ON THIS PAGE
Understanding Multiprotocol BGP-Based Multicast VPNs: Next-Generation
Example: Configuring Point-to-Multipoint LDP LSPs as the Data Plane for Intra-AS MBGP MVPNs
Example: Configuring Ingress Replication for IP Multicast Using MBGP MVPNs
Example: Configuring a PIM-SSM Provider Tunnel for an MBGP MVPN
Example: Configuring BGP Route Flap Damping Based on the MBGP MVPN Address Family
Configuring Multiprotocol BGP Multicast VPNs
Understanding Multiprotocol BGP-Based Multicast VPNs: Next-Generation
Multiprotocol BGP-based multicast VPNs (also referred to as next-generation Layer 3 VPN multicast) constitute the next evolution after dual multicast VPNs (draft-rosen) and provide a simpler solution for administrators who want to configure multicast over Layer 3 VPNs.
The main characteristics of multiprotocol BGP-based multicast VPNs are:
They extend Layer 3 VPN service (RFC 2547) to support IP multicast for Layer 3 VPN service providers.
They follow the same architecture as specified by RFC 2547 for unicast VPNs. Specifically, BGP is used as the control plane.
They eliminate the requirement for the virtual router (VR) model, which is specified in Internet draft draft-rosen-vpn-mcast, Multicast in MPLS/BGP VPNs, for multicast VPNs.
They rely on RFC-based unicast with extensions for intra-AS and inter-AS communication.
Multiprotocol BGP-based VPNs are defined by two sets of sites: a sender set and a receiver set. Hosts within a receiver site set can receive multicast traffic and hosts within a sender site set can send multicast traffic. A site set can be both receiver and sender, which means that hosts within such a site can both send and receive multicast traffic. Multiprotocol BGP-based VPNS can span organizations (so the sites can be intranets or extranets), can span service providers, and can overlap.
Site administrators configure multiprotocol BGP-based VPNs based on customer requirements and the existing BGP and MPLS VPN infrastructure.
Route Reflector Behavior in MVPNs
BGP-based multicast VPN (MVPN) customer multicast routes are aggregated by route reflectors. A route reflector (RR) might receive a customer multicast route with the same NLRI from more than one provider edge (PE) router, but the RR readvertises only one such NLRI. If the set of PE routers that advertise this NLRI changes, the RR does not update the route. This minimizes route churn. To achieve this, the RR sets the next hop to self. In addition, the RR sets the originator ID to itself. The RR avoids unnecessary best-path computation if it receives a subsequent customer multicast route for an NLRI that the RR is already advertising. This allows aggregation of source active and customer multicast routes with the same MVPN NLRI.
See Also
Example: Configuring Point-to-Multipoint LDP LSPs as the Data Plane for Intra-AS MBGP MVPNs
This example shows how to configure point-to-multipoint (P2MP) LDP label-switched paths (LSPs) as the data plane for intra-autonomous system (AS) multiprotocol BGP (MBGP) multicast VPNs (MVPNs). This feature is well suited for service providers who are already running LDP in the MPLS backbone and need MBGP MVPN functionality.
Requirements
Before you begin:
Configure the router interfaces. See the Junos OS Network Interfaces Library for Routing Devices.
Configure an interior gateway protocol or static routing. See the Junos OS Routing Protocols Library for Routing Devices.
Configure a BGP-MVPN control plane. See MBGP-Based Multicast VPN Trees in the Multicast Protocols User Guide .
Configure LDP as the signaling protocol on all P2MP provider and provider-edge routers. See LDP Operation in the Junos OS MPLS Applications User Guide.
Configure P2MP LDP LSPs as the provider tunnel technology on each PE router in the MVPN that belongs to the sender site set. See the Junos OS MPLS Applications User Guide.
Configure either a virtual loopback tunnel interface (requires a Tunnel PIC) or the
vrf-table-labelstatement in the MVPN routing instance. If you configure thevrf-table-labelstatement, you can configure an optional virtual loopback tunnel interface as well.In an extranet scenario when the egress PE router belongs to multiple MVPN instances, all of which need to receive a specific multicast stream, a virtual loopback tunnel interface (and a Tunnel PIC) is required on the egress PE router. See Configuring Virtual Loopback Tunnels for VRF Table Lookup in the in the Junos OS Services Interfaces Library for Routing Devices.
If the egress PE router is also a transit router for the point-to-multipoint LSP, a virtual loopback tunnel interface (and a Tunnel PIC) is required on the egress PE router. See Configuring Virtual Loopback Tunnels for VRF Table Lookup in the Multicast Protocols User Guide .
Some extranet configurations of MBGP MVPNs with point-to-multicast LDP LSPs as the data plane require a virtual loopback tunnel interface (and a Tunnel PIC) on egress PE routers. When an egress PE router belongs to multiple MVPN instances, all of which need to receive a specific multicast stream, the
vrf-table-tablestatement cannot be used. In Figure 1, the CE1 and CE2 routers belong to different MVPNs. However, they want to receive a multicast stream being sent by Source. If thevrf-table-labelstatement is configured on Router PE2, the packet cannot be forwarded to both CE1 and CE2. This causes packet loss. The packet is forwarded to both Routers CE1 and CE2 if a virtual loopback tunnel interface is used in both MVPN routing instances on Router PE2. Thus, you need to set up a virtual loopback tunnel interface if you are using an extranet scenario wherein the egress PE router belongs to multiple MVPN instances that receive a specific multicast stream, or if you are using the egress PE router as a transit router for the point-to-multipoint LSP.Note:Starting in Junos OS Release 15.1X49-D50 and Junos OS Release 17.3R1, the
vrf-table-labelstatement allows mapping of the inner label to a specific Virtual Routing and Forwarding (VRF). This mapping allows examination of the encapsulated IP header at an egress VPN router. For SRX Series Firewalls, thevrf-table-labelstatement is currently supported only on physical interfaces. As a workaround, deactivatevrf-table-labelor use physical interfaces.Figure 1: Extranet Configuration of MBGP MVPN with P2MP LDP LSPs as Data Plane
See Configuring Virtual Loopback Tunnels for VRF Table Lookup for more information.
Overview
This topic describes how P2MP LDP LSPs can be configured as the data plane for intra-AS selective provider tunnels. Selective P2MP LSPs are triggered only based on the bandwidth threshold of a particular customer’s multicast stream. A separate P2MP LDP LSP is set up for a given customer source and customer group pair (C-S, C-G) by a PE router. The C-S is behind the PE router that belongs in the sender site set. Aggregation of intra-AS selective provider tunnels across MVPNs is not supported.
When you configure selective provider tunnels, leaves discover the P2MP LSP root as follows. A PE router with a receiver for a customer multicast stream behind it needs to discover the identity of the PE router (and the provider tunnel information) with the source of the customer multicast stream behind it. This information is auto-discovered dynamically using the S-PMSI AD routes originated by the PE router with the C-S behind it.
The Junos OS also supports P2MP LDP LSPs as the data plane for intra-AS inclusive provider tunnels. These tunnels are triggered based on the MVPN configuration. A separate P2MP LSP LSP is set up for a given MVPN by a PE router that belongs in the sender site set. This PE router is the root of the P2MP LSP. Aggregation of intra-AS inclusive provider tunnels across MVPNs is not supported.
When you configure inclusive provider tunnels, leaves discover the P2MP LSP root as follows. A PE router with a receiver site for a given MVPN needs to discover the identities of PE routers (and the provider tunnel information) with sender sites for that MVPN. This information is auto-discovered dynamically using the intra-AS auto-discovery routes originated by the PE routers with sender sites.
Topology
Figure 2 shows the topology used in this example.
In Figure 2, the routers perform the following functions:
R1 and R2 are provider (P) routers.
R0, R3, R4, and R5 are provider edge (PE) routers.
MBGP MVPN is configured on all PE routers.
Two VPNs are defined: green and red.
Router R0 serves both green and red CE routers in separate routing instances.
Router R3 is connected to a green CE router.
Router R5 is connected to overlapping green and red CE routers in a single routing instance.
Router R4 is connected to overlapping green and red CE routers in a single routing instance.
OSPF and multipoint LDP (mLDP) are running in the core.
Router R1 is a route reflector (RR), and router R2 is a redundant RR.
Routers R0, R3, R4, and R5 are client internal BGP (IBGP) peers.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set protocols ldp interface fe-0/2/1.0 set protocols ldp interface fe-0/2/3.0 set protocols ldp p2mp set routing-instance red instance-type vrf set routing-instance red interface vt-0/1/0.1 set routing-instance red interface lo0.1 set routing-instance red route-distinguisher 10.254.1.1:1 set routing-instance red provider-tunnel ldp-p2mp set routing-instance red provider-tunnel selective group 224.1.1.1/32 source 192.168.1.1/32 ldp-p2mp
Procedure
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
To configure P2MP LDP LSPs as the data plane for intra-AS MBGP MVPNs:
Configure LDP on all routers.
[edit protocols ldp] user@host# set interface fe-0/2/1.0 user@host# set interface fe-0/2/3.0 user@host# set p2mp
Configure the provider tunnel.
[edit routing-instance red ] user@host# set instance-type vrf user@host# set interface vt-0/1/0.1 user@host# set interface lo0.1 user@host# set route-distinguisher 10.254.1.1:1 user@host# set provider-tunnel ldp-p2mp
Configure the selective provider tunnel.
user@host# set provider-tunnel selective group 224.1.1.1/32 source 192.168.1.1/32 ldp-p2mp
If you are done configuring the device, commit the configuration.
user@host# commit
Results
From configuration mode, confirm your configuration by entering the show protocols and show routing-intances commands. If the output does not display the intended configuration, repeat the configuration instructions in this example to correct it.
user@host# show protocols
ldp {
interface fe-0/2/1.0;
interface fe-0/2/3.0;
p2mp;
}
user@host# show routing-instances
red {
instance-type vrf;
interface vt-0/1/0.1;
interface lo0.1;
route-distinguisher 10.254.1.1:1;
provider-tunnel {
ldp-p2mp;
}
selective {
group 224.1.1.1/32 {
source 192.168.1.1/32 {
ldp-p2mp;
}
}
}
}
}
Verification
To verify the configuration, run the following commands:
ping mpls ldp p2mp to ping the end points of a P2MP LSP.
show ldp database to display LDP P2MP label bindings and to ensure that the LDP P2MP LSP is signaled.
show ldp session detail to display the LDP capabilities exchanged with the peer. The Capabilities advertised and Capabilities received fields should include p2mp.
show ldp traffic-statistics p2mp to display the data traffic statistics for the P2MP LSP.
show mvpn instance, show mvpn neighbor, and show mvpn c-multicast to display multicast VPN routing instance information and to ensure that the LDP P2MP LSP is associated with the MVPN as the S-PMSI.
show multicast route instance detail on PE routers to ensure that traffic is received by all the hosts and to display statistics on the receivers.
show route label label detail to display the P2MP forwarding equivalence class (FEC) if the label is an input label for an LDP P2MP LSP.
Example: Configuring Ingress Replication for IP Multicast Using MBGP MVPNs
Requirements
The routers used in this example are Juniper Networks M Series Multiservice Edge Routers, T Series Core Routers, or MX Series 5G Universal Routing Platforms. When using ingress replication for IP multicast, each participating router must be configured with BGP for control plane procedures and with ingress replication for the data provider tunnel, which forms a full mesh of MPLS point-to-point LSPs. The ingress replication tunnel can be selective or inclusive, depending on the configuration of the provider tunnel in the routing instance.
Overview
The ingress-replication provider tunnel type uses
unicast tunnels between routers to create a multicast distribution
tree.
The mpls-internet-multicast routing instance type uses
ingress replication provider tunnels to carry IP multicast data between
routers through an MPLS cloud, using MBGP (or Next Gen) MVPN. Ingress
replication can also be configured when using MVPN to carry multicast
data between PE routers.
The mpls-internet-multicast routing instance is a non-forwarding
instance used only for control plane procedures. It does not support
any interface configurations. Only one mpls-internet-multicast routing instance can be defined for a logical system. All
multicast and unicast routes used for IP multicast are associated
only with the default routing instance (inet.0), not with
a configured routing instance. The mpls-internet-multicast routing instance type is configured for the default master
instance on each router, and is also included at the [edit protocols
pim] hierarchy level in the default instance.
For each mpls-internet-multicast routing instance, the ingress-replication statement is required under the provider-tunnel statement and also under the [edit routing-instances routing-instance-name provider-tunnel selective group
source] hierarchy level.
When a new destination needs to be added to the ingress replication provider tunnel, the resulting behavior differs depending on how the ingress replication provider tunnel is configured:
create-new-ucast-tunnel—When this statement is configured, a new unicast tunnel to the destination is created, and is deleted when the destination is no longer needed. Use this mode for RSVP LSPs using ingress replication.label-switched-path-template (Multicast)—When this statement is configured, an LSP template is used for the for the point-to-multipoint LSP for ingress replication.
Topology
The IP topology consists of routers on the edge of the IP multicast domain. Each router has a set of IP interfaces configured toward the MPLS cloud and a set of interfaces configured toward the IP routers. See Figure 3. Internet multicast traffic is carried between the IP routers, through the MPLS cloud, using ingress replication tunnels for the data plane and a full-mesh IBGP session for the control plane.
Configuration
Procedure
CLI Quick Configuration
To quickly configure this example, copy the
following commands, paste them into a text file, remove any line breaks,
change any details necessary to match your network configuration,
and then copy and paste the commands into the CLI at the [edit] hierarchy level.
