[an error occurred while processing this directive][an error occurred while processing this directive]

Example: Configuring PIM Sparse Mode over Layer 3 VPNs

This section describes how to configure multicast in PIM sparse mode for a range of multicast addresses for VPN-A as shown in Figure 1.

Figure 1: Customer Edge and Service Provider Networks

Image g017128.gif

  1. Configure PIM on the P router. The P router acts as the P (RP) router in this example. Specify the P router's address (10.255.71.47) at the [edit protocols pim rp local] hierarchy level.
    protocols {pim {dense-groups {224.0.1.39/32;224.0.1.40/32;}rp {local {address 10.255.71.47;}}interface all {mode sparse;version 2;}interface fxp0.0 {disable;}}}
  2. Configure PIM on the provider edge 1 (PE1) router. Specify a static route to the service provider RP—the P router (10.255.71.47).
    protocols {pim {rp {static {address 10.255.71.47;}}interface all {mode sparse;version 2;}interface fxp0.0 {disable;}}}
  3. Configure PIM on the provider edge 2 (PE2) router. Specify a static route to the service provider RP—the P router (10.255.71.47).
    protocols {pim {rp {static {address 10.255.71.47;}}interface all {mode sparse;version 2;}interface fxp0.0 {disable;}}}
  4. Configure PIM on the customer edge (CE1) router. Specify the RP address for the VPN RP—router CE2 (10.255.245.91).
    protocols {pim {rp {static {address 10.255.245.91;}}interface all {mode sparse;version 2;}interface fxp0.0 {disable;}}}
  5. Configure PIM on the customer edge 2 (CE2) router, which acts as the VPN RP. Specify router CE2's address (10.255.245.91) at the [edit protocols pim rp local] hierarchy level:
    protocols {pim {rp {local {address 10.255.245.91;}}interface all {mode sparse;version 2;}interface fxp0.0 {disable;}}}
  6. Configure the routing instance (VPN-A) for the Layer 3 VPN on router PE1. As part of the configuration, you need to establish the PIM instance for the VPN. Include the vpn-group-address statement at the [edit routing-instances routing-instance-name protocols pim] hierarchy level to specify the VPN group address, which is needed for multicast over a Layer 3 VPN configuration.

    Set the RP configuration for the VRF instance at the [edit routing-instances routing-instance-name protocols pim] hierarchy level. The RP configuration within the VRF instance provides explicit knowledge of the RP address, so that the (*,G) state can be forwarded.

    For JUNOS Software Release 5.5 or later, configure an additional unit on the loopback interface of the PE router at the [edit interfaces] hierarchy level, and assign an address from the VPN address space. Then add the newly created loopback interface in two places:

    • Routing instance (VPN-A) at the [edit routing-instances routing-instance-name] hierarchy level.
    • Routing instance (VPN-A) at the [edit routing-instances routing-instance-name protocols pim] hierarchy level.

    Also, add the loopback interface to the IGP and Border Gateway Protocol (BGP) policies to advertise the interface in the VPN address space. For more information about how to configure a logical unit on a loopback interface, see the JUNOS VPNs Configuration Guide.

    In multicast Layer 3 VPNs, the multicast PE routers must use the primary loopback address (or router ID) for sessions with their internal BGP peers. If the PE routers use a route reflector and the next hop is configured as self, Layer 3 multicast over VPN will not work, because PIM cannot transmit upstream interface information for multicast sources behind remote PEs into the network core. Multicast Layer 3 VPNs require that the BGP next-hop address of the VPN route match the BGP next-hop address of the loopback VRF instance address.

    routing-instances {VPN-A {instance-type vrf;interface t1-1/0/0:0.0;interface lo0.1;route-distinguisher 10.255.71.46:100;vrf-import VPNA-import;vrf-export VPNA-export;protocols {ospf {export bgp-to-ospf;area 0.0.0.0 {interface t1-1/0/0:0.0;interface lo0.1;}}pim {vpn-group-address 239.1.1.1;rp {static {address 10.255.245.91;}}interface t1-1/0/0:0.0 {mode sparse;version 2;interface lo0.1 {mode sparse;version 2;}}}}}interfaces {lo0 {description "unit 1 has the important PIM address";unit 0 {family inet {address 192.168.27.13/32;primary;address 127.0.0.1/32;}}unit 1 {family inet {address 10.10.47.101/32;}}}}}

    Note: Multicast Layer 3 VPNs require the BGP next-hop address of the VPN route to match the BGP next-hop address of the loopback VRF instance address.

