JUNOSe 9.1.x Multicast Routing Configuration Guide > Configuring PIM for IPv4 Multicast > Creating Multicast VPNs

Creating Multicast VPNs

JUNOSe router software provides the ability to create multicast VPNs by using GRE tunnels. This implementation is based on Multicast in MPLS/BGP VPNs (draft-rosen-vpn-mcast-06.txt and draft-rosen-vpn-mcast-08.txt) and further defined by Base Specification for Multicast in MPLS/BGP VPNs (draft-raggarwa-13vpn-2547-mvpn-00.txt).

NOTE: Although you can configure PIM sparse mode remote neighbors, you can no longer use these remote neighbors for BGP/MPLS VPNs. For multicast VPNs, use the functionality described in this section.

The JUNOSe software supports default Multicast Distribution Trees (MDTs) and data MDTs.

Creating Multicast VPNs Using the Default MDT

The JUNOSe software does not support a single MDT command. Instead, you must configure the multicast tunnel interfaces (MTIs) explicitly. The MTI is an IP interface that is stacked on a GRE tunnel interface. The destination address of the GRE tunnel is the multicast VPN (MVPN) group address of the MDT.

A tunnel mdt command specifies that the tunnel is the MTI for the default MDT, enabling the creation of a second, layer 2 interface (interface tunnel gre:name.mdt) on which an unnumbered IP interface (tied to the provider edge loopback interface) is stacked in the context of the parent virtual router.

Multicast VPN Configuration Example

In the following example (Figure 12), customer edge router 1 (CE1) and customer edge router 2 (CE2) exist in two separate VPNs. Each VPN is configured with its assigned Multicast Domain (235.1.1.1 and 235.1.1.2, respectively).

Figure 12: Multicast VPNs

To better understand the example, keep the following in mind:

• Lp is a loopback interface in the parent router. This address is the loopback interface used as the BGP peer address of the provider edge router (PE). Its address is advertised in the provider address space.
• Tv is the MTI in the VRF. This interface is typically configured as a PIM sparse-mode interface (though you can configure it for dense-mode or sparse-dense-mode). Any packets that originate in the VRF are sent using the address of this interface as the source address. You must set this interface address to be identical to loopback interface of the parent router (Lp).
  

  CAUTION: Defining the Tv interface with an address other than the loopback interface of the parent router might restrict operation with non-Juniper Networks routers.

  
  
• Tp is an unnumbered IP interface that is tied to the loopback interface of the provider edge router (PE).

To configure the example, use the following general procedures:

NOTE: This example provides general information for configuring a simple Multicast VPN network. For detailed information about creating GRE tunnels, see JUNOSe IP Services Configuration Guide, Chapter 10, Configuring IP Tunnels. For detailed information about PIM sparse-mode configuration, see PIM Sparse Mode.

1. Configure BGP/MPLS VPN.

host1:PE2(config-router)#router bgp 100

host1:PE2(config-router)#address-family vpnv4 unicast

host1:PE2(config-router-af)#neighbor 1.1.1.1 activate

host1:PE2(config-router-af)#neighbor 1.1.1.1 next-hop-self

host1:PE2(config-router-af)#neighbor 3.3.3.3 activate

host1:PE2(config-router-af)#neighbor 3.3.3.3 next-hop-self

host1:PE2(config-router-af)#exit-address-family

See JUNOSe BGP and MPLS Configuration Guide, Chapter 3, Configuring BGP-MPLS Applications for details.

2. Configure PIM sparse mode in the core and RP for MVPN group addresses.
   

   NOTE: For MVPN, it is a typical practice to use shared trees.

   
   

host1:PE1(config-router)#virtual-router PE2 

host1:PE2(config)#ip multicast-routing 

host1:PE2(config)# 

host1:PE2(config)#! MDT RP is 72.72.72.72 (P1)

host1:PE2(config)#access-list 1 permit ip 235.0.0.0 0.255.255.255 any

host1:PE2(config)#ip pim rp-address 72.72.72.72 1

host1:PE2(config)# 

host1:PE2(config)#! Do not switch from RPT for MDTs

host1:PE2(config)#ip pim spt-threshold infinity group-list 1

host1:PE2(config)#

3. Configure the loopback interface, Lp, in parent router PE2.

host1:PE2(config)#interface loopback 0 

host1:PE2(config-if)#ip address 2.2.2.2 255.255.255.255

host1:PE2(config-if)#ip pim sparse-mode

host1:PE2(config-if)

 NOTE: You must configure the loopback interface for PIM sparse mode to support unnumbered MDTs.