Border Router C
set protocols mpls ipv6-tunneling set protocols mpls interface all set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 10.255.10.61 set protocols bgp group ibgp family inet unicast set protocols bgp group ibgp family inet-vpn any set protocols bgp group ibgp family inet6 unicast set protocols bgp group ibgp family inet6-vpn any set protocols bgp group ibgp family inet-mvpn signaling set protocols bgp group ibgp family inet6-mvpn signaling set protocols bgp group ibgp export to-bgp set protocols bgp group ibgp neighbor 10.255.10.97 set protocols bgp group ibgp neighbor 10.255.10.55 set protocols bgp group ibgp neighbor 10.255.10.57 set protocols bgp group ibgp neighbor 10.255.10.59 set protocols ospf traffic-engineering set protocols ospf area 0.0.0.0 interface fxp0.0 disable set protocols ospf area 0.0.0.0 interface lo0.0 set protocols ospf area 0.0.0.0 interface so-1/3/1.0 set protocols ospf area 0.0.0.0 interface so-0/3/0.0 set protocols ospf3 area 0.0.0.0 interface lo0.0 set protocols ospf3 area 0.0.0.0 interface so-1/3/1.0 set protocols ospf3 area 0.0.0.0 interface so-0/3/0.0 set protocols ldp interface all set protocols pim rp static address 192.0.2.2 set protocols pim rp static address 2::192.0.2.2 set protocols pim interface fe-0/1/0.0 set protocols pim mpls-internet-multicast set routing-instances test instance-type mpls-internet-multicast set routing-instances test provider-tunnel ingress-replication label-switched-path set routing-instances test protocols mvpn
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
The following example shows how to configure ingress replication
on an IP multicast instance with the routing instance type mpls-internet-multicast. Additionally, this example shows how to configure a selective provider
tunnel that selects a new unicast tunnel each time a new destination
needs to be added to the multicast distribution tree.
This example shows the configuration of the link between Border Router C and edge IP Router C, from which Border Router C receives PIM join messages.
Enable MPLS.
[edit protocols mpls] user@Border_Router_C# set ipv6-tunneling user@Border_Router_C# set interface all
Configure a signaling protocol, such as RSVP or LDP.
[edit protocols ldp] user@Border_Router_C# set interface all
Configure a full-mesh of IBGP peering sessions.
[edit protocols bgp group ibgp] user@Border_Router_C# set type internal user@Border_Router_C# set local-address 10.255.10.61 user@Border_Router_C# set neighbor 10.255.10.97 user@Border_Router_C# set neighbor 10.255.10.55 user@Border_Router_C# set neighbor 10.255.10.57 user@Border_Router_C# set neighbor 10.255.10.59 user@Border_Router_C# set export to-bgp
Configure the multiprotocol BGP-related settings so that the BGP sessions carry the necessary NLRI.
[edit protocols bgp group ibgp] user@Border_Router_C# set family inet unicast user@Border_Router_C# set family inet-vpn any user@Border_Router_C# set family inet6 unicast user@Border_Router_C# set family inet6-vpn any user@Border_Router_C# set family inet-mvpn signaling user@Border_Router_C# set family inet6-mvpn signaling
Configure an interior gateway protocol (IGP).
This example shows a dual stacking configuration with OSPF and OSPF version 3 configured on the interfaces.
[edit protocols ospf3] user@Border_Router_C# set area 0.0.0.0 interface lo0.0 user@Border_Router_C# set area 0.0.0.0 interface so-1/3/1.0 user@Border_Router_C# set area 0.0.0.0 interface so-0/3/0.0 [edit protocols ospf] user@Border_Router_C# set traffic-engineering user@Border_Router_C# set area 0.0.0.0 interface fxp0.0 disable user@Border_Router_C# set area 0.0.0.0 interface lo0.0 user@Border_Router_C# set area 0.0.0.0 interface so-1/3/1.0 user@Border_Router_C# set area 0.0.0.0 interface so-0/3/0.0
Configure a global PIM instance on the interface facing the edge device.
PIM is not configured in the core.
[edit protocols pim] user@Border_Router_C# set rp static address 192.0.2.2 user@Border_Router_C# set rp static address 2::192.0.2.2 user@Border_Router_C# set interface fe-0/1/0.0 user@Border_Router_C# set mpls-internet-multicast
Configure the ingress replication provider tunnel to create a new unicast tunnel each time a destination needs to be added to the multicast distribution tree.
[edit routing-instances test] user@Border_Router_C# set instance-type mpls-internet-multicast user@Border_Router_C# set provider-tunnel ingress-replication label-switched-path user@Border_Router_C# set protocols mvpn
Note:Alternatively, use the label-switched-path-template statement to configure a point-to-point LSP for the ingress tunnel.
Configure the point-to-point LSP to use the default template settings (this is needed only when using RSVP tunnels). For example:
[edit routing-instances test provider-tunnel] user@Border_Router_C# set ingress-replication label-switched-path label-switched-path-template default-template user@Border_Router_C# set selective group 203.0.113.0/24 source 192.168.195.145/32 ingress-replication label-switched-path
Commit the configuration.
user@Border_Router_C# commit
Results
From configuration mode, confirm your configuration by issuing
the show protocols and show routing-instances command. If the output does not display the intended configuration,
repeat the instructions in this example to correct the configuration.
user@Border_Router_C# show protocols
mpls {
ipv6-tunneling;
interface all;
}
bgp {
group ibgp {
type internal;
local-address 10.255.10.61;
family inet {
unicast;
}
family inet-vpn {
any;
}
family inet6 {
unicast;
}
family inet6-vpn {
any;
}
family inet-mvpn {
signaling;
}
family inet6-mvpn {
signaling;
}
export to-bgp; ## 'to-bgp' is not defined
neighbor 10.255.10.97;
neighbor 10.255.10.55;
neighbor 10.255.10.57;
neighbor 10.255.10.59;
}
}
ospf {
traffic-engineering;
area 0.0.0.0 {
interface fxp0.0 {
disable;
}
interface lo0.0;
interface so-1/3/1.0;
interface so-0/3/0.0;
}
}
ospf3 {
area 0.0.0.0 {
interface lo0.0;
interface so-1/3/1.0;
interface so-0/3/0.0;
}
}
ldp {
interface all;
}
pim {
rp {
static {
address 192.0.2.2;
address 2::192.0.2.2;
}
}
interface fe-0/1/0.0;
mpls-internet-multicast;
}
user@Border_Router_C# show routing-instances
test {
instance-type mpls-internet-multicast;
provider-tunnel {
ingress-replication {
label-switched-path;
}
}
protocols {
mvpn;
}
}
Verification
Confirm that the configuration is working properly. The following operational output is for LDP ingress replication SPT-only mode. The multicast source behind IP Router B. The multicast receiver is behind IP Router C.
- Checking the Ingress Replication Status on Border Router C
- Checking the Routing Table for the MVPN Routing Instance on Border Router C
- Checking the MVPN Neighbors on Border Router C
- Checking the PIM Join Status on Border Router C
- Checking the Multicast Route Status on Border Router C
- Checking the Ingress Replication Status on Border Router B
- Checking the Routing Table for the MVPN Routing Instance on Border Router B
- Checking the MVPN Neighbors on Border Router B
- Checking the PIM Join Status on Border Router B
- Checking the Multicast Route Status on Border Router B
Checking the Ingress Replication Status on Border Router C
Purpose
Use the show ingress-replication mvpn command
to check the ingress replication status.
Action
user@Border_Router_C> show ingress-replication mvpn
Ingress Tunnel: mvpn:1
Application: MVPN
Unicast tunnels
Leaf Address Tunnel-type Mode State
10.255.10.61 P2P LSP Existing Up
Meaning
The ingress replication is using a point-to-point LSP, and is in the Up state.
Checking the Routing Table for the MVPN Routing Instance on Border Router C
Purpose
Use the show route table command to check
the route status.
Action
user@Border_Router_C> show route table test.mvpn
test.mvpn.0: 5 destinations, 7 routes (5 active, 1 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1:0:0:10.255.10.61/240
*[BGP/170] 00:45:55, localpref 100, from 10.255.10.61
AS path: I, validation-state: unverified
> via so-2/0/1.0
1:0:0:10.255.10.97/240
*[MVPN/70] 00:47:19, metric2 1
Indirect
5:0:0:32:192.168.195.106:32:198.51.100.1/240
*[PIM/105] 00:06:35
Multicast (IPv4) Composite
[BGP/170] 00:06:35, localpref 100, from 10.255.10.61
AS path: I, validation-state: unverified
> via so-2/0/1.0
6:0:0:1000:32:192.0.2.2:32:198.51.100.1/240
*[PIM/105] 00:07:03
Multicast (IPv4) Composite
7:0:0:1000:32:192.168.195.106:32:198.51.100.1/240
*[MVPN/70] 00:06:35, metric2 1
Multicast (IPv4) Composite
[PIM/105] 00:05:35
Multicast (IPv4) Composite
test.mvpn-inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1:0:0:10.255.10.61/432
*[BGP/170] 00:45:55, localpref 100, from 10.255.10.61
AS path: I, validation-state: unverified
> via so-2/0/1.0
1:0:0:10.255.10.97/432
*[MVPN/70] 00:47:19, metric2 1
Indirect
Meaning
The expected routes are populating the test.mvpn routing table.
Checking the MVPN Neighbors on Border Router C
Purpose
Use the show mvpn neighbor command to check
the neighbor status.
Action
user@Border_Router_C> show mvpn neighbor
MVPN instance:
Legend for provider tunnel
S- Selective provider tunnel
Legend for c-multicast routes properties (Pr)
DS -- derived from (*, c-g) RM -- remote VPN route
Family : INET
Instance : test
MVPN Mode : SPT-ONLY
Neighbor Inclusive Provider Tunnel
10.255.10.61 INGRESS-REPLICATION:MPLS Label 16:10.255.10.61
MVPN instance:
Legend for provider tunnel
S- Selective provider tunnel
Legend for c-multicast routes properties (Pr)
DS -- derived from (*, c-g) RM -- remote VPN route
Family : INET6
Instance : test
MVPN Mode : SPT-ONLY
Neighbor Inclusive Provider Tunnel
10.255.10.61 INGRESS-REPLICATION:MPLS Label 16:10.255.10.61
Checking the PIM Join Status on Border Router C
Purpose
Use the show pim join extensive command
to check the PIM join status.
Action
user@Border_Router_C> show pim join extensive
Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
Group: 198.51.100.1
Source: *
RP: 192.0.2.2
Flags: sparse,rptree,wildcard
Upstream interface: Local
Upstream neighbor: Local
Upstream state: Local RP
Uptime: 00:07:49
Downstream neighbors:
Interface: ge-3/0/6.0
192.0.2.2 State: Join Flags: SRW Timeout: Infinity
Uptime: 00:07:49 Time since last Join: 00:07:49
Number of downstream interfaces: 1
Group: 198.51.100.1
Source: 192.168.195.106
Flags: sparse
Upstream protocol: BGP
Upstream interface: Through BGP
Upstream neighbor: Through MVPN
Upstream state: Local RP, Join to Source, No Prune to RP
Keepalive timeout: 69
Uptime: 00:06:21
Number of downstream interfaces: 0
Instance: PIM.master Family: INET6
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
Checking the Multicast Route Status on Border Router C
Purpose
Use the show multicast route extensive command
to check the multicast route status.
Action
user@Border_Router_C> show multicast route extensive
Instance: master Family: INET
Group: 198.51.100.1
Source: 192.168.195.106/32
Upstream interface: lsi.0
Downstream interface list:
ge-3/0/6.0
Number of outgoing interfaces: 1
Session description: NOB Cross media facilities
Statistics: 18 kBps, 200 pps, 88907 packets
Next-hop ID: 1048577
Upstream protocol: MVPN
Route state: Active
Forwarding state: Forwarding
Cache lifetime/timeout: forever
Wrong incoming interface notifications: 0
Uptime: 00:07:25
Instance: master Family: INET6
Checking the Ingress Replication Status on Border Router B
Purpose
Use the show ingress-replication mvpn command
to check the ingress replication status.
Action
user@Border_Router_B> show ingress-replication mvpn
Ingress Tunnel: mvpn:1
Application: MVPN
Unicast tunnels
Leaf Address Tunnel-type Mode State
10.255.10.97 P2P LSP Existing Up
Meaning
The ingress replication is using a point-to-point LSP, and is in the Up state.
Checking the Routing Table for the MVPN Routing Instance on Border Router B
Purpose
Use the show route table command to check
the route status.
Action
user@Border_Router_B> show route table test.mvpn
test.mvpn.0: 5 destinations, 7 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1:0:0:10.255.10.61/240
*[MVPN/70] 00:49:26, metric2 1
Indirect
1:0:0:10.255.10.97/240
*[BGP/170] 00:48:22, localpref 100, from 10.255.10.97
AS path: I, validation-state: unverified
> via so-1/3/1.0
5:0:0:32:192.168.195.106:32:198.51.100.1/240
*[PIM/105] 00:09:02
Multicast (IPv4) Composite
[BGP/170] 00:09:02, localpref 100, from 10.255.10.97
AS path: I, validation-state: unverified
> via so-1/3/1.0
7:0:0:1000:32:192.168.195.106:32:198.51.100.1/240
*[PIM/105] 00:09:02
Multicast (IPv4) Composite
[BGP/170] 00:09:02, localpref 100, from 10.255.10.97
AS path: I, validation-state: unverified
> via so-1/3/1.0
test.mvpn-inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1:0:0:10.255.10.61/432
*[MVPN/70] 00:49:26, metric2 1
Indirect
1:0:0:10.255.10.97/432
*[BGP/170] 00:48:22, localpref 100, from 10.255.10.97
AS path: I, validation-state: unverified
> via so-1/3/1.0
Meaning
The expected routes are populating the test.mvpn routing table.
