of multicast VPN, PE routers discover one another by sending MDT subsequent address family identifier (MDT-SAFI) BGP network layer reachability information (NLRI) advertisements. Key configuration statements for the master instance are highlighted in Table 1. Key configuration statements for the VRF instance to which your PE router is attached are highlighted in Table 2. For complete configuration details, see "Example: Configuring Source-Specific Multicast for Draft-Rosen Multicast VPNs" in the Multicast Protocols User Guide.
Overview
By using data MDTs in a Layer 3 VPN, you can prevent multicast packets from being flooded unnecessarily to specified provider edge (PE) routers within a VPN group. This option is primarily useful for PE routers in your Layer 3 VPN multicast network that have no receivers for the multicast traffic from a particular source.
When a PE router that is directly connected to the multicast source (also called the source PE) receives Layer 3 VPN multicast traffic that exceeds a configured threshold, a new data MDT tunnel is established between the PE router connected to the source site and its remote PE router neighbors.
The source PE advertises the new data MDT group as long as the source is active. The periodic announcement is sent over the default MDT for the VRF. Because the data MDT announcement is sent over the default tunnel, all the PE routers receive the announcement.
Neighbors that do not have receivers for the multicast traffic cache the advertisement of the new data MDT group but ignore the new tunnel. Neighbors that do have receivers for the multicast traffic cache the advertisement of the new data MDT group and also send a PIM join message for the new group.
The source PE encapsulates the VRF multicast traffic using the new data MDT group and stops the packet flow over the default multicast tree. If the multicast traffic level drops back below the threshold, the data MDT is torn down automatically and traffic flows back across the default multicast tree.
If a PE router that has not yet joined the new data MDT group receives a PIM join message for a new receiver for which (S,G) traffic is already flowing over the data MDT in the provider core, then that PE router can obtain the new group address from its cache and can join the data-MDT immediately without waiting up to 59 seconds for the next data MDT advertisement.
By default, automatic creation of data MDTs is disabled.
The following sections summarize the data MDT configuration statements used in this example and in the prerequisite configuration for this example:
In the master instance, the PE router’s prerequisite draft-rosen PIM-SSM multicast configuration includes statements that directly support the data MDT configuration you will enable in this example. Table 1 highlights some of these statements†.
Table 1: Data MDTS—Key Prerequisites in the Master Instance Statement
Description
[edit protocols] pim { interface (Protocols PIM) interface-name <options>; }
Enables the PIM protocol on PE router interfaces.
[edit protocols] bgp { group name { type internal; peer-as autonomous-system; neighbor address; family inet-mdt { signaling; } } }
[edit routing-options] autonomous-system autonomous-system;
In the internal BGP full mesh between PE routers in the VRF instance, enables the BGP protocol to carry MDT-SAFI NLRI signaling messages for IPv4 traffic in Layer 3 VPNs.
[edit routing-options] multicast { ssm-groups [ ip-addresses ]; }
(Optional) Configures one or more SSM groups to use inside the provider network in addition to the default SSM group address range of 232.0.0.0/8.
Note:For this example, it is assumed that you previously specified an additional SSM group address range of 239.0.0.0/8.
† This table contains only a partial list of the PE router configuration statements for a draft-rosen multicast VPN operating in SSM mode in the provider core. For complete configuration information about this prerequisite, see “Example: Configuring Source-Specific Multicast for Draft-Rosen Multicast VPNs” in the Multicast Protocols User Guide.
In the VRF instance to which the PE router is attached—at the
[edit routing-instances name]
hierarchy level—the PE router’s prerequisite draft-rosen PIM-SSM multicast configuration includes statements that directly support the data MDT configuration you will enable in this example. Table 2 highlights some of these statements‡.Table 2: Data MDTs—Key Prerequisites in the VRF Instance Statement
Description
[edit routing-instances name] instance-type vrf; vrf-target community;
Creates a VRF table (instance-name.mdt.0) that contains the routes originating from and destined for the Layer 3 VPN.
Creates a VRF export policy that automatically accepts routes from the instance-name.mdt.0 routing table. ensures proper PE autodiscovery using the inet-mdt address family
You must also configure the interface and
route-distinguisher
statements for this type of routing instance.[edit routing-instances name] protocols { pim { mvpn { family { inet | inet6 { autodiscovery { inet-mdt; } } } } } }
Configures the PE router in a VPN to use an MDT-SAFI NLRI for autodiscovery of other PE routers:
[edit routing-instances name] provider-tunnelfamily inet | inet6{ pim-ssm { group-address (Routing Instances) address; } }
Configures the PIM-SSM provider tunnel default MDT group address.