 

4. Add PIM-SM to core-facing interfaces.

host1:PE2(config)#interface atm2/1.20 

host1:PE2(config-subif)#ip pim sparse-mode 

host1:PE2(config-subif)#

5. Extend the BGP router configuration to contribute VPN routes into the multicast router table of the VRF using the ip route-type both command.

host1:PE2(config)#router bgp 100

host1:PE2(config-router)#address-family ipv4 unicast vrf PE21

host1:PE2(config-router-af)#ip route-type both

host1:PE2(config-router-af)#exit

host1:PE2(config-router)#

6. Configure the GRE tunnel for VPN1.

host1(config)#interface tunnel gre:MTI-21 transport-virtual-router PE2

host1(config-if)#tunnel source 2.2.2.2

host1(config-if)#tunnel destination 235.1.1.1

host1(config-if)#tunnel mdt

host1(config-if)#exit

host1(config)#

7. Configure the GRE tunnel for VPN2

host1(config)#interface tunnel gre:MTI-22 transport-virtual-router PE2

thost1(config-if)#tunnel source 2.2.2.2

host1(config-if)#tunnel destination 235.1.1.2

host1(config-if)#tunnel mdt

host1(config-if)#exit

host1(config)#

8. Configure the IP interface (Tv) in PE2:CE1 as a PIM sparse-mode interface with the address of the loopback interface.

host1(config)#virtual-router PE2:CE21

host1:PE2:CE21(config)#interface tunnel gre:MTI-21

host1:PE2:CE21(config)#ip address 2.2.2.2 255.255.255.255

host1:PE2:CE21(config)#ip pim sparse-mode

host1:PE2:CE21(config)#exit

host1:PE2:CE21#

9. Configure the IP interface (Tv) in PE2:CE2 as a PIM sparse-mode interface with the address of the loopback interface (same as the loopback 0 address for PE2).

host1:PE2:CE21(config)#interface loopback 0 

host1:PE2:CE21(config-if)#ip address 2.2.2.2 255.255.255.255

host1:PE2:CE21(config-if)#exit

host1:PE2:CE21(config)#exit

host1:PE2:CE21#virtual-router PE2:CE22

host1:PE2:CE22#configuration terminal

host1:PE2:CE22(config)#interface tunnel gre:MTI-22

host1:PE2:CE22(config)#ip unnumbered loopback 0

host1:PE2:CE22(config)#ip pim sparse-mode

host1:PE2:CE22(config)#exit

host1:PE2:CE22#

10. Configure the Tp interfaces as unnumbered IP interfaces.

host1(config)#interface tunnel gre:MTI-21.mdt

host1(config-if)#ip unnumbered loopback 0

host1(config-if)#ip pim sparse-mode

host1(config-if)#exit

host1(config)#

host1(config)#interface tunnel gre:MTI-22.mdt

host1(configif)#ip unnumbered loopback 0

host1(config-if)#ip pim sparse-mode

host1(config-if)#exit

host1(config)#

tunnel mdt

• Use to enable multicast distribution tree operation so the IP tunnel component can create an MDT interface. This command functions for GRE interfaces only.
• Example

host1(config-if)#tunnel mdt

• The no version disables MDT on the interface.

Creating Multicast VPNs Using the Data MDT

A data multicast distribution tree (MDT), based on section 8 of Internet draft draft-rosen-vpn-mcast-08.txt, Multicast in MPLS/BGP IP VPNs, solves the problem of P routers flooding unnecessary multicast information to PE routers that have no interested receivers for a particular VPN multicast group. The data MDT solution requires the creation of a new tunnel by the PE router if the source exceeds a configured rate threshold parameter. All other PE routers join the new tunnel only if the PE router has receivers in the VPN for that multicast group.

The JUNOSe software uses dynamic point-to-multipoint GRE tunnels to configure data MDTs. In the current release, IPv6 transport over GRE (unicast or multicast) is not supported. For more information, see JUNOSe IP Services Configuration Guide, Chapter 11, Configuring Dynamic IP Tunnels.

Data MDTs are established using PIM-SM (shared RP Trees) and PIM-SSM (Source Trees). Profiles for dynamic interfaces in the VRF are restricted to sparse-mode only.

Data MDT Sources

A C-SG flow arriving in the source VRF is a candidate for a data MDT if the system matches the C-SG in the route map that you specify for the data MDT using the ip pim data-mdt command. The C-SG flow is initially forwarded on the default MDT. The system creates the data MDT when the flow rate exceeds a value you configure in the route map using the set threshold command.

When the Source C-PIM-SM first creates a data MDT for a C-SG flow, it sends a <C-SG, P-G> MDT join message with type, length, value (TLV) format to the default MDT. This message invites peer PE routers to join the new data MDT. It starts a timer that you can configure using the mdt-data-delay command to track the number of seconds before switching to the data MDT. When that timer expires, C-PIM-SM switches from sending C-SG data on the default MDT to sending data on the data MDT.