Checking the MVPN Neighbors on Border Router B
Purpose
Use the show mvpn neighbor command to check
the neighbor status.
Action
user@Border_Router_B> show mvpn neighbor
MVPN instance:
Legend for provider tunnel
S- Selective provider tunnel
Legend for c-multicast routes properties (Pr)
DS -- derived from (*, c-g) RM -- remote VPN route
Family : INET
Instance : test
MVPN Mode : SPT-ONLY
Neighbor Inclusive Provider Tunnel
10.255.10.97 INGRESS-REPLICATION:MPLS Label 16:10.255.10.97
MVPN instance:
Legend for provider tunnel
S- Selective provider tunnel
Legend for c-multicast routes properties (Pr)
DS -- derived from (*, c-g) RM -- remote VPN route
Family : INET6
Instance : test
MVPN Mode : SPT-ONLY
Neighbor Inclusive Provider Tunnel
10.255.10.97 INGRESS-REPLICATION:MPLS Label 16:10.255.10.97
Checking the PIM Join Status on Border Router B
Purpose
Use the show pim join extensive command
to check the PIM join status.
Action
user@Border_Router_B> show pim join extensive
Instance: PIM.master Family: INET
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
Group: 198.51.100.1
Source: 192.168.195.106
Flags: sparse,spt
Upstream interface: fe-0/1/0.0
Upstream neighbor: Direct
Upstream state: Local Source
Keepalive timeout: 0
Uptime: 00:09:39
Downstream neighbors:
Interface: Pseudo-MVPN
Uptime: 00:09:39 Time since last Join: 00:09:39
Number of downstream interfaces: 1
Instance: PIM.master Family: INET6
R = Rendezvous Point Tree, S = Sparse, W = Wildcard
Checking the Multicast Route Status on Border Router B
Purpose
Use the show multicast route extensive command
to check the multicast route status.
Action
user@Border_Router_B> show multicast route extensive
Instance: master Family: INET
Group: 198.51.100.1
Source: 192.168.195.106/32
Upstream interface: fe-0/1/0.0
Downstream interface list:
so-1/3/1.0
Number of outgoing interfaces: 1
Session description: NOB Cross media facilities
Statistics: 18 kBps, 200 pps, 116531 packets
Next-hop ID: 1048580
Upstream protocol: MVPN
Route state: Active
Forwarding state: Forwarding
Cache lifetime/timeout: forever
Wrong incoming interface notifications: 0
Uptime: 00:09:43
Example: Configuring MBGP Multicast VPNs
This example provides a step-by-step procedure to configure multicast services across a multiprotocol BGP (MBGP) Layer 3 virtual private network. (also referred to as next-generation Layer 3 multicast VPNs)
Requirements
This example uses the following hardware and software components:
Junos OS Release 9.2 or later
Five M Series, T Series, TX Series, or MX Series Juniper routers
One host system capable of sending multicast traffic and supporting the Internet Group Management Protocol (IGMP)
One host system capable of receiving multicast traffic and supporting IGMP
Depending on the devices you are using, you might be required to configure static routes to:
The multicast sender
The Fast Ethernet interface to which the sender is connected on the multicast receiver
The multicast receiver
The Fast Ethernet interface to which the receiver is connected on the multicast sender
Overview and Topology
This example shows how to configure the following technologies:
IPv4
BGP
OSPF
RSVP
MPLS
PIM sparse mode
Static RP
Topology
The topology of the network is shown in Figure 4.
Configuration
In any configuration session, it is a good practice to
periodically verify that the configuration can be committed using
the commit check command.
In this example, the router being configured is identified using the following command prompts:
CE1identifies the customer edge 1 (CE1) routerPE1identifies the provider edge 1 (PE1) routerPidentifies the provider core (P) routerCE2identifies the customer edge 2 (CE2) routerPE2identifies the provider edge 2 (PE2) router
To configure MBGP multicast VPNs for the network shown in Figure 4, perform the following steps:
- Configuring Interfaces
- Configuring OSPF
- Configuring BGP
- Configuring RSVP
- Configuring MPLS
- Configuring the VRF Routing Instance
- Configuring PIM
- Configuring the Provider Tunnel
- Configuring the Rendezvous Point
- Results
Configuring Interfaces
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.
On each router, configure an IP address on the loopback logical interface 0 (
lo0.0).[edit interfaces] user@CE1# set lo0 unit 0 family inet address 192.168.6.1/32 primary user@PE1# set lo0 unit 0 family inet address 192.168.7.1/32 primary user@P# set lo0 unit 0 family inet address 192.168.8.1/32 primary user@PE2# set lo0 unit 0 family inet address 192.168.9.1/32 primary user@CE2# set lo0 unit 0 family inet address 192.168.0.1/32 primary
Use the
show interfaces tersecommand to verify that the IP address is correct on the loopback logical interface.On the PE and CE routers, configure the IP address and protocol family on the Fast Ethernet interfaces. Specify the
inetprotocol family type.[edit interfaces] user@CE1# set fe-1/3/0 unit 0 family inet address 10.10.12.1/24 user@CE1# set fe-0/1/0 unit 0 family inet address 10.0.67.13/30 [edit interfaces] user@PE1# set fe-0/1/0 unit 0 family inet address 10.0.67.14/30 [edit interfaces] user@PE2# set fe-0/1/0 unit 0 family inet address 10.0.90.13/30 [edit interfaces] user@CE2# set fe-0/1/0 unit 0 family inet address 10.0.90.14/30 user@CE2# set fe-1/3/0 unit 0 family inet address 10.10.11.1/24
Use the
show interfaces tersecommand to verify that the IP address is correct on the Fast Ethernet interfaces.On the PE and P routers, configure the ATM interfaces' VPI and maximum virtual circuits. If the default PIC type is different on directly connected ATM interfaces, configure the PIC type to be the same. Configure the logical interface VCI, protocol family, local IP address, and destination IP address.
[edit interfaces] user@PE1# set at-0/2/0 atm-options pic-type atm1 user@PE1# set at-0/2/0 atm-options vpi 0 maximum-vcs 256 user@PE1# set at-0/2/0 unit 0 vci 0.128 user@PE1# set at-0/2/0 unit 0 family inet address 10.0.78.5/32 destination 10.0.78.6 [edit interfaces] user@P# set at-0/2/0 atm-options pic-type atm1 user@P# set at-0/2/0 atm-options vpi 0 maximum-vcs 256 user@P# set at-0/2/0 unit 0 vci 0.128 user@P# set at-0/2/0 unit 0 family inet address 10.0.78.6/32 destination 10.0.78.5 user@P# set at-0/2/1 atm-options pic-type atm1 user@P# set at-0/2/1 atm-options vpi 0 maximum-vcs 256 user@P# set at-0/2/1 unit 0 vci 0.128 user@P# set at-0/2/1 unit 0 family inet address 10.0.89.5/32 destination 10.0.89.6 [edit interfaces] user@PE2# set at-0/2/1 atm-options pic-type atm1 user@PE2# set at-0/2/1 atm-options vpi 0 maximum-vcs 256 user@PE2# set at-0/2/1 unit 0 vci 0.128 user@PE2# set at-0/2/1 unit 0 family inet address 10.0.89.6/32 destination 10.0.89.5
Use the
show configuration interfacescommand to verify that the ATM interfaces' VPI and maximum VCs are correct and that the logical interface VCI, protocol family, local IP address, and destination IP address are correct.
Configuring OSPF
Step-by-Step Procedure
On the P and PE routers, configure the provider instance of OSPF. Specify the
lo0.0and ATM core-facing logical interfaces. The provider instance of OSPF on the PE router forms adjacencies with the OSPF neighbors on the other PE router and Router P.user@PE1# set protocols ospf area 0.0.0.0 interface at-0/2/0.0 user@PE1# set protocols ospf area 0.0.0.0 interface lo0.0 user@P# set protocols ospf area 0.0.0.0 interface lo0.0 user@P# set protocols ospf area 0.0.0.0 interface all user@P# set protocols ospf area 0.0.0.0 interface fxp0 disable user@PE2# set protocols ospf area 0.0.0.0 interface lo0.0 user@PE2# set protocols ospf area 0.0.0.0 interface at-0/2/1.0
Use the
show ospf interfacescommand to verify that thelo0.0and ATM core-facing logical interfaces are configured for OSPF.On the CE routers, configure the customer instance of OSPF. Specify the loopback and Fast Ethernet logical interfaces. The customer instance of OSPF on the CE routers form adjacencies with the neighbors within the VPN routing instance of OSPF on the PE routers.
user@CE1# set protocols ospf area 0.0.0.0 interface fe-0/1/0.0 user@CE1# set protocols ospf area 0.0.0.0 interface fe-1/3/0.0 user@CE1# set protocols ospf area 0.0.0.0 interface lo0.0 user@CE2# set protocols ospf area 0.0.0.0 interface fe-0/1/0.0 user@CE2# set protocols ospf area 0.0.0.0 interface fe-1/3/0.0 user@CE2# set protocols ospf area 0.0.0.0 interface lo0.0
Use the
show ospf interfacescommand to verify that the correct loopback and Fast Ethernet logical interfaces have been added to the OSPF protocol.On the P and PE routers, configure OSPF traffic engineering support for the provider instance of OSPF.
The
shortcutsstatement enables the master instance of OSPF to use a label-switched path as the next hop.user@PE1# set protocols ospf traffic-engineering shortcuts user@P# set protocols ospf traffic-engineering shortcuts user@PE2# set protocols ospf traffic-engineering shortcuts
Use the
show ospf overvieworshow configuration protocols ospfcommand to verify that traffic engineering support is enabled.
Configuring BGP
Step-by-Step Procedure
On Router P, configure BGP for the VPN. The local address is the local
lo0.0address. The neighbor addresses are the PE routers'lo0.0addresses.The
unicaststatement enables the router to use BGP to advertise network layer reachability information (NLRI). Thesignalingstatement enables the router to use BGP as the signaling protocol for the VPN.user@P# set protocols bgp group group-mvpn type internal user@P# set protocols bgp group group-mvpn local-address 192.168.8.1 user@P# set protocols bgp group group-mvpn family inet unicast user@P# set protocols bgp group group-mvpn family inet-mvpn signaling user@P# set protocols bgp group group-mvpn neighbor 192.168.9.1 user@P# set protocols bgp group group-mvpn neighbor 192.168.7.1
Use the
show configuration protocols bgpcommand to verify that the router has been configured to use BGP to advertise NLRI.On the PE and P routers, configure the BGP local autonomous system number.
user@PE1# set routing-options autonomous-system 0.65010 user@P# set routing-options autonomous-system 0.65010 user@PE2# set routing-options autonomous-system 0.65010
Use the
show configuration routing-optionscommand to verify that the BGP local autonomous system number is correct.On the PE routers, configure BGP for the VPN. Configure the local address as the local
lo0.0address. The neighbor addresses are thelo0.0addresses of Router P and the other PE router, PE2.user@PE1# set protocols bgp group group-mvpn type internal user@PE1# set protocols bgp group group-mvpn local-address 192.168.7.1 user@PE1# set protocols bgp group group-mvpn family inet-vpn unicast user@PE1# set protocols bgp group group-mvpn family inet-mvpn signaling user@PE1# set protocols bgp group group-mvpn neighbor 192.168.9.1 user@PE1# set protocols bgp group group-mvpn neighbor 192.168.8.1 user@PE2# set protocols bgp group group-mvpn type internal user@PE2# set protocols bgp group group-mvpn local-address 192.168.9.1 user@PE2# set protocols bgp group group-mvpn family inet-vpn unicast user@PE2# set protocols bgp group group-mvpn family inet-mvpn signaling user@PE2# set protocols bgp group group-mvpn neighbor 192.168.7.1 user@PE2# set protocols bgp group group-mvpn neighbor 192.168.8.1
Use the
show bgp groupcommand to verify that the BGP configuration is correct.On the PE routers, configure a policy to export the BGP routes into OSPF.
user@PE1# set policy-options policy-statement bgp-to-ospf from protocol bgp user@PE1# set policy-options policy-statement bgp-to-ospf then accept user@PE2# set policy-options policy-statement bgp-to-ospf from protocol bgp user@PE2# set policy-options policy-statement bgp-to-ospf then accept
Use the
show policy bgp-to-ospfcommand to verify that the policy is correct.
Configuring RSVP
Step-by-Step Procedure
On the PE routers, enable RSVP on the interfaces that participate in the LSP. Configure the Fast Ethernet and ATM logical interfaces.
user@PE1# set protocols rsvp interface fe-0/1/0.0 user@PE1# set protocols rsvp interface at-0/2/0.0 user@PE2# set protocols rsvp interface fe-0/1/0.0 user@PE2# set protocols rsvp interface at-0/2/1.0
On Router P, enable RSVP on the interfaces that participate in the LSP. Configure the ATM logical interfaces.
user@P# set protocols rsvp interface at-0/2/0.0 user@P# set protocols rsvp interface at-0/2/1.0
Use the
show configuration protocols rsvpcommand to verify that the RSVP configuration is correct.
