Configuring Multicast VPN
The Multicast VPN (MVPN) feature provides the ability to support multicast over a Layer 3 VPN. As enterprises extend the reach of their multicast applications, service providers can accommodate them over their Multiprotocol Label Switching (MPLS) core network. IP multicast is used to stream video, voice, and data over an MPLS VPN network core.
Historically, point-to-point tunnels were the only way to connect through a service provider network. Although such tunneled networks tend to have scalability issues, they represented the only means of passing IP multicast traffic through a VPN.
Because Layer 3 VPNs support only unicast traffic connectivity, deploying MPLS in conjunction with a Layer 3 VPN allows service providers to offer both unicast and multicast connectivity to Layer 3 VPN customers.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Configuring Multicast VPN
Enable IP multicast and configure the PIM interfaces using the tasks described in the “Configuring Basic IP Multicast” module.
Restrictions for Configuring Multicast VPN
-
The update source interface for the Border Gateway Protocol (BGP) peerings must be the same for all BGP peerings configured on the device in order for the default multicast distribution tree (MDT) to be configured properly. If you use a loopback address for BGP peering, PIM sparse mode must be enabled on the loopback address.
-
MVPN does not support multiple BGP peering update sources.
-
Multiple BGP update sources are not supported, and configuring them can break MVPN reverse path forwarding (RPF) checking. The source IP address of the MVPN tunnels is determined by the highest IP address used for the BGP peering update source. If this IP address is not the IP address used as the BGP peering address with the remote provider edge (PE) device, MVPN will not function properly.
Information About Configuring Multicast VPN
Multicast VPN Operation
MVPN IP allows a service provider to configure and support multicast traffic in an MPLS VPN environment. This feature supports routing and forwarding of multicast packets for each individual VRF instance, and it also provides a mechanism to transport VPN multicast packets across the service provider backbone.
A VPN is network connectivity across a shared infrastructure, such as an ISP. Its function is to provide the same policies and performance as a private network, at a reduced cost of ownership, thus creating many opportunities for cost savings through operations and infrastructure.
An MVPN allows an enterprise to transparently interconnect its private network across the network backbone of a service provider. The use of an MVPN to interconnect an enterprise network in this way does not change the way that enterprise network is administered, nor does it change general enterprise connectivity.
Benefits of Multicast VPN
-
Provides a scalable method to dynamically send information to multiple locations.
-
Provides high-speed information delivery.
-
Provides connectivity through a shared infrastructure.
Multicast VPN Routing and Forwarding and Multicast Domains
MVPN introduces multicast routing information to the VPN routing and forwarding table. When a provider edge (PE) device receives multicast data or control packets from a customer edge (CE) router, forwarding is performed according to the information in the Multicast VPN routing and forwarding instance (MVRF). MVPN does not use label switching.
A set of MVRFs that can send multicast traffic to each other constitutes a multicast domain. For example, the multicast domain for a customer that wanted to send certain types of multicast traffic to all global employees would consist of all CE routers associated with that enterprise.
Multicast Distribution Trees
MVPN establishes a static default multicast distribution tree (MDT) for each multicast domain. The default MDT defines the path used by PE routers to send multicast data and control messages to every other PE router in the multicast domain.
If Source Specific Multicast (SSM) is used as the core multicast routing protocol, the multicast IP addresses used for the default and data MDT must be configured within the SSM range on all PE routers.
MVPN also supports the dynamic creation of MDTs for high-bandwidth transmission. Data MDTs are a feature unique to Cisco IOS software. Data MDTs are intended for high-bandwidth sources such as full-motion video inside the VPN to ensure optimal traffic forwarding in the MPLS VPN core. The threshold at which the data MDT is created can be configured on a per-router or a per-VRF basis. When the multicast transmission exceeds the defined threshold, the sending PE router creates the data MDT and sends a UDP message, which contains information about the data MDT, to all routers on the default MDT. The statistics to determine whether a multicast stream has exceeded the data MDT threshold are examined once every second. After a PE router sends the UDP message, it waits 3 more seconds before switching over; 13 seconds is the worst case switchover time, and 3 seconds is the best case.