When the C-SG flow is switched to the data MDT, the Source C-PIM-SM starts a timer that you can configure using the mdt-data-holddown command to track the number of seconds before switching to the default MDT. When the timer expires, the data MDT is deleted and the C-SG flow switched back to the default MDT if the flow rate drops back below the threshold. If the flow rate exceeds the threshold, the timer restarts. If the timer expires and the flow rate is below the threshold, the data MDT is removed.

The Source C-PIM-SM maintains sent MDT Join TLV messages in its database as long as they are active. While the data MDT is active, C-PIM-SM resends that MLD Join TLV message using a setting that you can configure using the mdt-interval command to measure time in seconds between successive MLD join TLV messages.

Data MDT Receivers

When the Receiver C-PIM-SM receives a <C-SG, P-G> MDT Join TLV message from the default MDT, it extracts the C-SG and the data MDT P-Group address from the TLV and queries the route map that you specified for the data MDT to determine whether the C-SG is a candidate for a data MDT. If it matches, the C-PIM-SM adds the MDT Join TLV to its database and records the time.

If the Receiver C-PIM-SM does not receive an MDT Join TLV<C-SG, P-G> to refresh its database within the amount of time specified for the timeout in the mdt-data-timeout command, the MDT Join TLV<C-SG> is removed from the database and the associated data MDT is removed.

When a new MDT Join TLV<C-SG, P-G> is added to the database, the Receiver C-PIM-SM determines whether it has an SG, SPT state. If it has an SG state, and the incoming interface (IIF) is the default MDT, then C-PIM-SM creates the data MDT and deletes the corresponding forwarding entry. C-PIM-SM waits for the source to transmit data on the data MDT. During this period, data can continue to be received on the default MDT. C-PIM-SM fails the reverse-path forwarding (RPF) check, which results in a forwarding entry with a discarded IIF.

If the C-SG,SPT state is created (either as a result of a C-SSM join or switch from RPT to SPT), and it is the default MDT, the Receiver C-PIM-SM determines whether an MDT Join TLV<C-SG> is active. If it is, C-PIM-SM creates the data MDT.

Establishing a Data MDT Using ASM or SSM

A data MDT carries one C-SG flow. If the data MDTs are established using any-source multicast (ASM), then the P-Group address selected by a PE for the data MDT must be unique to that PE in the MDT (that is, the range of MDT P-Group addresses available in the core must be administratively divided among all the PEs that will source VPN multicasts). The VRFs in a PE must share the P-Group addresses in the assigned range for the PE.

If the data MDTs are established using single-source multicast (SSM), you must configure VRFs to transmit on a tunnel using the same MDT P-Group address. Each VRF transmits using a unique P-Source address; however, each data MDT created by the VRF must use a different P-Group address. There might be one sender data MDT and possibly many receiver data MDTs sharing an IP tunnel. Each PE can assign MDT P-Groups from the same range, but the P-Group addresses must be administratively divided among the VPNs.

For a receiver on the data MDT, P-PIM-SM joins the data MDT by propagating join state into the core. The P-Group for that join is extracted from the MDT Join TLV. If SSM is not activated or the P-Group is not in the SSM group range, P-PIM-SM performs a <*, G> join towards the RP for that P-Group.

If SSM is activated and the P-Group is in the SSM group range, P-PIM-SM performs an <S, G> join towards the P-Source, where the P-Source address is the SA of the MDT Join TLV.

Configuring Data MDTs

To configure data MDTs:

1. Configure a dynamic interface profile to specify the PIM configuration of the IP/MTI interface in the VRF.

host1(config)#profile pe13DataMdtMti

host1(config-profile)#ip virtual-router "pe1:pe13"

host1(config-profile)#ip unnumbered loopback 0

host1(config-profile)#ip pim sparse-mode

2. Configure a dynamic interface profile to specify the IP/MDT interface in the parent.

host1(config-profile)#profile pe1DataMdtMdt

host1(config-profile)#ip virtual-router pe1

host1(config-profile)#ip unnumbered loopback 0

host1(config-profile)#ip pim sparse-mode

3. Configure the destination profile for dynamic IP tunnel creation.

host1(config-profile)#gre destination profile pe13DataMdtProfile 

virtual-router pe1

host1(config-dest-profile)#tunnel destination subnet 233.3.0.0 255.255.0.0

host1(config-dest-profile)#tunnel source 1.1.1.1

host1(config-dest-profile)#tunnel mdt profile pe1DataMdtMdt

host1(config-dest-profile)#profile pe13DataMdtMti

host1(config-dest-profile)#virtual-router pe1

For more information about creating dynamic IP tunnels, see JUNOSe IP 
Services Configuration Guide, Chapter 11, Configuring Dynamic IP Tunnels.