Configuring MPLS
Step-by-Step Procedure
On the PE routers, configure an MPLS LSP to the PE router that is the LSP egress point. Specify the IP address of the
lo0.0interface on the router at the other end of the LSP. Configure MPLS on the ATM, Fast Ethernet, andlo0.0interfaces.To help identify each LSP when troubleshooting, configure a different LSP name on each PE router. In this example, we use the name
to-pe2as the name for the LSP configured on PE1 andto-pe1as the name for the LSP configured on PE2.user@PE1# set protocols mpls label-switched-path to-pe2 to 192.168.9.1 user@PE1# set protocols mpls interface fe-0/1/0.0 user@PE1# set protocols mpls interface at-0/2/0.0 user@PE1# set protocols mpls interface lo0.0 user@PE2# set protocols mpls label-switched-path to-pe1 to 192.168.7.1 user@PE2# set protocols mpls interface fe-0/1/0.0 user@PE2# set protocols mpls interface at-0/2/1.0 user@PE2# set protocols mpls interface lo0.0
Use the
show configuration protocols mplsandshow route label-switched-path to-pe1commands to verify that the MPLS and LSP configuration is correct.After the configuration is committed, use the
show mpls lsp name to-pe1andshow mpls lsp name to-pe2commands to verify that the LSP is operational.On Router P, enable MPLS. Specify the ATM interfaces connected to the PE routers.
user@P# set protocols mpls interface at-0/2/0.0 user@P# set protocols mpls interface at-0/2/1.0
Use the
show mpls interfacecommand to verify that MPLS is enabled on the ATM interfaces.On the PE and P routers, configure the protocol family on the ATM interfaces associated with the LSP. Specify the
mplsprotocol family type.user@PE1# set interfaces at-0/2/0 unit 0 family mpls user@P# set interfaces at-0/2/0 unit 0 family mpls user@P# set interfaces at-0/2/1 unit 0 family mpls user@PE2# set interfaces at-0/2/1 unit 0 family mpls
Use the
show mpls interfacecommand to verify that the MPLS protocol family is enabled on the ATM interfaces associated with the LSP.
Configuring the VRF Routing Instance
Step-by-Step Procedure
On the PE routers, configure a routing instance for the VPN and specify the
vrfinstance type. Add the Fast Ethernet andlo0.1customer-facing interfaces. Configure the VPN instance of OSPF and include the BGP-to-OSPF export policy.user@PE1# set routing-instances vpn-a instance-type vrf user@PE1# set routing-instances vpn-a interface lo0.1 user@PE1# set routing-instances vpn-a interface fe-0/1/0.0 user@PE1# set routing-instances vpn-a protocols ospf export bgp-to-ospf user@PE1# set routing-instances vpn-a protocols ospf area 0.0.0.0 interface all user@PE2# set routing-instances vpn-a instance-type vrf user@PE2# set routing-instances vpn-a interface lo0.1 user@PE2# set routing-instances vpn-a interface fe-0/1/0.0 user@PE2# set routing-instances vpn-a protocols ospf export bgp-to-ospf user@PE2# set routing-instances vpn-a protocols ospf area 0.0.0.0 interface all
Use the
show configuration routing-instances vpn-acommand to verify that the routing instance configuration is correct.On the PE routers, configure a route distinguisher for the routing instance. A route distinguisher allows the router to distinguish between two identical IP prefixes used as VPN routes. Configure a different route distinguisher on each PE router. This example uses 65010:1 on PE1 and 65010:2 on PE2.
user@PE1# set routing-instances vpn-a route-distinguisher 65010:1 user@PE2# set routing-instances vpn-a route-distinguisher 65010:2
Use the
show configuration routing-instances vpn-acommand to verify that the route distinguisher is correct.On the PE routers, configure default VRF import and export policies. Based on this configuration, BGP automatically generates local routes corresponding to the route target referenced in the VRF import policies. This example uses 2:1 as the route target.
Note:You must configure the same route target on each PE router for a given VPN routing instance.
user@PE1# set routing-instances vpn-a vrf-target target:2:1 user@PE2# set routing-instances vpn-a vrf-target target:2:1
Use the
show configuration routing-instances vpn-acommand to verify that the route target is correct.On the PE routers, configure the VPN routing instance for multicast support.
user@PE1# set routing-instances vpn-a protocols mvpn user@PE2# set routing-instances vpn-a protocols mvpn
Use the
show configuration routing-instance vpn-acommand to verify that the VPN routing instance has been configured for multicast support.On the PE routers, configure an IP address on loopback logical interface 1 (
lo0.1) used in the customer routing instance VPN.user@PE1# set interfaces lo0 unit 1 family inet address 10.10.47.101/32 user@PE2# set interfaces lo0 unit 1 family inet address 10.10.47.100/32
Use the
show interfaces tersecommand to verify that the IP address on the loopback interface is correct.
Configuring PIM
Step-by-Step Procedure
On the PE routers, enable PIM. Configure the
lo0.1and the customer-facing Fast Ethernet interface. Specify the mode assparseand the version as2.user@PE1# set routing-instances vpn-a protocols pim interface lo0.1 mode sparse user@PE1# set routing-instances vpn-a protocols pim interface lo0.1 version 2 user@PE1# set routing-instances vpn-a protocols pim interface fe-0/1/0.0 mode sparse user@PE1# set routing-instances vpn-a protocols pim interface fe-0/1/0.0 version 2 user@PE2# set routing-instances vpn-a protocols pim interface lo0.1 mode sparse user@PE2# set routing-instances vpn-a protocols pim interface lo0.1 version 2 user@PE2# set routing-instances vpn-a protocols pim interface fe-0/1/0.0 mode sparse user@PE2# set routing-instances vpn-a protocols pim interface fe-0/1/0.0 version 2
Use the
show pim interfaces instance vpn-acommand to verify that PIM sparse-mode is enabled on thelo0.1interface and the customer-facing Fast Ethernet interface.On the CE routers, enable PIM. In this example, we configure all interfaces. Specify the mode as
sparseand the version as2.user@CE1# set protocols pim interface all user@CE2# set protocols pim interface all mode sparse user@CE2# set protocols pim interface all version 2
Use the
show pim interfacescommand to verify that PIM sparse mode is enabled on all interfaces.
Configuring the Provider Tunnel
Step-by-Step Procedure
On Router PE1, configure the provider tunnel. Specify the multicast address to be used.
The
provider-tunnelstatement instructs the router to send multicast traffic across a tunnel.user@PE1# set routing-instances vpn-a provider-tunnel rsvp-te label-switched-path-template default-template
Use the
show configuration routing-instance vpn-acommand to verify that the provider tunnel is configured to use the default LSP template.On Router PE2, configure the provider tunnel. Specify the multicast address to be used.
user@PE2# set routing-instances vpn-a provider-tunnel rsvp-te label-switched-path-template default-template
Use the
show configuration routing-instance vpn-acommand to verify that the provider tunnel is configured to use the default LSP template.
Configuring the Rendezvous Point
Step-by-Step Procedure
Configure Router PE1 to be the rendezvous point. Specify the
lo0.1address of Router PE1. Specify the multicast address to be used.user@PE1# set routing-instances vpn-a protocols pim rp local address 10.10.47.101 user@PE1# set routing-instances vpn-a protocols pim rp local group-ranges 224.1.1.1/32
Use the
show pim rps instance vpn-acommand to verify that the correct local IP address is configured for the RP.On Router PE2, configure the static rendezvous point. Specify the
lo0.1address of Router PE1.user@PE2# set routing-instances vpn-a protocols pim rp static address 10.10.47.101
Use the
show pim rps instance vpn-acommand to verify that the correct static IP address is configured for the RP.On the CE routers, configure the static rendezvous point. Specify the
lo0.1address of Router PE1.user@CE1# set protocols pim rp static address 10.10.47.101 version 2 user@CE2# set protocols pim rp static address 10.10.47.101 version 2
Use the
show pim rpscommand to verify that the correct static IP address is configured for the RP.Use the
commit checkcommand to verify that the configuration can be successfully committed. If the configuration passes the check, commit the configuration.Start the multicast sender device connected to CE1.
Start the multicast receiver device connected to CE2.
Verify that the receiver is receiving the multicast stream.
Use
showcommands to verify the routing, VPN, and multicast operation.
Results
The configuration and verification parts of this example have been completed. The following section is for your reference.
The relevant sample configuration for Router CE1 follows.
Router CE1
interfaces {
lo0 {
unit 0 {
family inet {
address 192.168.6.1/32 {
primary;
}
}
}
}
fe-0/1/0 {
unit 0 {
family inet {
address 10.0.67.13/30;
}
}
}
fe-1/3/0 {
unit 0 {
family inet {
address 10.10.12.1/24;
}
}
}
}
protocols {
ospf {
area 0.0.0.0 {
interface fe-0/1/0.0;
interface lo0.0;
interface fe-1/3/0.0;
}
}
pim {
rp {
static {
address 10.10.47.101 {
version 2;
}
}
}
interface all;
}
}
The relevant sample configuration for Router PE1 follows.
Router PE1
interfaces {
lo0 {
unit 0 {
family inet {
address 192.168.7.1/32 {
primary;
}
}
}
}
fe-0/1/0 {
unit 0 {
family inet {
address 10.0.67.14/30;
}
}
}
at-0/2/0 {
atm-options {
pic-type atm1;
vpi 0 {
maximum-vcs 256;
}
}
unit 0 {
vci 0.128;
family inet {
address 10.0.78.5/32 {
destination 10.0.78.6;
}
}
family mpls;
}
}
lo0 {
unit 1 {
family inet {
address 10.10.47.101/32;
}
}
}
}
routing-options {
autonomous-system 0.65010;
}
protocols {
rsvp {
interface fe-0/1/0.0;
interface at-0/2/0.0;
}
mpls {
label-switched-path to-pe2 {
to 192.168.9.1;
}
interface fe-0/1/0.0;
interface at-0/2/0.0;
interface lo0.0;
}
bgp {
group group-mvpn {
type internal;
local-address 192.168.7.1;
family inet-vpn {
unicast;
}
family inet-mvpn {
signaling;
}
neighbor 192.168.9.1;
neighbor 192.168.8.1;
}
}
ospf {
traffic-engineering {
shortcuts;
}
area 0.0.0.0 {
interface at-0/2/0.0;
interface lo0.0;
}
}
}
policy-options {
policy-statement bgp-to-ospf {
from protocol bgp;
then accept;
}
}
routing-instances {
vpn-a {
instance-type vrf;
interface lo0.1;
interface fe-0/1/0.0;
route-distinguisher 65010:1;
provider-tunnel {
rsvp-te {
label-switched-path-template {
default-template;
}
}
}
vrf-target target:2:1;
protocols {
ospf {
export bgp-to-ospf;
area 0.0.0.0 {
interface all;
}
}
pim {
rp {
local {
address 10.10.47.101;
group-ranges {
224.1.1.1/32;
}
}
}
interface lo0.1 {
mode sparse;
version 2;
}
interface fe-0/1/0.0 {
mode sparse;
version 2;
}
}
mvpn;
}
}
}
The relevant sample configuration for Router P follows.
Router P
interfaces {
lo0 {
unit 0 {
family inet {
address 192.168.8.1/32 {
primary;
}
}
}
}
at-0/2/0 {
atm-options {
pic-type atm1;
vpi 0 {
maximum-vcs 256;
}
}
unit 0 {
vci 0.128;
family inet {
address 10.0.78.6/32 {
destination 10.0.78.5;
}
}
family mpls;
}
}
at-0/2/1 {
atm-options {
pic-type atm1;
vpi 0 {
maximum-vcs 256;
}
}
unit 0 {
vci 0.128;
family inet {
address 10.0.89.5/32 {
destination 10.0.89.6;
}
}
family mpls;
}
}
}
routing-options {
autonomous-system 0.65010;
}
protocols {
rsvp {
interface at-0/2/0.0;
interface at-0/2/1.0;
}
mpls {
interface at-0/2/0.0;
interface at-0/2/1.0;
}
bgp {
group group-mvpn {
type internal;
local-address 192.168.8.1;
family inet {
unicast;
}
family inet-mvpn {
signaling;
}
neighbor 192.168.9.1;
neighbor 192.168.7.1;
}
}
ospf {
traffic-engineering {
shortcuts;
}
area 0.0.0.0 {
interface lo0.0;
interface all;
interface fxp0.0 {
disable;
}
}
}
}
The relevant sample configuration for Router PE2 follows.
Router PE2
interfaces {
lo0 {
unit 0 {
family inet {
address 192.168.9.1/32 {
primary;
}
}
}
}
fe-0/1/0 {
unit 0 {
family inet {
address 10.0.90.13/30;
}
}
}
at-0/2/1 {
atm-options {
pic-type atm1;
vpi 0 {
maximum-vcs 256;
}
}
unit 0 {
vci 0.128;
family inet {
address 10.0.89.6/32 {
destination 10.0.89.5;
}
}
family mpls;
}
}
lo0 {
unit 1 {
family inet {
address 10.10.47.100/32;
}
}
}
}
routing-options {
autonomous-system 0.65010;
}
protocols {
rsvp {
interface fe-0/1/0.0;
interface at-0/2/1.0;
}
mpls {
label-switched-path to-pe1 {
to 192.168.7.1;
}
interface lo0.0;
interface fe-0/1/0.0;
interface at-0/2/1.0;
}
bgp {
group group-mvpn {
type internal;
local-address 192.168.9.1;
family inet-vpn {
unicast;
}
family inet-mvpn {
signaling;
}
neighbor 192.168.7.1;
neighbor 192.168.8.1;
}
}
ospf {
traffic-engineering {
shortcuts;
}
area 0.0.0.0 {
interface lo0.0;
interface at-0/2/1.0;
}
}
}
policy-options {
policy-statement bgp-to-ospf {
from protocol bgp;
then accept;
}
}
routing-instances {
vpn-a {
instance-type vrf;
interface fe-0/1/0.0;
interface lo0.1;
route-distinguisher 65010:2;
provider-tunnel {
rsvp-te {
label-switched-path-template {
default-template;
}
}
}
vrf-target target:2:1;
protocols {
ospf {
export bgp-to-ospf;
area 0.0.0.0 {
interface all;
}
}
pim {
rp {
static {
address 10.10.47.101;
}
}
interface fe-0/1/0.0 {
mode sparse;
version 2;
}
interface lo0.1 {
mode sparse;
version 2;
}
}
mvpn;
}
}
}
The relevant sample configuration for Router CE2 follows.