Data MDTs are created only for (S, G) multicast route entries within the VRF multicast routing table. They are not created for (*, G) entries regardless of the value of the individual source data rate.
In the following example, a service provider has a multicast customer with offices in San Jose, New York, and Dallas. A one-way multicast presentation is occurring in San Jose. The service provider network supports all three sites associated with this customer, in addition to the Houston site of a different enterprise customer.
The default MDT for the enterprise customer consists of provider routers P1, P2, and P3 and their associated PE routers. PE4 is not part of the default MDT, because it is associated with a different customer. The figure shows that no data flows along the default MDT, because no one outside of San Jose has joined the multicast.
This image aem://wemapp-author-prod1a.cisco.com//content/dam/en/us/td/i/100001-200000/120001-130000/121001-122000/121860.jpg is not available in preview/cisco.com
An employee in New York joins the multicast session. The PE router associated with the New York site sends a join request that flows across the default MDT for the multicast domain of the customer. PE1, the PE router associated with the multicast session source, receives the request. The figure depicts that the PE router forwards the request to the CE router associated with the multicast source (CE1a).
This image aem://wemapp-author-prod1a.cisco.com//content/dam/en/us/td/i/100001-200000/120001-130000/121001-122000/121861.jpg is not available in preview/cisco.com
The CE router (CE1a) begins to send the multicast data to the associated PE router (PE1), which sends the multicast data along the default MDT. Immediately sending the multicast data, PE1 recognizes that the multicast data exceeds the bandwidth threshold for which a data MDT should be created. Therefore, PE1 creates a data MDT, sends a message to all routers using the default MDT, which contains information about the data MDT, and, three seconds later, begins sending the multicast data for that particular stream using the data MDT. Only PE2 has interested receivers for this source, so only PE2 will join the data MDT and receive traffic on it.
PE routers maintain a PIM relationship with other PE routers over the default MDT and a PIM relationship with directly attached PE routers.
Multicast Tunnel Interface
An MVRF, which is created per multicast domain, requires the device to create a tunnel interface from which all MVRF traffic is sourced. A multicast tunnel interface is an interface that the MVRF uses to access the multicast domain. It can be thought of as a conduit that connects an MVRF and the global MVRF. One tunnel interface is created per MVRF.
MDT Address Family in BGP for Multicast VPN
The mdt keyword has been added to the address-family ipv4 command to configure an MDT address-family session. MDT address-family sessions are used to pass the source PE address and MDT group address to PIM using Border Gateway Protocol (BGP) MDT Subaddress Family Identifier (SAFI) updates.
BGP Advertisement Methods for Multicast VPN Support
In a single autonomous system, if the default MDT for an MVPN is using PIM sparse mode (PIM-SM) with a rendezvous point (RP), then PIM is able to establish adjacencies over the Multicast Tunnel Interface (MTI) because the source PE and receiver PE discover each other through the RP. In this scenario, the local PE (the source PE) sends register messages to the RP, which then builds a shortest-path tree (SPT) toward the source PE. The remote PE, which acts as a receiver for the MDT multicast group, then sends (*, G) joins toward the RP and joins the distribution tree for that group.
However, if the default MDT group is configured in a PIM Source Specific Multicast (PIM-SSM) environment rather than a PIM-SM environment, the receiver PE needs information about the source PE and the default MDT group. This information is used to send (S, G) joins toward the source PE to build a distribution tree from the source PE (without the need for an RP). The source PE address and default MDT group address are sent using BGP.
BGP Extended Community
When BGP extended communities are used, the PE loopback (source address) information is sent as a VPNv4 prefix using Route Distinguisher (RD) Type 2 (to distinguish it from unicast VPNv4 prefixes). The MDT group address is carried in a BGP extended community. Using a combination of the embedded source in the VPNv4 address and the group in the extended community, PE routers in the same MVRF instance can establish SSM trees to each other.
 Note |
Prior to the introduction of MDT SAFI support, the BGP extended community attribute was used as an interim solution to advertise the IP address of the source PE and default MDT group before IETF standardization. A BGP extended community attribute in an MVPN environment, however, has certain limitations: it cannot be used in inter-AS scenarios (because the attribute is nontransitive), and it uses RD Type 2 (which is not a supported standard). |
How to Configure Multicast VPN
Configuring the Data Multicast Group
A data MDT group can include a maximum of 256 multicast groups per VPN per VRF per PE device. Multicast groups used to create the data MDT group are dynamically chosen from a pool of configured IP addresses. Use the following procedure to configure data multicast group on the device.
