Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Configuring Data MDTs and Provider Tunnels Operating in Source-Specific Multicast Mode

This example shows how to configure data multicast distribution trees (MDTs) for a provider edge (PE) router attached to a VPN routing and forwarding (VRF) instance in a draft-rosen Layer 3 multicast VPN operating in source-specific multicast (SSM) mode. The example is based on the Junos OS implementation of RFC 4364, BGP/MPLS IP Virtual Private Networks (VPNs) and on section 7 of the IETF Internet draft draft-rosen-vpn-mcast-07.txt, Multicast in MPLS/BGP IP VPNs.

Requirements

Before you begin:

  • Make sure that the routing devices support multicast tunnel (mt) interfaces.

    A tunnel-capable PIC supports a maximum of 512 multicast tunnel interfaces. Both default and data MDTs contribute to this total. The default MDT uses two multicast tunnel interfaces (one for encapsulation and one for de-encapsulation). To enable an M Series or T Series router to support more than 512 multicast tunnel interfaces, another tunnel-capable PIC is required. See “Tunnel Services PICs and Multicast” and “Load Balancing Multicast Tunnel Interfaces Among Available PICs” in the Multicast Protocols User Guide .

  • Make sure that the PE router has been configured for a draft-rosen Layer 3 multicast VPN operating in SSM mode in the provider core.

    In this type of multicast VPN, PE routers discover one another by sending MDT subsequent address family identifier (MDT-SAFI) BGP network layer reachability information (NLRI) advertisements. Key configuration statements for the master instance are highlighted in Table 1. Key configuration statements for the VRF instance to which your PE router is attached are highlighted in Table 2. For complete configuration details, see “Example: Configuring Source-Specific Multicast for Draft-Rosen Multicast VPNs” in the Multicast Protocols User Guide .

Overview

By using data MDTs in a Layer 3 VPN, you can prevent multicast packets from being flooded unnecessarily to specified provider edge (PE) routers within a VPN group. This option is primarily useful for PE routers in your Layer 3 VPN multicast network that have no receivers for the multicast traffic from a particular source.

  • When a PE router that is directly connected to the multicast source (also called the source PE) receives Layer 3 VPN multicast traffic that exceeds a configured threshold, a new data MDT tunnel is established between the PE router connected to the source site and its remote PE router neighbors.

  • The source PE advertises the new data MDT group as long as the source is active. The periodic announcement is sent over the default MDT for the VRF. Because the data MDT announcement is sent over the default tunnel, all the PE routers receive the announcement.

  • Neighbors that do not have receivers for the multicast traffic cache the advertisement of the new data MDT group but ignore the new tunnel. Neighbors that do have receivers for the multicast traffic cache the advertisement of the new data MDT group and also send a PIM join message for the new group.

  • The source PE encapsulates the VRF multicast traffic using the new data MDT group and stops the packet flow over the default multicast tree. If the multicast traffic level drops back below the threshold, the data MDT is torn down automatically and traffic flows back across the default multicast tree.

  • If a PE router that has not yet joined the new data MDT group receives a PIM join message for a new receiver for which (S,G) traffic is already flowing over the data MDT in the provider core, then that PE router can obtain the new group address from its cache and can join the data-MDT immediately without waiting up to 59 seconds for the next data MDT advertisement.

By default, automatic creation of data MDTs is disabled.

The following sections summarize the data MDT configuration statements used in this example and in the prerequisite configuration for this example:

  • In the master instance, the PE router’s prerequisite draft-rosen PIM-SSM multicast configuration includes statements that directly support the data MDT configuration you will enable in this example. Table 1 highlights some of these statements.

    Table 1: Data MDTS—Key Prerequisites in the Master Instance

    Statement

    Description

    [edit protocols]
    pim {
        interface (Protocols PIM)  interface-name <options>;
    }
    

    Enables the PIM protocol on PE router interfaces.

    [edit protocols]
    bgp {
        group name {
            type internal;
            peer-as autonomous-system;
            neighbor address;
            family inet-mdt {
                signaling;
            }
        }
    }
    
    [edit routing-options]
    autonomous-system autonomous-system;
    

    In the internal BGP full mesh between PE routers in the VRF instance, enables the BGP protocol to carry MDT-SAFI NLRI signaling messages for IPv4 traffic in Layer 3 VPNs.

    [edit routing-options]
    multicast {
        ssm-groupsip-addresses ];
    }
    

    (Optional) Configures one or more SSM groups to use inside the provider network in addition to the default SSM group address range of 232.0.0.0/8.