Router CE2
interfaces {
lo0 {
unit 0 {
family inet {
address 192.168.0.1/32 {
primary;
}
}
}
}
fe-0/1/0 {
unit 0 {
family inet {
address 10.0.90.14/30;
}
}
}
fe-1/3/0 {
unit 0 {
family inet {
address 10.10.11.1/24;
}
family inet6 {
address fe80::205:85ff:fe88:ccdb/64;
}
}
}
}
protocols {
ospf {
area 0.0.0.0 {
interface fe-0/1/0.0;
interface lo0.0;
interface fe-1/3/0.0;
}
}
pim {
rp {
static {
address 10.10.47.101 {
version 2;
}
}
}
interface all {
mode sparse;
version 2;
}
}
}
Example: Configuring a PIM-SSM Provider Tunnel for an MBGP MVPN
This example shows how to configure a PIM-SSM provider tunnel for an MBGP MVPN. The configuration enables service providers to carry customer data in the core. This example shows how to configure PIM-SSM tunnels as inclusive PMSI and uses the unicast routing preference as the metric for determining the single forwarder (instead of the default metric, which is the IP address from the global administrator field in the route-import community).
Requirements
Before you begin:
-
Configure the router interfaces. See the Junos OS Network Interfaces Library for Routing Devices.
-
Configure the BGP-to-OSPF routing policy. See the Routing Policies, Firewall Filters, and Traffic Policers User Guide.
Overview
When a PE receives a customer join or prune message from a CE, the message identifies a particular multicast flow as belonging either to a source-specific tree (S,G) or to a shared tree (*,G). If the route to the multicast source or RP is across the VPN backbone, then the PE needs to identify the upstream multicast hop (UMH) for the (S,G) or (*,G) flow. Normally the UMH is determined by the unicast route to the multicast source or RP.
However, in some cases, the CEs might be distributing to the PEs a special set of routes that are to be used exclusively for the purpose of upstream multicast hop selection using the route-import community. More than one route might be eligible, and the PE needs to elect a single forwarder from the eligible UMHs.
The default metric for the single forwarder election is the IP address from the global administrator field in the route-import community. You can configure a router to use the unicast route preference to determine the single forwarder election.
This example includes the following settings.
-
provider-tunnel family inet pim-ssm group-address—Specifies a valid SSM VPN group address. The SSM VPN group address and the source address are advertised by the type-1 autodiscovery route. On receiving an autodiscovery route with the SSM VPN group address and the source address, a PE router sends an (S,G) join in the provider space to the PE advertising the autodiscovery route. All PE routers exchange their PIM-SSM VPN group address to complete the inclusive provider multicast service interface (I-PMSI). Unlike a PIM-ASM provider tunnel, the PE routers can choose a different VPN group address because the (S,G) joins are sent directly toward the source PE.
Note:Similar to a PIM-ASM provider tunnel, PIM must be configured in the default master instance.
-
unicast-umh-election—Specifies that the PE router uses the unicast route preference to determine the single-forwarder election.
Topology
Figure 5 shows the topology used in this example.
Configuration
Procedure
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste them
into a text file, remove any line breaks, change any details necessary to
match your network configuration, and then copy and paste the commands into
the CLI at the [edit] hierarchy level.
set interfaces fe-0/2/0 unit 0 family inet address 192.168.195.109/30 set interfaces fe-0/2/1 unit 0 family inet address 192.168.195.5/27 set interfaces fe-0/2/2 unit 0 family inet address 10.20.1.1/30 set interfaces fe-0/2/2 unit 0 family iso set interfaces fe-0/2/2 unit 0 family mpls set interfaces lo0 unit 1 family inet address 10.10.47.100/32 set interfaces lo0 unit 1 family inet address 192.168.195.1/32 primary set interfaces lo0 unit 2 family inet address 10.10.48.100/32 set protocols mpls interface all set protocols bgp group ibgp type internal set protocols bgp group ibgp local-preference 120 set protocols bgp group ibgp family inet-vpn any set protocols bgp group ibgp family inet-mvpn signaling set protocols bgp group ibgp neighbor 10.255.112.155 set protocols isis level 1 disable set protocols isis interface all set protocols isis interface fxp0.0 disable set protocols ospf traffic-engineering set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set protocols ldp interface all set protocols pim rp static address 10.255.112.155 set protocols pim interface all mode sparse-dense set protocols pim interface all version 2 set protocols pim interface fxp0.0 disable set routing-instances VPN-A instance-type vrf set routing-instances VPN-A interface fe-0/2/1.0 set routing-instances VPN-A interface lo0.1 set routing-instances VPN-A route-distinguisher 10.255.112.199:100 set routing-instances VPN-A provider-tunnel family inet pim-ssm group-address 233.252.0.1 set routing-instances VPN-A vrf-target target:10:100 set routing-instances VPN-A vrf-table-label set routing-instances VPN-A routing-options auto-export set routing-instances VPN-A protocols ospf export bgp-to-ospf set routing-instances VPN-A protocols ospf area 0.0.0.0 interface lo0.1 set routing-instances VPN-A protocols ospf area 0.0.0.0 interface fe-0/2/1.0 set routing-instances VPN-A protocols pim rp static address 10.10.47.101 set routing-instances VPN-A protocols pim interface lo0.1 mode sparse-dense set routing-instances VPN-A protocols pim interface lo0.1 version 2 set routing-instances VPN-A protocols pim interface fe-0/2/1.0 mode sparse-dense set routing-instances VPN-A protocols pim interface fe-0/2/1.0 version 2 set routing-instances VPN-A protocols mvpn unicast-umh-election set routing-instances VPN-B instance-type vrf set routing-instances VPN-B interface fe-0/2/0.0 set routing-instances VPN-B interface lo0.2 set routing-instances VPN-B route-distinguisher 10.255.112.199:200 set routing-instances VPN-B provider-tunnel family inet pim-ssm group-address 233.252.0.2 set routing-instances VPN-B vrf-target target:10:200 set routing-instances VPN-B vrf-table-label set routing-instances VPN-B routing-options auto-export set routing-instances VPN-B protocols ospf export bgp-to-ospf set routing-instances VPN-B protocols ospf area 0.0.0.0 interface lo0.2 set routing-instances VPN-B protocols ospf area 0.0.0.0 interface fe-0/2/0.0 set routing-instances VPN-B protocols pim rp static address 10.10.48.101 set routing-instances VPN-B protocols pim interface lo0.2 mode sparse-dense set routing-instances VPN-B protocols pim interface lo0.2 version 2 set routing-instances VPN-B protocols pim interface fe-0/2/0.0 mode sparse-dense set routing-instances VPN-B protocols pim interface fe-0/2/0.0 version 2 set routing-instances VPN-B protocols mvpn unicast-umh-election set routing-options autonomous-system 65100
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
To configure a PIM-SSM provider tunnel for an MBGP MVPN:
-
Configure the interfaces in the master routing instance on the PE routers. This example shows the interfaces for one PE router.
[edit interfaces] user@host# set fe-0/2/0 unit 0 family inet address 192.168.195.109/30 user@host# set fe-0/2/1 unit 0 family inet address 192.168.195.5/27 user@host# set fe-0/2/2 unit 0 family inet address 10.20.1.1/30 user@host# set fe-0/2/2 unit 0 family iso user@host# set fe-0/2/2 unit 0 family mpls user@host# set lo0 unit 1 family inet address 10.10.47.100/32 user@host# set lo0 unit 2 family inet address 10.10.48.100/32
-
Configure the autonomous system number in the global routing options. This is required in MBGP MVPNs.
[edit routing-options] user@host# set autonomous-system 65100
-
Configure the routing protocols in the master routing instance on the PE routers.
[edit protocols bgp group ibgp] user@host# set type internal user@host# set family inet-vpn any user@host# set family inet-mvpn signaling user@host# set neighbor 10.255.112.155 [edit protocols isis] user@host# set level 1 disable user@host# set interface all user@host# set interface fxp0.0 disable [edit protocols ospf] user@host# set traffic-engineering user@host# set area 0.0.0.0 interface all user@host# set area 0.0.0.0 interface fxp0.0 disable user@host# set protocols ldp interface all [edit protocols pim] user@host# set rp static address 10.255.112.155 user@host# set interface all mode sparse-dense user@host# set interface all version 2 user@host# set interface fxp0.0 disable
-
Configure routing instance VPN-A.
[edit routing-instances VPN-A] user@host# set instance-type vrf user@host# set interface fe-0/2/1.0 user@host# set interface lo0.1 user@host# set route-distinguisher 10.255.112.199:100 user@host# set provider-tunnel family inet pim-ssm group-address 232.252.0.1 user@host# set vrf-target target:10:100 user@host# set vrf-table-label user@host# set routing-options auto-export user@host# set protocols ospf export bgp-to-ospf user@host# set protocols ospf area 0.0.0.0 interface lo0.1 user@host# set protocols ospf area 0.0.0.0 interface fe-0/2/1.0 user@host# set protocols pim rp static address 10.10.47.101 user@host# set protocols pim interface lo0.1 mode sparse-dense user@host# set protocols pim interface lo0.1 version 2 user@host# set protocols pim interface fe-0/2/1.0 mode sparse-dense user@host# set protocols pim interface fe-0/2/1.0 version 2 user@host# set protocols mvpn unicast-umh-election
-
Configure routing instance VPN-B.
[edit routing-instances VPN-B] user@host# set instance-type vrf user@host# set interface fe-0/2/0.0 user@host# set interface lo0.2 user@host# set route-distinguisher 10.255.112.199:200 user@host# set provider-tunnel family inet pim-ssm group-address 232.252.0.2 user@host# set vrf-target target:10:200 user@host# set vrf-table-label user@host# set routing-options auto-export user@host# set protocols ospf export bgp-to-ospf user@host# set protocols ospf area 0.0.0.0 interface lo0.2 user@host# set protocols ospf area 0.0.0.0 interface fe-0/2/0.0 user@host# set protocols pim rp static address 10.10.48.101 user@host# set protocols pim interface lo0.2 mode sparse-dense user@host# set protocols pim interface lo0.2 version 2 user@host# set protocols pim interface fe-0/2/0.0 mode sparse-dense user@host# set protocols pim interface fe-0/2/0.0 version 2 user@host# set protocols mvpn unicast-umh-election
-
Configure the topology such that the BGP route to the source advertised by PE1 has a higher preference than the BGP route to the source advertised by PE2.
[edit protocols bgp] user@host# set group ibgp local-preference 120
-
Configure a higher primary loopback address on PE2 than on PE1. This ensures that PE2 is the MBGP MVPN single-forwarder election winner.
[edit] user@host# set interface lo0 unit 1 family inet address 192.168.195.1/32 primary
-
Configure the
unicast-umh-electionstatement on PE3.[edit] user@host# set routing-instances VPN-A protocols mvpn unicast-umh-election user@host# set routing-instances VPN-B protocols mvpn unicast-umh-election
-
If you are done configuring the device, commit the configuration.
user@host# commit
Results
Confirm your configuration by entering the show interfaces,
show protocols, show routing-instances,
and show routing-options commands from configuration mode. If
the output does not display the intended configuration, repeat the instructions
in this example to correct the configuration.
user@host# show interfaces
fe-0/2/0 {
unit 0 {
family inet {
address 192.168.195.109/30;
}
}
}
fe-0/2/1 {
unit 0 {
family inet {
address 192.168.195.5/27;
}
}
}
fe-0/2/2 {
unit 0 {
family inet {
address 10.20.1.1/30;
}
family iso;
family mpls;
}
}
lo0 {
unit 1 {
family inet {
address 10.10.47.100/32;
address 192.168.195.1/32 {
primary;
}
}
}
unit 2 {
family inet {
address 10.10.48.100/32;
}
}
}
user@host# show protocols
mpls {
interface all;
}
bgp {
group ibgp {
type internal;
local-preference 120;
family inet-vpn {
any;
}
family inet-mvpn {
signaling;
}
neighbor 10.255.112.155;
}
}
isis {
level 1 disable;
interface all;
interface fxp0.0 {
disable;
}
}
ospf {
traffic-engineering;
area 0.0.0.0 {
interface all;
interface fxp0.0 {
disable;
}
}
}
ldp {
interface all;
}
pim {
rp {
static {
address 10.255.112.155;
}
}
interface all {
mode sparse-dense;
version 2;
}
interface fxp0.0 {
disable;
}
}
user@host# show routing-instances
VPN-A {
instance-type vrf;
interface fe-0/2/1.0;
interface lo0.1;
route-distinguisher 10.255.112.199:100;
provider-tunnel {
family inet
pim-ssm {
group-address 233.252.0.1;
}
}
vrf-target target:10:100;
vrf-table-label;
routing-options {
auto-export;
}
protocols {
ospf {
export bgp-to-ospf;
area 0.0.0.0 {
interface lo0.1;
interface fe-0/2/1.0;
}
}
pim {
rp {
static {
address 10.10.47.101;
}
}
interface lo0.1 {
mode sparse-dense;
version 2;
}
interface fe-0/2/1.0 {
mode sparse-dense;
version 2;
}
}
mvpn {
unicast-umh-election;
}
}
}
VPN-B {
instance-type vrf;
interface fe-0/2/0.0;
interface lo0.2;
route-distinguisher 10.255.112.199:200;
provider-tunnel {
family inet {
pim-ssm {
group-address 233.252.0.2;
}
}
vrf-target target:10:200;
vrf-table-label;
routing-options {
auto-export;
}
protocols {
ospf {
export bgp-to-ospf;
area 0.0.0.0 {
interface lo0.2;
interface fe-0/2/0.0;
}
}
pim {
rp {
static {
address 10.10.48.101;
}
}
interface lo0.2 {
mode sparse-dense;
version 2;
}
interface fe-0/2/0.0 {
mode sparse-dense;
version 2;
}
}
mvpn {
unicast-umh-election;
}
}
}
fe-0/2/0 {
unit 0 {
family inet {
address 192.168.195.109/30;
}
}
}
fe-0/2/1 {
unit 0 {
family inet {
address 192.168.195.5/27;
}
}
}
user@host# show routing-options autonomous-system 65100;
Verification
To verify the configuration, start the receivers and the source. PE3 should create type-7 customer multicast routes from the local joins. Verify the source-tree customer multicast entries on all PE routers. PE3 should choose PE1 as the upstream PE toward the source. PE1 receives the customer multicast route from the egress PEs and forwards data on the PSMI to PE3.