SUMMARY STEPS
- enable
- configure terminal
- vrf definition vrf-name
- rd route-distinguisher
- route-target both ASN:nn or IP-address:nn
- address family ipv4 unicast value
- mdt default group-address
- mdt data group number
- mdt data threshold kbps
- mdt log-reuse
- end
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
| Step 2 |
configure terminal Example: |
Enters global configuration mode. |
| Step 3 |
vrf definition vrf-name Example: |
Enters VRF configuration mode and defines the VPN routing instance by assigning a VRF name. |
| Step 4 |
rd route-distinguisher Example: |
Creates routing and forwarding tables for a VRF.
|
| Step 5 |
route-target both ASN:nn or IP-address:nn Example: |
Creates a route-target extended community for a VRF. The both keyword specifies to import both import and export routing information to the target VPN extended community. |
| Step 6 |
address family ipv4 unicast value Example: |
Enters VRF address family configuration mode to specify an address family for a VRF.
|
| Step 7 |
mdt default group-address Example: |
Configures the multicast group address range for data MDT groups for a VRF.
|
| Step 8 |
mdt data group number Example: |
Specifies a range of addresses to be used in the data MDT pool. |
| Step 9 |
mdt data threshold kbps Example: |
Specifies the threshold in kbps. The range is from 1 to 4294967. |
| Step 10 |
mdt log-reuse Example: |
(Optional) Enables the recording of data MDT reuse and generates a syslog message when a data MDT has been reused. |
| Step 11 |
end Example: |
Returns to privileged EXEC mode. |
Configuring a Default MDT Group for a VRF
Perform this task to configure a default MDT group for a VRF.
The default MDT group must be the same group configured on all devices that belong to the same VPN. The source IP address will be the address used to source the BGP sessions.
SUMMARY STEPS
- enable
- configure terminal
- ip multicast-routing
- ip multicast-routing vrf vrf-name
- vrf definition vrf-name
- rd route-distinguisher
- route-target both ASN:nn or IP-address:nn
- address family ipv4 unicast value
- mdt default group-address
- end
- configure terminal
- ip pim vrf vrf-name rp-address value
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
| Step 2 |
configure terminal Example: |
Enters global configuration mode. |
| Step 3 |
ip multicast-routing Example: |
Enables multicast routing. |
| Step 4 |
ip multicast-routing vrf vrf-name Example: |
Supports the MVPN VRF instance. |
| Step 5 |
vrf definition vrf-name Example: |
Enters VRF configuration mode and defines the VPN routing instance by assigning a VRF name. |
| Step 6 |
rd route-distinguisher Example: |
Creates routing and forwarding tables for a VRF.
|
| Step 7 |
route-target both ASN:nn or IP-address:nn Example: |
Creates a route-target extended community for a VRF. The both keyword specifies to import both import and export routing information to the target VPN extended community. |
| Step 8 |
address family ipv4 unicast value Example: |
Enters VRF address family configuration mode to specify an address family for a VRF.
|
| Step 9 |
mdt default group-address Example: |
Configures the multicast group address range for data MDT groups for a VRF.
|
| Step 10 |
end Example: |
Returns to privileged EXEC mode. |
| Step 11 |
configure terminal Example: |
Enters global configuration mode. |
| Step 12 |
ip pim vrf vrf-name rp-address value Example: |
Enters the RP configuration mode. |
Configuring the MDT Address Family in BGP for Multicast VPN
Perform this task to configure an MDT address family session on PE devices to establish MDT peering sessions for MVPN.
Before you begin
Before MVPN peering can be established through an MDT address family, MPLS and Cisco Express Forwarding (CEF) must be configured in the BGP network and multiprotocol BGP on PE devices that provide VPN services to CE devices.