    Note:

    For this example, it is assumed that you previously specified an additional SSM group address range of 239.0.0.0/8.

     This table contains only a partial list of the PE router configuration statements for a draft-rosen multicast VPN operating in SSM mode in the provider core. For complete configuration information about this prerequisite, see “Example: Configuring Source-Specific Multicast for Draft-Rosen Multicast VPNs” in the Multicast Protocols User Guide .

  • In the VRF instance to which the PE router is attached—at the [edit routing-instances name] hierarchy level—the PE router’s prerequisite draft-rosen PIM-SSM multicast configuration includes statements that directly support the data MDT configuration you will enable in this example. Table 2 highlights some of these statements.

    Table 2: Data MDTs—Key Prerequisites in the VRF Instance

    Statement

    Description

    [edit routing-instances name]
    instance-type vrf;
    vrf-target community;
    

    Creates a VRF table (instance-name.mdt.0) that contains the routes originating from and destined for the Layer 3 VPN.

    Creates a VRF export policy that automatically accepts routes from the instance-name.mdt.0 routing table. ensures proper PE autodiscovery using the inet-mdt address family

    You must also configure the interface and route-distinguisher statements for this type of routing instance.

    [edit routing-instances name]
    protocols {
        pim {
            mvpn {
                family {
                    inet | inet6 {
                        autodiscovery {
                            inet-mdt;
                            }
                        }
                    }
            }
        }
    }
    

    Configures the PE router in a VPN to use an MDT-SAFI NLRI for autodiscovery of other PE routers:

    [edit routing-instances name]
    provider-tunnelfamily inet | inet6{
        pim-ssm {
            group-address (Routing Instances) address;
        }
    }
    

    Configures the PIM-SSM provider tunnel default MDT group address.

    Note:

    For this example, it assumed that you previously configured the PIM-SSM provider tunnel default MDT for the VPN instance ce1 with the group address 239.1.1.1.

    To verify the configuration of the default MDT tunnel for the VRF instance to which the PE router is attached, use the show pim mvpn operational mode command.

     This table contains only a partial list of the PE router configuration statements for a draft-rosen multicast VPN operating in SSM mode in the provider core. For complete configuration information about this prerequisite, see “Example: Configuring Source-Specific Multicast for Draft-Rosen Multicast VPNs” in the Multicast Protocols User Guide .

  • For a rosen 7 MVPN—a draft-rosen multicast VPN with provider tunnels operating in SSM mode—you configure data MDT creation for a tunnel multicast group by including statements under the PIM-SSM provider tunnel configuration for the VRF instance associated with the multicast group. Because data MDTs are specific to VPNs and VRF routing instances, you cannot configure MDT statements in the primary routing instance. Table 3 summarizes the data MDT configuration statements for PIM-SSM provider tunnels.

    Table 3: Data MDTs for PIM-SSM Provider Tunnels in a Draft-Rosen MVPN

    Statement

    Description

    [edit routing-instances name]
    provider-tunnel family inet | inet6{{
        mdt {
            group-range multicast-prefix;
        }
    }
    

    Configures the IP group range used when a new data MDT needs to be created in the VRF instance on the PE router. This address range cannot overlap the default MDT addresses of any other VPNs on the router. If you configure overlapping group ranges, the configuration commit fails.

    This statement has no default value. If you do not set the multicast-prefix to a valid, nonreserved multicast address range, then no data MDTs are created for this VRF instance.

    Note:

    For this example, it is assumed that you previously configured the PE router to automatically select an address from the 239.10.10.0/24 range when a new data MDT needs to be initiated.

    [edit routing-instances name]
    provider-tunnel family inet | inet6{{
        mdt {
            tunnel-limit limit;
        }
    }
    

    Configures the maximum number of data MDTs that can be created for the VRF instance.

    The default value is 0. If you do not configure the limit to a non-zero value, then no data MDTs are created for this VRF instance.

    The valid range is from 0 through 1024 for a VRF instance. There is a limit of 8000 tunnels for all data MDTs in all VRF instances on a PE router.

    If the configured maximum number of data MDT tunnels is reached, then no new tunnels are created for the VRF instance, and traffic that exceeds the configured threshold is sent on the default MDT.

    Note:

    For this example, you limit the number of data MDTs for the VRF instance to 10.

    [edit routing-instances name]
    provider-tunnel family inet | inet6{{
        mdt {
            threshold {
                group group-address {
                    source source-address {
                        rate threshold-rate;
                    }
                }
            }
        }
    }
    

    Configures a data rate for the multicast source of a default MDT. When the source traffic in the VRF instance exceeds the configured data rate, a new tunnel is created.