Note:For this example, it assumed that you previously configured the PIM-SSM provider tunnel default MDT for the VPN instance ce1 with the group address 239.1.1.1.
To verify the configuration of the default MDT tunnel for the VRF instance to which the PE router is attached, use the show pim mvpn operational mode command.
‡ This table contains only a partial list of the PE router configuration statements for a draft-rosen multicast VPN operating in SSM mode in the provider core. For complete configuration information about this prerequisite, see “Example: Configuring Source-Specific Multicast for Draft-Rosen Multicast VPNs” in the Multicast Protocols User Guide.
For a rosen 7 MVPN—a draft-rosen multicast VPN with provider tunnels operating in SSM mode—you configure data MDT creation for a tunnel multicast group by including statements under the PIM-SSM provider tunnel configuration for the VRF instance associated with the multicast group. Because data MDTs are specific to VPNs and VRF routing instances, you cannot configure MDT statements in the primary routing instance. Table 3 summarizes the data MDT configuration statements for PIM-SSM provider tunnels.
Table 3: Data MDTs for PIM-SSM Provider Tunnels in a Draft-Rosen MVPN Statement
Description
[edit routing-instances name] provider-tunnel family inet | inet6{{ mdt { group-range multicast-prefix; } }
Configures the IP group range used when a new data MDT needs to be created in the VRF instance on the PE router. This address range cannot overlap the default MDT addresses of any other VPNs on the router. If you configure overlapping group ranges, the configuration commit fails.
This statement has no default value. If you do not set the multicast-prefix to a valid, nonreserved multicast address range, then no data MDTs are created for this VRF instance.
Note:For this example, it is assumed that you previously configured the PE router to automatically select an address from the 239.10.10.0/24 range when a new data MDT needs to be initiated.
[edit routing-instances name] provider-tunnel family inet | inet6{{ mdt { tunnel-limit limit; } }
Configures the maximum number of data MDTs that can be created for the VRF instance.
The default value is 0. If you do not configure the limit to a non-zero value, then no data MDTs are created for this VRF instance.
The valid range is from 0 through 1024 for a VRF instance. There is a limit of 8000 tunnels for all data MDTs in all VRF instances on a PE router.
If the configured maximum number of data MDT tunnels is reached, then no new tunnels are created for the VRF instance, and traffic that exceeds the configured threshold is sent on the default MDT.
Note:For this example, you limit the number of data MDTs for the VRF instance to 10.
[edit routing-instances name] provider-tunnel family inet | inet6{{ mdt { threshold { group group-address { source source-address { rate threshold-rate; } } } } }
Configures a data rate for the multicast source of a default MDT. When the source traffic in the VRF instance exceeds the configured data rate, a new tunnel is created.
group group-address—Multicast group address of the default MDT that corresponds to a VRF instance to which the PE router is attached. The group-address explicit (all 32 bits of the address specified) or a prefix (network address and prefix length specified). This is typically a well-known address for a certain type of multicast traffic.
source source-address—Unicast IP prefix of one or more multicast sources in the specified default MDT group.
rate threshold-rate—Data rate for the multicast source to trigger the automatic creation of a data MDT. The data rate is specified in kilobits per second (Kbps).
The default threshold-rate is 10 kilobits per second (Kbps).
Note:For this example, you configure the following data MDT threshold:
Multicast group address or address range to which the threshold limits apply—224.0.9.0/32
Multicast source address or address range to which the threshold limits apply—10.1.1.2/32
Data rate—10 Kbps
When the traffic stops or the rate falls below the threshold value, the source PE router switches back to the default MDT.
Configuration
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see the Junos OS CLI User Guide.
- CLI Quick Configuration
- Enabling Data MDTs and PIM-SSM Provider Tunnels on the Local PE Router Attached to a VRF
- (Optional) Enabling Logging of Detailed Trace Information for Multicast Tunnel Interfaces on the Local PE Router
- Results
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste
them into a text file, remove any line breaks, change any details necessary to match your
network configuration, copy and paste the commands into the CLI at the [edit]
hierarchy
level and then enter commit
from configuration mode.
set routing-instances ce1 provider-tunnel family inet mdt group-range 239.10.10.0/24 set routing-instances ce1 provider-tunnel family inet mdt tunnel-limit 10 set routing-instances ce1 provider-tunnel family inet mdt threshold group 224.0.9.0/32 source 10.1.1.2/32 rate 10 set protocols pim traceoptions file trace-pim-mdt set protocols pim traceoptions file files 5 set protocols pim traceoptions file size 1m set protocols pim traceoptions file world-readable set protocols pim traceoptions flag mdt detail
Enabling Data MDTs and PIM-SSM Provider Tunnels on the Local PE Router Attached to a VRF
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
To configure the local PE router attached to the VRF instance ce1 in a PIM-SSM multicast VPN to initiate new data MDTs and provider tunnels for that VRF:
Enable configuration of provider tunnels operating in SSM mode.