Note |
The following policy configuration parameters are not supported:
|
SUMMARY STEPS
- enable
- configure terminal
- router bgp as-number
- address-family ipv4 mdt
- neighbor neighbor-address activate
- neighbor neighbor-address send-community [both | extended | standard]
- exit
- address-family vpnv4
- neighbor neighbor-address activate
- neighbor neighbor-address send-community [both | extended | standard]
- end
DETAILED STEPS
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
| Step 2 |
configure terminal Example: |
Enters global configuration mode. |
| Step 3 |
router bgp as-number Example: |
Enters router configuration mode and creates a BGP routing process. |
| Step 4 |
address-family ipv4 mdt Example: |
Enters address family configuration mode to create an IP MDT address family session. |
| Step 5 |
neighbor neighbor-address activate Example: |
Enables the MDT address family for this neighbor. |
| Step 6 |
neighbor neighbor-address send-community [both | extended | standard] Example: |
Enables community and (or) extended community exchange with the specified neighbor. |
| Step 7 |
exit Example: |
Exits address family configuration mode and returns to router configuration mode. |
| Step 8 |
address-family vpnv4 Example: |
Enters address family configuration mode to create a VPNv4 address family session. |
| Step 9 |
neighbor neighbor-address activate Example: |
Enables the VPNv4 address family for this neighbor. |
| Step 10 |
neighbor neighbor-address send-community [both | extended | standard] Example: |
Enables community and (or) extended community exchange with the specified neighbor. |
| Step 11 |
end Example: |
Exits address family configuration mode and enters privileged EXEC mode. |
Verifying Information for the MDT Default Group
SUMMARY STEPS
- enable
- show ip pim [vrf vrf-name ] mdt bgp
- show ip pim [vrf vrf-name ] mdt send
- show ip pim vrf vrf-name mdt history interval minutes
DETAILED STEPS
| Step 1 |
enable Example:Enables privileged EXEC mode.
|
| Step 2 |
show ip pim [vrf vrf-name ] mdt bgp Example:Displays information about the BGP advertisement of the RD for the MDT default group. |
| Step 3 |
show ip pim [vrf vrf-name ] mdt send Example:Displays detailed information about the MDT data group incluidng MDT advertisements that the specified device has made. |
| Step 4 |
show ip pim vrf vrf-name mdt history interval minutes Example:Displays the data MDTs that have been reused during the past configured interval. |
Configuration Examples for Multicast VPN
Example: Configuring MVPN and SSM
In the following example, PIM-SSM is configured in the backbone. Therefore, the default and data MDT groups are configured within the SSM range of IP addresses. Inside the VPN, PIM-SM is configured and only Auto-RP announcements are accepted.
ip vrf vrf1
rd 1:1
route-target export 1:1
route-target import 1:1
mdt default 232.0.0.1
mdt data 232.0.1.0 0.0.0.255 threshold 500 list 101
!
ip pim ssm default
ip pim vrf vrf1 accept-rp auto-rp Example: Enabling a VPN for Multicast Routing
In the following example, multicast routing is enabled with a VPN routing instance named vrf1:
ip multicast-routing vrf1 Example: Configuring the Multicast Group Address Range for Data MDT Groups
In the following example, the VPN routing instance is assigned a VRF named blue. The MDT default group for a VPN VRF is 239.1.1.1, and the multicast group address range for MDT groups is 239.1.2.0 with wildcard bits of 0.0.0.3:
ip vrf blue
rd 55:1111
route-target both 55:1111
mdt default 239.1.1.1
mdt data 239.1.2.0 0.0.0.3
end Example: Limiting the Number of Multicast Routes
In the following example, the number of multicast routes that can be added to a multicast routing table is set to 200,000 and the threshold value of the number of mroutes that will cause a warning message to occur is set to 20,000:
!
ip multicast-routing
ip multicast-routing vrf cisco
ip multicast cache-headers
ip multicast route-limit 200000 20000
ip multicast vrf cisco route-limit 200000 20000
no mpls traffic-eng auto-bw timers frequency 0
! Additional References for Configuring Multicast VPN
Related Documents
|
Related Topic |
Document Title |
|---|---|
|
For complete syntax and usage information for the commands used in this chapter. |
Technical Assistance
|
Description |
Link |
|---|---|
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for Configuring Multicast VPN
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
|
Release |
Modification |
|---|
Feedback