To confirm the configuration, run the following commands:
-
show route table VPN-A.mvpn.0 extensive
-
show multicast route extensive instance VPN-A
Example: Allowing MBGP MVPN Remote Sources
This example shows how to configure an MBGP MVPN that allows remote sources, even when there is no PIM neighborship toward the upstream router.
Requirements
Before you begin:
Configure the router interfaces. See the Junos OS Network Interfaces Library for Routing Devices.
Configure an interior gateway protocol or static routing. See the Junos OS Routing Protocols Library for Routing Devices.
Configure the point-to-multipoint static LSP. See Configuring Point-to-Multipoint LSPs for an MBGP MVPN.
Overview
In this example, a remote CE router is the multicast source. In an MBGP MVPN, a PE router has the PIM interface hello interval set to zero, thereby creating no PIM neighborship. The PIM upstream state is None. In this scenario, directly connected receivers receive traffic in the MBGP MVPN only if you configure the ingress PE’s upstream logical interface to accept remote sources. If you do not configure the ingress PE’s logical interface to accept remote sources, the multicast route is deleted and the local receivers are no longer attached to the flood next hop.
This example shows the configuration on the ingress PE router. A static LSP is used to receive traffic from the remote source.
Configuration
CLI Quick Configuration
To quickly configure this example, copy the following commands, paste
them into a text file, remove any line breaks, change any details necessary to match your
network configuration, and then copy and paste the commands into the CLI at the [edit] hierarchy level.
set routing-instances vpn-A instance-type vrf set routing-instances vpn-A interface ge-1/0/0.213 set routing-instances vpn-A interface ge-1/0/0.484 set routing-instances vpn-A interface ge-1/0/1.200 set routing-instances vpn-A interface ge-1/0/2.0 set routing-instances vpn-A interface ge-1/0/7.0 set routing-instances vpn-A interface vt-1/1/0.0 set routing-instances vpn-A route-distinguisher 10.0.0.10:04 set routing-instances vpn-A provider-tunnel rsvp-te label-switched-path-template mvpn-dynamic set routing-instances vpn-A provider-tunnel selective group 224.0.9.0/32 source 10.1.1.2/32 rsvp-te static-lsp mvpn-static set routing-instances vpn-A vrf-target target:65000:04 set routing-instances vpn-A protocols bgp group 1a type external set routing-instances vpn-A protocols bgp group 1a peer-as 65213 set routing-instances vpn-A protocols bgp group 1a neighbor 10.2.213.9 set routing-instances vpn-A protocols pim interface all hello-interval 0 set routing-instances vpn-A protocols pim interface ge-1/0/2.0 accept-remote-source set routing-instances vpn-A protocols mvpn set routing-options autonomous-system 100
Procedure
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
To allow remote sources:
On the ingress PE router, configure the interfaces in the routing instance.
[edit routing-instances vpn-A] user@host# set instance-type vrf user@host# set interface ge-1/0/0.213 user@host# set interface ge-1/0/0.484 user@host# set interface ge-1/0/1.200 user@host# set interface ge-1/0/2.0 user@host# set interface ge-1/0/7.0 user@host# set interface vt-1/1/0.0
Configure the autonomous system number in the global routing options. This is required in MBGP MVPNs.
user@host# set routing-options autonomous-system 100
Configure the route distinguisher and the VRF target.
[edit routing-instances vpn-A] user@host# set route-distinguisher 10.0.0.10:04 user@host# set vrf-target target:65000:04
Configure the provider tunnel.
[edit routing-instances vpn-A] user@host# set provider-tunnel rsvp-te label-switched-path-template mvpn-dynamic user@host# set provider-tunnel selective group 224.0.9.0/32 source 10.1.1.2/32 rsvp-te static-lsp mvpn-static
Configure BGP in the routing instance.
[edit routing-instances vpn-A] user@host# set protocols bgp group 1a type external user@host# set protocols bgp group 1a peer-as 65213 user@host# set protocols bgp group 1a neighbor 10.2.213.9
Configure PIM in the routing instance, including the
accept-remote-sourcestatement on the incoming logical interface.[edit routing-instances vpn-A] user@host# set protocols pim interface all hello-interval 0 user@host# set protocols pim interface ge-1/0/2.0 accept-remote-source
Enable the MVPN Protocol in the routing instance.
[edit routing-instances vpn-A] user@host# set protocols mvpn
If you are done configuring the devices, commit the configuration.
user@host# commit
Results
From configuration mode, confirm your configuration by entering the show
routing-instances and show routing-options commands. If the output does not
display the intended configuration, repeat the instructions in this example to correct the
configuration.
user@host# show routing-instances
routing-instances {
vpn-A {
instance-type vrf;
interface ge-1/0/0.213;
interface ge-1/0/0.484;
interface ge-1/0/1.200;
interface vt-1/1/0.0;
interface ge-1/0/2.0;
interface ge-1/0/7.0;
route-distinguisher 10.0.0.10:04;
provider-tunnel {
rsvp-te {
label-switched-path-template {
mvpn-dynamic;
}
}
selective {
group 224.0.9.0/32 {
source 10.1.1.2/32 {
rsvp-te {
static-lsp mvpn-static;
}
}
}
}
}
vrf-target target:65000:04;
protocols {
bgp {
group 1a {
type external;
peer-as 65213;
neighbor 10.2.213.9;
}
}
pim {
interface all {
hello-interval 0;
}
interface ge-1/0/2.0 {
accept-remote-source;
}
}
mvpn;
}
}
user@host# show routing-options autonomous-system 100;
Verification
To verify the configuration, run the following commands:
show mpls lsp p2mp
show multicast route instance vpn-A extensive
show mvpn c-multicast
show pim join instance vpn-A extensive
show route forwarding-table destination destination
show route table vpn-A.mvpn.0
Example: Configuring BGP Route Flap Damping Based on the MBGP MVPN Address Family
This example shows how to configure an multiprotocol BGP multicast VPN (also called Next-Generation MVPN) with BGP route flap damping.
Requirements
This example uses Junos OS Release 12.2. BGP route flap damping support for MBGP MVPN, specifically, and on an address family basis, in general, is introduced in Junos OS Release 12.2.
Overview
BGP route flap damping helps to diminish route instability caused by routes being repeatedly withdrawn and readvertised when a link is intermittently failing.
This example uses the default damping parameters and demonstrates an MBGP MVPN scenario with three provider edge (PE) routing devices, three customer edge (CE) routing devices, and one provider (P) routing device.
Topology
Figure 7 shows the topology used in this example.
On PE Device R4, BGP route flap damping is configured for address
family inet-mvpn. A routing policy called dampPolicy uses the nlri-route-type match condition to damp only
MVPN route types 3, 4, and 5. All other MVPN route types are not damped.
This example shows the full configuration on all devices in the CLI Quick Configuration section. The Configuring Device R4 section shows the step-by-step configuration for PE Device R4.
Configuration
CLI Quick Configuration
To quickly configure this
example, copy the following commands, paste them into a text file,
remove any line breaks, change any details necessary to match your
network configuration, and then copy and paste the commands into the
CLI at the [edit] hierarchy level.
Device R1
set interfaces ge-1/2/0 unit 1 family inet address 10.1.1.1/30 set interfaces ge-1/2/0 unit 1 family mpls set interfaces lo0 unit 1 family inet address 172.16.1.1/32 set protocols ospf area 0.0.0.0 interface lo0.1 passive set protocols ospf area 0.0.0.0 interface ge-1/2/0.1 set protocols pim rp static address 172.16.100.1 set protocols pim interface all set routing-options router-id 172.16.1.1
Device R2
set interfaces ge-1/2/0 unit 2 family inet address 10.1.1.2/30 set interfaces ge-1/2/0 unit 2 family mpls set interfaces ge-1/2/1 unit 5 family inet address 10.1.1.5/30 set interfaces ge-1/2/1 unit 5 family mpls set interfaces vt-1/2/0 unit 2 family inet set interfaces lo0 unit 2 family inet address 172.16.1.2/32 set interfaces lo0 unit 102 family inet address 172.16.100.1/32 set protocols mpls interface ge-1/2/1.5 set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 172.16.1.2 set protocols bgp group ibgp family inet-vpn any set protocols bgp group ibgp family inet-mvpn signaling set protocols bgp group ibgp neighbor 172.16.1.4 set protocols bgp group ibgp neighbor 172.16.1.5 set protocols ospf area 0.0.0.0 interface lo0.2 passive set protocols ospf area 0.0.0.0 interface ge-1/2/1.5 set protocols ldp interface ge-1/2/1.5 set protocols ldp p2mp set policy-options policy-statement parent_vpn_routes from protocol bgp set policy-options policy-statement parent_vpn_routes then accept set routing-instances vpn-1 instance-type vrf set routing-instances vpn-1 interface ge-1/2/0.2 set routing-instances vpn-1 interface vt-1/2/0.2 set routing-instances vpn-1 interface lo0.102 set routing-instances vpn-1 route-distinguisher 100:100 set routing-instances vpn-1 provider-tunnel ldp-p2mp set routing-instances vpn-1 vrf-target target:1:1 set routing-instances vpn-1 protocols ospf export parent_vpn_routes set routing-instances vpn-1 protocols ospf area 0.0.0.0 interface lo0.102 passive set routing-instances vpn-1 protocols ospf area 0.0.0.0 interface ge-1/2/0.2 set routing-instances vpn-1 protocols pim rp static address 172.16.1.2 with 172.16.4.1100.1 set routing-instances vpn-1 protocols pim interface ge-1/2/0.2 mode sparse set routing-instances vpn-1 protocols mvpn set routing-options router-id 172.16.1.2 set routing-options autonomous-system 1001
Device R3
set interfaces ge-1/2/0 unit 6 family inet address 10.1.1.6/30 set interfaces ge-1/2/0 unit 6 family mpls set interfaces ge-1/2/1 unit 9 family inet address 10.1.1.9/30 set interfaces ge-1/2/1 unit 9 family mpls set interfaces ge-1/2/2 unit 13 family inet address 10.1.1.13/30 set interfaces ge-1/2/2 unit 13 family mpls set interfaces lo0 unit 3 family inet address 172.16.1.3/32 set protocols mpls interface ge-1/2/0.6 set protocols mpls interface ge-1/2/1.9 set protocols mpls interface ge-1/2/2.13 set protocols ospf area 0.0.0.0 interface lo0.3 passive set protocols ospf area 0.0.0.0 interface ge-1/2/0.6 set protocols ospf area 0.0.0.0 interface ge-1/2/1.9 set protocols ospf area 0.0.0.0 interface ge-1/2/2.13 set protocols ldp interface ge-1/2/0.6 set protocols ldp interface ge-1/2/1.9 set protocols ldp interface ge-1/2/2.13 set protocols ldp p2mp set routing-options router-id 172.16.1.3
Device R4
set interfaces ge-1/2/0 unit 10 family inet address 10.1.1.10/30 set interfaces ge-1/2/0 unit 10 family mpls set interfaces ge-1/2/1 unit 17 family inet address 10.1.1.17/30 set interfaces ge-1/2/1 unit 17 family mpls set interfaces vt-1/2/0 unit 4 family inet set interfaces lo0 unit 4 family inet address 172.16.1.4/32 set interfaces lo0 unit 104 family inet address 172.16.100.1/32 set protocols rsvp interface all aggregate set protocols mpls interface all set protocols mpls interface ge-1/2/0.10 set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 172.16.1.4 set protocols bgp group ibgp family inet-vpn unicast set protocols bgp group ibgp family inet-vpn any set protocols bgp group ibgp family inet-mvpn signaling damping set protocols bgp group ibgp neighbor 172.16.1.2 import dampPolicy set protocols bgp group ibgp neighbor 172.16.1.5 set protocols ospf traffic-engineering set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface lo0.4 passive set protocols ospf area 0.0.0.0 interface ge-1/2/0.10 set protocols ldp interface ge-1/2/0.10 set protocols ldp p2mp set policy-options policy-statement dampPolicy term term1 from family inet-mvpn set policy-options policy-statement dampPolicy term term1 from nlri-route-type 3 set policy-options policy-statement dampPolicy term term1 from nlri-route-type 4 set policy-options policy-statement dampPolicy term term1 from nlri-route-type 5 set policy-options policy-statement dampPolicy term term1 then accept set policy-options policy-statement dampPolicy then damping no-damp set policy-options policy-statement dampPolicy then accept set policy-options policy-statement parent_vpn_routes from protocol bgp set policy-options policy-statement parent_vpn_routes then accept set policy-options damping no-damp disable set routing-instances vpn-1 instance-type vrf set routing-instances vpn-1 interface vt-1/2/0.4 set routing-instances vpn-1 interface ge-1/2/1.17 set routing-instances vpn-1 interface lo0.104 set routing-instances vpn-1 route-distinguisher 100:100 set routing-instances vpn-1 vrf-target target:1:1 set routing-instances vpn-1 protocols ospf export parent_vpn_routes set routing-instances vpn-1 protocols ospf area 0.0.0.0 interface lo0.104 passive set routing-instances vpn-1 protocols ospf area 0.0.0.0 interface ge-1/2/1.17 set routing-instances vpn-1 protocols pim rp static address 172.16.100.1 set routing-instances vpn-1 protocols pim interface ge-1/2/1.17 mode sparse set routing-instances vpn-1 protocols mvpn set routing-options router-id 172.16.1.4 set routing-options autonomous-system 64501