[edit] user@host# edit routing-instances ce1 provider-tunnel
Configure the range of multicast IP addresses for new data MDTs.
[edit routing-instances ce1 provider-tunnel] user@host# set mdt group-range 239.10.10.0/24
Configure the maximum number of data MDTs for this VRF instance.
[edit routing-instances ce1 provider-tunnel] user@host# set mdt tunnel-limit 10
Configure the data MDT-creation threshold for a multicast group and source.
[edit routing-instances ce1 provider-tunnel] user@host# set mdt threshold group 224.0.9.0/32 source 10.1.1.2/32 rate 10
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Results
Confirm the configuration of data MDTs for PIM-SSM provider tunnels by entering
the show routing-instances
command from configuration mode. If the output does
not display the intended configuration, repeat the instructions in this procedure to correct
the configuration.
[edit] user@host# show routing-instances ce1 { instance-type vrf; vrf-target target:100:1; ... provider-tunnel { pim-ssm { group-address 239.1.1.1; } mdt { threshold { group 224.0.9.0/32 { source 10.1.1.2/32 { rate 10; } } } tunnel-limit 10; group-range 239.10.10.0/24; } } protocols { ... pim { mvpn { family { inet { autodiscovery { inet-mdt; } } } } } } } }
The show routing-instances
command output above does not show the complete
configuration of a VRF instance in a draft-rosen MVPN operating in SSM mode in the provider
core.
(Optional) Enabling Logging of Detailed Trace Information for Multicast Tunnel Interfaces on the Local PE Router
Step-by-Step Procedure
To enable logging of detailed trace information for all multicast tunnel interfaces on the local PE router:
Enable configuration of PIM tracing options.
[edit] user@host# set protocols pim traceoptions
Configure the trace file name, maximum number of trace files, maximum size of each trace file, and file access type.
[edit protocols pim traceoptions] set file trace-pim-mdt set file files 5 set file size 1m set file world-readable
Specify that messages related to multicast data tunnel operations are logged.
[edit protocols pim traceoptions] set flag mdt detail
If you are done configuring the device, commit the configuration.
[edit] user@host# commit
Results
Confirm the configuration of multicast tunnel logging by entering the show
protocols
command from configuration mode. If the output does not display the intended
configuration, repeat the instructions in this procedure to correct the configuration.
[edit] user@host# show protocols pim { traceoptions { file trace-pim-mdt size 1m files 5 world-readable; flag mdt detail; } interface lo0.0; ... }
Verification
To verify that the local PE router is managing data MDTs and PIM-SSM provider tunnels properly, perform the following tasks:
- Monitor Data MDTs Initiated for the Multicast Group
- Monitor Data MDT Group Addresses Cached by All PE Routers in the Multicast Group
- (Optional) View the Trace Log for Multicast Tunnel Interfaces
Monitor Data MDTs Initiated for the Multicast Group
Purpose
For the VRF instance ce1, check the incoming and outgoing tunnels established by the local PE router for the default MDT and monitor the data MDTs initiated by the local PE router.
Action
Use the show pim mdt instance ce1 detail operational mode command.
For the default MDT, the command displays details about the incoming and outgoing tunnels established by the local PE router for specific multicast source addresses in the multicast group using the default MDT and identifies the tunnel mode as PIM-SSM.
For the data MDTs initiated by the local PE router, the command identifies the multicast source using the data MDT, the multicast tunnel logical interface set up for the data MDT tunnel, the configured threshold rate, and current statistics.
Monitor Data MDT Group Addresses Cached by All PE Routers in the Multicast Group
Purpose
For the VRF instance ce1, check the data MDT group addresses cached by all PE routers that participate in the VRF.
Action
Use the show pim mdt data-mdt-joins instance ce1 operational mode command. The command output displays the information cached from MDT join TLV packets received by all PE routers participating in the specified VRF instance, including the current timeout value of each entry.
(Optional) View the Trace Log for Multicast Tunnel Interfaces
Purpose
If you configured logging of trace Information for multicast tunnel interfaces, you can trace the creation and tear-down of data MDTs on the local router through the mt interface-related activity in the log.
Action
To view the trace file, use the file show /var/log/trace-pim-mdt operational mode command.