  7. Configure the routing instance (VPN-A) for the Layer 3 VPN on the PE2 router. You need to set the PIM instance for the VPN. Include the vpn-group-address statement at the [edit routing-instances routing-instance-name protocols pim] hierarchy level to specify the VPN group address, which is used for multicast over a Layer 3 VPN configuration. As you did for the PE1 router, configure an additional unit on the loopback interface of the PE2 router at the [edit interfaces] hierarchy level and assign an address from the VPN address space.
    routing-instances {VPN-A {instance-type vrf;interface t1-2/0/0:0.0;interface lo0.1;route-distinguisher 10.255.71.51:100;vrf-import VPNA-import;vrf-export VPNA-export;protocols {ospf {export bgp-to-ospf;area 0.0.0.0 {interface t1-2/0/0:0.0;interface lo0.1;}}pim {vpn-group-address 239.1.1.1;rp {static {address 10.255.245.91;}}interface t1-2/0/0:0.0 {mode sparse;version 2;interface lo0.1 {mode sparse;version 2;}}}}}interfaces {lo0 {description "unit 1 has the important PIM address";unit 0 {family inet {address 192.168.27.14/32;primary;address 127.0.0.1/32;}}unit 1 {family inet {address 10.10.47.102/32;}}}}}

    Note: Multicast Layer  3 VPNs require that the BGP next-hop address of the VPN route match the BGP next-hop address of the loopback VRF instance address.

  8. When one of the PE routers is running Cisco Systems IOS software, you must configure the Juniper Networks PE router to support this multicast interoperability requirement. The Juniper Networks PE router must have the lo0.0 interface in the master routing instance and the lo0.1 interface assigned to the VPN routing instance. You must configure the lo0.1 interface with the same IP address that the lo0.0 interface uses for BGP peering in the provider core in the master routing instance.

    Configure the same IP address on the lo0.0 and lo0.1 loopback interfaces of the Juniper Networks PE router at the [edit interfaces lo0] hierarchy level, and assign the address used for BGP peering in the provider core in the master routing instance.

    lo0 {description "unit 0 and unit 1 configured for Cisco IOS interoperability";unit 0 {family inet {address 192.168.27.14/32;primary;address 127.0.0.1/32;}}unit 1 {family inet {address 192.168.27.14/32;}}}
  9. Configure the multicast routing table group by including the VPNA-mcast-rib statement at the [edit routing-options] hierarchy level. This group accesses inet.2 when doing RPF checks. However, if you are using inet.0 for multicast RPF checks, this step will prevent your multicast configuration from working.

    You must also include the interface routes in inet.2. For more information about creating routing table groups, see the JUNOS Routing Protocols Configuration Guide.

    routing-options {interface-routes {rib-group VPNA-mcast-rib;}rib-groups {VPNA-mcast-rib {export-rib VPN-A.inet.2;import-rib VPN-A.inet.2;}}}
  10. After you configure the multicast routing table group, activate it by including the rib-group inet VPNA-mcast-rib statement at the [edit routing-instances instance-name protocols pim] hierarchy level of the VPN's VRF instance.
    routing-instances {VPN-A {protocols {pim {rib-group inet VPNA-mcast-rib;}}}}
  11. Display multicast tunnel information and the number of neighbors, using the show pim interfaces instance instance-name command from the PE1 or PE2 router. When issued from the PE1 router, the output display is:

    user@host> show pim interfaces instance VPN-A
    Instance: PIM.VPN-A
    Name                   Stat Mode       IP V State Count DR address
    lo0.1                  Up   Sparse      4 2 DR        0 10.10.47.101
    mt-1/1/0.32769         Up   Sparse      4 2 DR        1
    mt-1/1/0.49154         Up   Sparse      4 2 DR        0
    pe-1/1/0.32769         Up   Sparse      4 1 P2P       0
    t1-2/1/0:0.0           Up   Sparse      4 2 P2P       1
    

    You can also display all PE tunnel interfaces, using the show pim join command from the provider router acting as the RP.

  12. Display multicast tunnel interface information, DR information, and the PIM neighbor status between VRF instances on PE1 and PE2, using the show pim neighbors instance instance-name command from either PE router. When issued from the PE1 router, the output display is:

    user@host> show pim neighbors instance VPN-A
    Instance: PIM.VPN-A
    Interface           IP V Mode        Option      Uptime Neighbor addr
    mt-1/1/0.32769       4 2             HPL       01:40:46 10.10.47.102
    t1-1/0/0:0.0         4 2             HPL       01:41:41 192.168.196.178
    

For information about configuring VPNs, see the JUNOS VPNs Configuration Guide.


Published: 2010-04-16

[an error occurred while processing this directive]