Device R5
set interfaces ge-1/2/0 unit 14 family inet address 10.1.1.14/30 set interfaces ge-1/2/0 unit 14 family mpls set interfaces ge-1/2/1 unit 21 family inet address 10.1.1.21/30 set interfaces ge-1/2/1 unit 21 family mpls set interfaces vt-1/2/0 unit 5 family inet set interfaces lo0 unit 5 family inet address 172.16.1.5/32 set interfaces lo0 unit 105 family inet address 172.16.100.5/32 set protocols mpls interface ge-1/2/0.14 set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 172.16.1.5 set protocols bgp group ibgp family inet-vpn any set protocols bgp group ibgp family inet-mvpn signaling set protocols bgp group ibgp neighbor 172.16.1.2 set protocols bgp group ibgp neighbor 172.16.1.4 set protocols ospf area 0.0.0.0 interface lo0.5 passive set protocols ospf area 0.0.0.0 interface ge-1/2/0.14 set protocols ldp interface ge-1/2/0.14 set protocols ldp p2mp set policy-options policy-statement parent_vpn_routes from protocol bgp set policy-options policy-statement parent_vpn_routes then accept set routing-instances vpn-1 instance-type vrf set routing-instances vpn-1 interface vt-1/2/0.5 set routing-instances vpn-1 interface ge-1/2/1.21 set routing-instances vpn-1 interface lo0.105 set routing-instances vpn-1 route-distinguisher 100:100 set routing-instances vpn-1 vrf-target target:1:1 set routing-instances vpn-1 protocols ospf export parent_vpn_routes set routing-instances vpn-1 protocols ospf area 0.0.0.0 interface lo0.105 passive set routing-instances vpn-1 protocols ospf area 0.0.0.0 interface ge-1/2/1.21 set routing-instances vpn-1 protocols pim rp static address 172.16.100.2 set routing-instances vpn-1 protocols pim interface ge-1/2/1.21 mode sparse set routing-instances vpn-1 protocols mvpn set routing-options router-id 172.16.1.5 set routing-options autonomous-system 1001
Device R6
set interfaces ge-1/2/0 unit 18 family inet address 10.1.1.18/30 set interfaces ge-1/2/0 unit 18 family mpls set interfaces lo0 unit 6 family inet address 172.16.1.6/32 set protocols sap listen 233.1.1.1 set protocols ospf area 0.0.0.0 interface lo0.6 passive set protocols ospf area 0.0.0.0 interface ge-1/2/0.18 set protocols pim rp static address 172.16.100.2 set protocols pim interface all set routing-options router-id 172.16.1.6
Device R7
set interfaces ge-1/2/0 unit 22 family inet address 10.1.1.22/30 set interfaces ge-1/2/0 unit 22 family mpls set interfaces lo0 unit 7 family inet address 172.16.1.7/32 set protocols ospf area 0.0.0.0 interface lo0.7 passive set protocols ospf area 0.0.0.0 interface ge-1/2/0.22 set protocols pim rp static address 172.16.100.2 set protocols pim interface all set routing-options router-id 172.16.1.7
Configuring Device R4
Step-by-Step Procedure
The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the Junos OS CLI User Guide.
To configure Device R4:
Configure the interfaces.
[edit interfaces] user@R4# set ge-1/2/0 unit 10 family inet address 10.1.1.10/30 user@R4# set ge-1/2/0 unit 10 family mpls user@R4# set ge-1/2/1 unit 17 family inet address 10.1.1.17/30 user@R4# set ge-1/2/1 unit 17 family mpls user@R4# set vt-1/2/0 unit 4 family inet user@R4# set lo0 unit 4 family inet address 172.16.1.4/32 user@R4# set lo0 unit 104 family inet address 172.16.100.4/32
Configure MPLS and the signaling protocols on the interfaces.
[edit protocols] user@R4# set mpls interface all user@R4# set mpls interface ge-1/2/0.10 user@R4# set rsvp interface all aggregate user@R4# set ldp interface ge-1/2/0.10 user@R4# set ldp p2mp
Configure BGP.
The BGP configuration enables BGP route flap damping for the
inet-mvpnaddress family. The BGP configuration also imports into the routing table the routing policy calleddampPolicy. This policy is applied to neighbor PE Device R2.[edit protocols bgp group ibgp] user@R4# set type internal user@R4# set local-address 172.16.1.4 user@R4# set family inet-vpn unicast user@R4# set family inet-vpn any user@R4# set family inet-mvpn signaling damping user@R4# set neighbor 172.16.1.2 import dampPolicy user@R4# set neighbor 172.16.1.5
Configure an interior gateway protocol.
[edit protocols ospf] user@R4# set traffic-engineering [edit protocols ospf area 0.0.0.0] user@R4# set interface all user@R4# set interface lo0.4 passive user@R4# set interface ge-1/2/0.10
Configure a damping policy that uses the
nlri-route-typematch condition to damp only MVPN route types 3, 4, and 5.[edit policy-options policy-statement dampPolicy term term1] user@R4# set from family inet-mvpn user@R4# set from nlri-route-type 3 user@R4# set from nlri-route-type 4 user@R4# set from nlri-route-type 5 user@R4# set then accept
Configure the
dampingpolicy to disable BGP route flap damping.The
no-damppolicy (damping no-damp disable) causes any damping state that is present in the routing table to be deleted. Thethen damping no-dampstatement applies theno-damppolicy as an action and has nofrommatch conditions. Therefore, all routes that are not matched byterm1are matched by this term, with the result that all other MVPN route types are not damped.[edit policy-options policy-statement dampPolicy] user@R4# set then damping no-damp user@R4# set then accept [edit policy-options] user@R4# set damping no-damp disable
Configure the
parent_vpn_routesto accept all other BGP routes that are not from theinet-mvpnaddress family.This policy is applied as an OSPF export policy in the routing instance.
[edit policy-options policy-statement parent_vpn_routes] user@R4# set from protocol bgp user@R4# set then accept
Configure the VPN routing and forwarding (VRF) instance.
[edit routing-instances vpn-1] user@R4# set instance-type vrf user@R4# set interface vt-1/2/0.4 user@R4# set interface ge-1/2/1.17 user@R4# set interface lo0.104 user@R4# set route-distinguisher 100:100 user@R4# set vrf-target target:1:1 user@R4# set protocols ospf export parent_vpn_routes user@R4# set protocols ospf area 0.0.0.0 interface lo0.104 passive user@R4# set protocols ospf area 0.0.0.0 interface ge-1/2/1.17 user@R4# set protocols pim rp static address 172.16.100.2 user@R4# set protocols pim interface ge-1/2/1.17 mode sparse user@R4# set protocols mvpn
Configure the router ID and the autonomous system (AS) number.
[edit routing-options] user@R4# set router-id 172.16.1.4 user@R4# set autonomous-system 1001
If you are done configuring the device, commit the configuration.
user@R4# commit
Results
From configuration mode, confirm your configuration
by entering the show interfaces, show protocols, show policy-options, show routing-instances, and show routing-options commands. If the output does
not display the intended configuration, repeat the instructions in
this example to correct the configuration.
user@R4# show interfaces
ge-1/2/0 {
unit 10 {
family inet {
address 10.1.1.10/30;
}
family mpls;
}
}
ge-1/2/1 {
unit 17 {
family inet {
address 10.1.1.17/30;
}
family mpls;
}
}
vt-1/2/0 {
unit 4 {
family inet;
}
}
lo0 {
unit 4 {
family inet {
address 172.16.1.4/32;
}
}
unit 104 {
family inet {
address 172.16.100.4/32;
}
}
}
user@R4# show protocols
rsvp {
interface all {
aggregate;
}
}
mpls {
interface all;
interface ge-1/2/0.10;
}
bgp {
group ibgp {
type internal;
local-address 172.16.1.4;
family inet-vpn {
unicast;
any;
}
family inet-mvpn {
signaling {
damping;
}
}
neighbor 172.16.1.2 {
import dampPolicy;
}
neighbor 172.16.1.5;
}
}
ospf {
traffic-engineering;
area 0.0.0.0 {
interface all;
interface lo0.4 {
passive;
}
interface ge-1/2/0.10;
}
}
ldp {
interface ge-1/2/0.10;
p2mp;
}
user@R4# show policy-options
policy-statement dampPolicy {
term term1 {
from {
family inet-mvpn;
nlri-route-type [ 3 4 5 ];
}
then accept;
}
then {
damping no-damp;
accept;
}
}
policy-statement parent_vpn_routes {
from protocol bgp;
then accept;
}
damping no-damp {
disable;
}
user@R4# show routing-instances
vpn-1 {
instance-type vrf;
interface vt-1/2/0.4;
interface ge-1/2/1.17;
interface lo0.104;
route-distinguisher 100:100;
vrf-target target:1:1;
protocols {
ospf {
export parent_vpn_routes;
area 0.0.0.0 {
interface lo0.104 {
passive;
}
interface ge-1/2/1.17;
}
}
pim {
rp {
static {
address 172.16.100.2;
}
}
interface ge-1/2/1.17 {
mode sparse;
}
}
mvpn;
}
}
user@R4# show routing-optons router-id 172.16.1.4; autonomous-system 1001;
Verification
Confirm that the configuration is working properly.
Verifying That Route Flap Damping Is Disabled
Purpose
Verify the presence of the no-damp policy,
which disables damping for MVPN route types other than 3, 4, and 5.
Action
From operational mode, enter the show policy damping command.
user@R4> show policy damping
Default damping information:
Halflife: 15 minutes
Reuse merit: 750 Suppress/cutoff merit: 3000
Maximum suppress time: 60 minutes
Computed values:
Merit ceiling: 12110
Maximum decay: 6193
Damping information for "no-damp":
Damping disabledMeaning
The output shows that the default damping parameters
are in effect and that the no-damp policy is also in effect
for the specified route types.
Verifying Route Flap Damping
Purpose
Check whether BGP routes have been damped.
Action
From operational mode, enter the show bgp summary command.
user@R4> show bgp summary
Groups: 1 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
bgp.l3vpn.0
6 6 0 0 0 0
bgp.l3vpn.2
0 0 0 0 0 0
bgp.mvpn.0
2 2 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
172.16.1.2 1001 3159 3155 0 0 23:43:47 Establ
bgp.l3vpn.0: 3/3/3/0
bgp.l3vpn.2: 0/0/0/0
bgp.mvpn.0: 1/1/1/0
vpn-1.inet.0: 3/3/3/0
vpn-1.mvpn.0: 1/1/1/0
172.16.1.5 1001 3157 3154 0 0 23:43:40 Establ
bgp.l3vpn.0: 3/3/3/0
bgp.l3vpn.2: 0/0/0/0
bgp.mvpn.0: 1/1/1/0
vpn-1.inet.0: 3/3/3/0
vpn-1.mvpn.0: 1/1/1/0Meaning
The Damp State field shows that zero routes in the bgp.mvpn.0 routing table have been damped. Further down, the last number in the State field shows that zero routes have been damped for BGP peer 172.16.1.2.
Example: Configuring MBGP Multicast VPN Topology Variations
This section describes how to configure multicast virtual private networks (MVPNs) using multiprotocol BGP (MBGP) (next-generation MVPNs).
- Requirements
- Overview and Topology
- Configuring Full Mesh MBGP MVPNs
- Configuring Sender-Only and Receiver-Only Sites Using PIM ASM Provider Tunnels
- Configuring Sender-Only, Receiver-Only, and Sender-Receiver MVPN Sites
- Configuring Hub-and-Spoke MVPNs
Requirements
To implement multiprotocol BGP-based multicast VPNs, auto-RP, bootstrap router (BSR) RP, and PIM dense mode you need JUNOS Release 9.2 or later.
To implement multiprotocol BGP-based multicast VPNs, sender-only sites, and receiver-only sites you need JUNOS Release 8.4 or later.
Overview and Topology
You can configure PIM auto-RP, bootstrap router (BSR) RP, PIM dense mode, and mtrace for next generation multicast VPN networks. Auto-RP uses PIM dense mode to propagate control messages and establish RP mapping. You can configure an auto-RP node in one of three different modes: discovery mode, announce mode, and mapping mode. BSR is the IETF standard for RP establishment. A selected router in a network acts as a BSR, which selects a unique RP for different group ranges. BSR messages are flooded using the data tunnel between PE routers. When you enable PIM dense mode, data packets are forwarded to all interfaces except the incoming interface. Unlike PIM sparse mode, where explicit joins are required for data packets to be transmitted downstream, data packets are flooded to all routers in the routing instance in PIM dense mode.
This section shows you how to configure a MVPN using MBGP. If you have multicast VPNs based on draft-rosen, they will continue to work as before and are not affected by the configuration of MVPNs using MBGP.