4. Configure the VRF, including an access list to match <S,G> and <*,G> entries.

host1:pe1(config)#ip vrf pe13

host1:pe1(config-vrf)#rd 100:13

host1:pe1(config-vrf)#route-target both 100:3

host1:pe1(config-vrf)#interface tunnel gre:MTI-13.mdt

host1:pe1(config-if)# ip unnumbered loopback 0

host1:pe1(config-if)# ip pim sparse-mode

host1:pe1(config-if)#access-list pe13DataMdt permit ip any 225.1.0.0 
0.0.255.255

5. Specify a route map to configure the set of (S, G) for which data MDTs can be created, and the threshold to be applied for each SG.

host1:pe1(config)#route-map pe13MdtThresholds permit 10

host1:pe1(config-route-map)#match ip address pe13DataMdtSend

host1:pe1(config-route-map)#set threshold 0

host1:pe1(config-route-map)#route-map pe13MdtThresholds permit 20

host1:pe1(config-route-map)#match ip address pe13DataMdt

6. Configure the group address pools in the route map.

host1:pe1(config-route-map)#ip pim group-address-pool pe13DataMdtGroups 
233.3.1.0 233.3.1.255

If the data MDTs are established using ASM, you must divide the range of available MDT P-Group addresses so that PEs source VPN multicasts. All VRFs in a PE draw from a single address pool that contains the range of group addresses assigned to that PE.

If the data MDTs are established using SSM, you can configure VRFs to transmit on a tunnel using the same MDT P-Group address. Each VRF transmits using a unique P-Source address; however, each data MDT created by the VRF must use a different P-Group address. There might be one sender data MDT and possibly many receiver data MDTs sharing an IP tunnel.

For SSM, each PE can assign MDT P-Groups from the same range, but the 
P-Group addresses must be administratively divided among the VPNs.

7. Configure the tunnel for the VRF.

host1:pe1(config)#virtual-router pe1:pe13

host1:pe1:pe13(config)#interface tunnel gre:MTI-13 transport-virtual-router pe1

host1:pe1:pe13(config)#tunnel source 1.1.1.1

host1:pe1:pe13(config)#tunnel destination 235.3.3.3

host1:pe1:pe13(config)#tunnel mdt

host1:pe1:pe13(config)#ip unnumbered loopback 0

host1:pe1:pe13(config)#ip pim sparse-mode

8. Configure the data MDT.

host1:pe1:pe13(config)#ip pim data-mdt

host1:pe1:pe13(config-ip-pim-data-mdt)#tunnel source 1.1.1.1

host1:pe1:pe13(config-ip-pim-data-mdt)#tunnel group-address-pool 
pe13DataMdtG$

host1:pe1:pe13(config-ip-pim-data-mdt)#route-map pe13MdtThresholds

ip pim

• Use to enable PIM on an interface.
• Example

host1(config-if)#ip pim sparse-dense-mode

• Use the no version to disable PIM on an interface.

ip pim data-mdt

• Use to activate data MDTs and enter IP PIM Data MDT Configuration mode.
• Example

host1(config)#ip pim data-mdt

• Use the no version to deactivate data MDTs.

ip pim group-address-pool

• Use to configure PIM group address pools from which data MDT group addresses are allocated.
• Example

host1(config)#ip pim group-address-pool pe21DataMDT 232.1.0.0 
232.2.255.255

• There is no no version.

mdt-data-delay

• Use to configure a delay before switching to data MDT.
• The delay is measured by 0.1 seconds; the default is 30.
• Example

host1(ip-pim-data-mdt-config)#mdt-data-delay 20

• Use the no version to return to the default.

mdt-data-holddown

• Use to configure the time in seconds before switching to the default MDT group from the data MDT group.
• The default is 60.
• Example

host1(ip-pim-data-mdt-config)#mdt-data-holddown 200

• Use the no version to return to the default.

mdt-data-timeout

• Use to configure the time in seconds before the flow leaves the data MDT group.
• The default is 180.
• Example

host1(ip-pim-data-mdt-config)#mdt-data-timeout 160

• Use the no version to return to the default.

mdt-interval

• Use to configure the time in seconds between successive MLD join TLV messages.
• The default is 60.
• Example

host1(ip-pim-data-mdt-config)#mdt-interval 80

• Use the no version to return to the default.

set threshold

• Use to configure a threshold value for multicast VPN applications, including default MDT and data MDT.
• Example

host1(config)#set threshold 30

• Use the no version to remove the threshold.

tunnel group-address-pool

• Use to configure a group address pool for a data MDT tunnel.
• Example

host1(ip-pim-data-mdt-config)#tunnel group-address-pool dataMDT1

• Use the no version to delete the group address pool.