    • group group-address—Multicast group address of the default MDT that corresponds to a VRF instance to which the PE router is attached. The group-address explicit (all 32 bits of the address specified) or a prefix (network address and prefix length specified). This is typically a well-known address for a certain type of multicast traffic.

    • source source-address—Unicast IP prefix of one or more multicast sources in the specified default MDT group.

    • rate threshold-rate—Data rate for the multicast source to trigger the automatic creation of a data MDT. The data rate is specified in kilobits per second (Kbps).

      The default threshold-rate is 10 kilobits per second (Kbps).

    Note:

    For this example, you configure the following data MDT threshold:

    • Multicast group address or address range to which the threshold limits apply—224.0.9.0/32

    • Multicast source address or address range to which the threshold limits apply—10.1.1.2/32

    • Data rate—10 Kbps

      When the traffic stops or the rate falls below the threshold value, the source PE router switches back to the default MDT.

Topology

Figure 1 shows a default MDT.

Figure 1: Default MDTDefault MDT

Figure 2 shows a data MDT.

Figure 2: Data MDTData MDT

Configuration

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see the Junos OS CLI User Guide.

CLI Quick Configuration

To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level and then enter commit from configuration mode.

Enabling Data MDTs and PIM-SSM Provider Tunnels on the Local PE Router Attached to a VRF

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.

To configure the local PE router attached to the VRF instance ce1 in a PIM-SSM multicast VPN to initiate new data MDTs and provider tunnels for that VRF:

  1. Enable configuration of provider tunnels operating in SSM mode.

  2. Configure the range of multicast IP addresses for new data MDTs.

  3. Configure the maximum number of data MDTs for this VRF instance.

  4. Configure the data MDT-creation threshold for a multicast group and source.

  5. If you are done configuring the device, commit the configuration.

Results

Confirm the configuration of data MDTs for PIM-SSM provider tunnels by entering the show routing-instances command from configuration mode. If the output does not display the intended configuration, repeat the instructions in this procedure to correct the configuration.

Note:

The show routing-instances command output above does not show the complete configuration of a VRF instance in a draft-rosen MVPN operating in SSM mode in the provider core.

(Optional) Enabling Logging of Detailed Trace Information for Multicast Tunnel Interfaces on the Local PE Router

Step-by-Step Procedure

To enable logging of detailed trace information for all multicast tunnel interfaces on the local PE router:

  1. Enable configuration of PIM tracing options.

  2. Configure the trace file name, maximum number of trace files, maximum size of each trace file, and file access type.

  3. Specify that messages related to multicast data tunnel operations are logged.

  4. If you are done configuring the device, commit the configuration.

Results

Confirm the configuration of multicast tunnel logging by entering the show protocols command from configuration mode. If the output does not display the intended configuration, repeat the instructions in this procedure to correct the configuration.

Verification

To verify that the local PE router is managing data MDTs and PIM-SSM provider tunnels properly, perform the following tasks:

Monitor Data MDTs Initiated for the Multicast Group

Purpose

For the VRF instance ce1, check the incoming and outgoing tunnels established by the local PE router for the default MDT and monitor the data MDTs initiated by the local PE router.

Action

Use the show pim mdt instance ce1 detail operational mode command.

For the default MDT, the command displays details about the incoming and outgoing tunnels established by the local PE router for specific multicast source addresses in the multicast group using the default MDT and identifies the tunnel mode as PIM-SSM.

For the data MDTs initiated by the local PE router, the command identifies the multicast source using the data MDT, the multicast tunnel logical interface set up for the data MDT tunnel, the configured threshold rate, and current statistics.

Monitor Data MDT Group Addresses Cached by All PE Routers in the Multicast Group

Purpose

For the VRF instance ce1, check the data MDT group addresses cached by all PE routers that participate in the VRF.

Action

Use the show pim mdt data-mdt-joins instance ce1 operational mode command. The command output displays the information cached from MDT join TLV packets received by all PE routers participating in the specified VRF instance, including the current timeout value of each entry.

(Optional) View the Trace Log for Multicast Tunnel Interfaces

Purpose

If you configured logging of trace Information for multicast tunnel interfaces, you can trace the creation and tear-down of data MDTs on the local router through the mt interface-related activity in the log.

Action

To view the trace file, use the file show /var/log/trace-pim-mdt operational mode command.