The network configuration used for most of the examples in this section is shown in Figure 8.
In the figure, two VPNs, VPN A and VPN B, are serviced by the same provider at several sites, two of which have CE routers for both VPN A and VPN B (site 2 is not shown). The PE routers are shown with VRF tables for the VPN CEs for which they have routing information. It is important to note that no multicast protocols are required between the PE routers on the network. The multicast routing information is carried by MBGP between the PE routers. There may be one or more BGP route reflectors in the network. Both VPNs operate independently and are configured separately.
Both the PE and CE routers run PIM sparse mode and maintain forwarding state information about customer source (C-S) and customer group (C-G) multicast components. CE routers still send a customer's PIM join messages (PIM C-Join) from CE to PE, and from PE to CE, as shown in the figure. But on the provider's backbone network, all multicast information is carried by MBGP. The only addition over and above the unicast VPN configuration normally used is the use of a special provider tunnel (provider-tunnel) for carrying PIM sparse mode message content between provider nodes on the network.
There are several scenarios for MVPN configuration using MBGP, depending on whether a customer site has senders (sources) of multicast traffic, has receivers of multicast traffic, or a mixture of senders and receivers. MVPNs can be:
A full mesh (each MVPN site has both senders and receivers)
A mixture of sender-only and receiver-only sites
A mixture of sender-only, receiver-only, and sender-receiver sites
A hub and spoke (two interfaces between hub PE and hub CE, and all spokes are sender-receiver sites)
Each type of MVPN differs more in the configuration VPN statements than the provider tunnel configuration. For information about configuring VPNs, see the Junos OS VPNs Library for Routing Devices.
Configuring Full Mesh MBGP MVPNs
This example describes how to configure a full mesh MBGP MVPN:
Configuration Steps
Step-by-Step Procedure
In this example, PE-1 connects to VPN A and VPN B at site 1, PE-4 connects to VPN A at site 4, and PE-2 connects to VPN B at site 3. To configure a full mesh MVPN for VPN A and VPN B, perform the following steps:
Configure PE-1 (both VPN A and VPN B at site 1):
[edit] routing-instances { VPN-A { instance-type vrf; interface so-6/0/0.0; interface so-6/0/1.0; provider-tunnel { pim-asm { group-address 224.1.1.1; } } protocols { mvpn; } route-distinguisher 65535:0; vrf-target target:1:1; } VPN-B { instance-type vrf; interface ge-0/3/0.0; provider-tunnel { pim-asm { group-address 224.1.1.2; } } protocols { mvpn; } route-distinguisher 65535:1; vrf-target target:1:2; }Configure PE-4 (VPN A at site 4):
[edit] routing-instances { VPN-A { instance-type vrf; interface so-1/0/0.0; provider-tunnel { pim-asm { group-address 224.1.1.1; } } protocols { mvpn; } route-distinguisher 65535:4; vrf-target target:1:1; }Configure PE-2 (VPN B at site 3):
[edit] routing-instances { VPN-B { instance-type vrf; interface ge-1/3/0.0; provider-tunnel { pim-asm { group-address 224.1.1.2; } } protocols { mvpn; } route-distinguisher 65535:3; vrf-target target:1:2; }
Configuring Sender-Only and Receiver-Only Sites Using PIM ASM Provider Tunnels
This example describes how to configure an MBGP MVPN with a mixture of sender-only and receiver-only sites using PIM-ASM provider tunnels.
Configuration Steps
Step-by-Step Procedure
In this example, PE-1 connects to VPN A (sender-only) and VPN B (receiver-only) at site 1, PE-4 connects to VPN A (receiver-only) at site 4, and PE-2 connects to VPN A (receiver-only) and VPN B (sender-only) at site 3.
To configure an MVPN for a mixture of sender-only and receiver-only sites on VPN A and VPN B, perform the following steps:
Configure PE-1 (VPN A sender-only and VPN B receiver-only at site 1):
[edit] routing-instances { VPN-A { instance-type vrf; interface so-6/0/0.0; interface so-6/0/1.0; provider-tunnel { pim-asm { group-address 224.1.1.1; } } protocols { mvpn { sender-site; route-target { export-target unicast; import-target target target:1:4; } } } route-distinguisher 65535:0; vrf-target target:1:1; routing-options { auto-export; } } VPN-B { instance-type vrf; interface ge-0/3/0.0; provider-tunnel { pim-asm { group-address 224.1.1.2; } } protocols { mvpn { receiver-site; route-target { export-target target target:1:5; import-target unicast; } } } route-distinguisher 65535:1; vrf-target target:1:2; routing-options { auto-export; } }Configure PE-4 (VPN A receiver-only at site 4):
[edit] routing-instances { VPN-A { instance-type vrf; interface so-1/0/0.0; provider-tunnel { pim-asm { group-address 224.1.1.1; } } protocols { mvpn { receiver-site; route-target { export-target target target:1:4; import-target unicast; } } } route-distinguisher 65535:2; vrf-target target:1:1; routing-options { auto-export; } }Configure PE-2 (VPN A receiver-only and VPN B sender-only at site 3):
[edit] routing-instances { VPN-A { instance-type vrf; interface so-2/0/1.0; provider-tunnel { pim-asm { group-address 224.1.1.1; } } protocols { mvpn { receiver-site; route-target { export-target target target:1:4; import-target unicast; } } } route-distinguisher 65535:3; vrf-target target:1:1; routing-options { auto-export; } } VPN-B { instance-type vrf; interface ge–1/3/0.0; provider-tunnel { pim-asm { group-address 224.1.1.2; } } protocols { mvpn { sender-site; route-target { export-target unicast import-target target target:1:5; } } } route-distinguisher 65535:4; vrf-target target:1:2; routing-options { auto-export; } }
Configuring Sender-Only, Receiver-Only, and Sender-Receiver MVPN Sites
This example describes how to configure an MBGP MVPN with a mixture of sender-only, receiver-only, and sender-receiver sites.
Configuration Steps
Step-by-Step Procedure
In this example, PE-1 connects to VPN A (sender-receiver) and VPN B (receiver-only) at site 1, PE-4 connects to VPN A (receiver-only) at site 4, and PE-2 connects to VPN A (sender-only) and VPN B (sender-only) at site 3. To configure an MVPN for a mixture of sender-only, receiver-only, and sender-receiver sites for VPN A and VPN B, perform the following steps:
Configure PE-1 (VPN A sender-receiver and VPN B receiver-only at site 1):
[edit] routing-instances { VPN-A { instance-type vrf; interface so-6/0/0.0; interface so-6/0/1.0; provider-tunnel { pim-asm { group-address 224.1.1.1; } } protocols { mvpn { route-target { export-target unicast target target:1:4; import-target unicast target target:1:4 receiver; } } } route-distinguisher 65535:0; vrf-target target:1:1; routing-options { auto-export; } } VPN-B { instance-type vrf; interface ge-0/3/0.0; provider-tunnel { pim-asm { group-address 224.1.1.2; } } protocols { mvpn { receiver-site; route-target { export-target target target:1:5; import-target unicast; } } } route-distinguisher 65535:1; vrf-target target:1:2; routing-options { auto-export; } }Configure PE-4 (VPN A receiver-only at site 4):
[edit] routing-instances { VPN-A { instance-type vrf; interface so-1/0/0.0; provider-tunnel { pim-asm { group-address 224.1.1.1; } } protocols { mvpn { receiver-site; route-target { export-target target target:1:4; import-target unicast; } } } route-distinguisher 65535:2; vrf-target target:1:1; routing-options { auto-export; } }Configure PE-2 (VPN-A sender-only and VPN-B sender-only at site 3):
[edit] routing-instances { VPN-A { instance-type vrf; interface so-2/0/1.0; provider-tunnel { pim-asm { group-address 224.1.1.1; } } protocols { mvpn { receiver-site; route-target { export-target target target:1:4; import-target unicast; } } } route-distinguisher 65535:3; vrf-target target:1:1; routing-options { auto-export; } } VPN-B { instance-type vrf; interface ge-1/3/0.0; provider-tunnel { pim-asm { group-address 224.1.1.2; } } protocols { mvpn { sender-site; route-target { export-target unicast; import-target target target:1:5; } } } route-distinguisher 65535:4; vrf-target target:1:2; routing-options { auto-export; } }
Configuring Hub-and-Spoke MVPNs
This example describes how to configure an MBGP MVPN in a hub and spoke topology.
Configuration Steps
Step-by-Step Procedure
In this example, which only configures VPN A, PE-1 connects to VPN A (spoke site) at site 1, PE-4 connects to VPN A (hub site) at site 4, and PE-2 connects to VPN A (spoke site) at site 3. Current support is limited to the case where there are two interfaces between the hub site CE and PE. To configure a hub-and-spoke MVPN for VPN A, perform the following steps:
Configure PE-1 for VPN A (spoke site):
[edit] routing-instances { VPN-A { instance-type vrf; interface so-6/0/0.0; interface so-6/0/1.0; provider-tunnel { rsvp-te { label-switched-path-template { default-template; } } } protocols { mvpn { route-target { export-target unicast; import-target unicast target target:1:4; } } } route-distinguisher 65535:0; vrf-target { import target:1:1; export target:1:3; } routing-options { auto-export; } }Configure PE-4 for VPN A (hub site):
[edit] routing-instances { VPN-A-spoke-to-hub { instance-type vrf; interface so-1/0/0.0; #receives data and joins from the CE protocols { mvpn { receiver-site; route-target { export-target target target:1:4; import-target unicast; } } ospf { export redistribute-vpn; #redistributes VPN routes to CE area 0.0.0.0 { interface so-1/0/0; } } } route-distinguisher 65535:2; vrf-target { import target:1:3; } routing-options { auto-export; } } VPN-A-hub-to-spoke { instance-type vrf; interface so-2/0/0.0; #receives data and joins from the CE provider-tunnel { rsvp-te { label-switched-path-template { default-template; } } } protocols { mvpn { sender-site; route-target { import-target target target:1:3; export-target unicast; } } ospf { export redistribute-vpn; #redistributes VPN routes to CE area 0.0.0.0 { interface so-2/0/0; } } } route-distinguisher 65535:2; vrf-target { import target:1:1; } routing-options { auto-export; } }Configure PE-2 for VPN A (spoke site):
[edit] routing-instances { VPN-A { instance-type vrf; interface so-2/0/1.0; provider-tunnel { rsvp-te { label-switched-path-template { default-template; } } } protocols { mvpn { route–target { import-target target target:1:4; export-target unicast; } } } route-distinguisher 65535:3; vrf-target { import target:1:1; export target:1:3; } routing-options { auto-export; } }
Configuring Nonstop Active Routing for BGP Multicast VPN
BGP multicast virtual private network (MVPN) is a Layer 3 VPN application that is built on top of various unicast and multicast routing protocols such as Protocol Independent Multicast (PIM), BGP, RSVP, and LDP. Enabling nonstop active routing (NSR) for BGP MVPN requires that NSR support is enabled for all these protocols.
Before you begin:
Configure the router interfaces. See Interfaces Fundamentals.
Configure an interior gateway protocol or static routing. See the Junos OS Routing Protocols Library.
Configure a multicast group membership protocol (IGMP or MLD). See Understanding IGMP and Understanding MLD.
For this feature to work with IPv6, the routing device must be running Junos OS Release 10.4 or later.
The state maintained by MVPN includes MVPN routes, cmcast, provider-tunnel, and forwarding information. BGP MVPN NSR synchronizes this MVPN state between the primary and backup Routing Engines. While some of the state on the backup Routing Engine is locally built based on the configuration, most of it is built based on triggers from other protocols that MVPN interacts with. The triggers from these protocols are in turn the result of state replication performed by these modules. This includes route change notifications by unicast protocols, join and prune triggers from PIM, remote MVPN route notification by BGP, and provider-tunnel related notifications from RSVP and LDP.
Configuring NSR and unified in-service software upgrade (ISSU) support to the BGP MVPN protocol provides features such as various provider tunnel types, different MVPN modes (source tree, shared-tree), and PIM features. As a result, at the ingress PE, replication is turned on for dynamic LSPs. Thus, when NSR is configured, the state for dynamic LSPs is also replicated to the backup Routing Engine. After the state is resolved on the backup Routing Engine, RSVP sends required notifications to MVPN.
To enable BGP MVPN NSR support, the advertise-from-main-vpn-tables configuration statement needs to be configured at the [edit protocols bgp] hierarchy level.
Nonstop active routing configurations include two Routing Engines that share information so that routing is not interrupted during Routing Engine failover. When NSR is configured on a dual Routing Engine platform, the PIM control state is replicated on both Routing Engines.
This PIM state information includes:
Neighbor relationships
Join and prune information
RP-set information
Synchronization between routes and next hops and the forwarding state between the two Routing Engines
Junos OS supports NSR in the following PIM scenarios:
Dense mode
Sparse mode
SSM
Static RP
Auto-RP (for IPv4 only)
Bootstrap router
Embedded RP on the non-RP router (for IPv6 only)
BFD support
Draft Rosen multicast VPNs and BGP multicast VPNs
Policy features such as neighbor policy, bootstrap router export and import policies, scope policy, flow maps, and reverse path forwarding (RPF) check policies
To configure nonstop active routing:
See Also
vrf-table-label statement allows mapping of the inner label to a specific Virtual Routing and Forwarding (VRF). This mapping allows examination of the encapsulated IP header at an egress VPN router. For SRX Series Firewalls, the vrf-table-label statement is currently supported only on physical interfaces. As a workaround, deactivate vrf-table-label or use physical interfaces.