cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8103
Views
48
Helpful
20
Replies
Highlighted
Contributor

Multicast over DMVPN

I'm working on a network to support VHF radios transceivers. The backbone uses DMVPN, and requires Multicast for base station discovery and replication of voice traffic between base stations connected to the DMVPN.

Each base acts as both a Mutlicast source and receiver, I'm trying to figure out how best to set up the network to support this requirement.

Any guidance gratefully received!

The DMVPN is up and working, unicast flows are operational. Its optimal set up of the Multicast I'm not clear on.

Andy

20 REPLIES 20
Highlighted
Advisor

DMVPN these days is known as iWAN (and it has evolved a bit).

This is Cisco's validated design guide for iWAN, and it includes a validated multicast configuration.  Treat this as your bible.

http://www.cisco.com/c/dam/en/us/td/docs/solutions/CVD/Jan2015/CVD-IWANDesignGuide-JAN15.pdf

Highlighted

Thanks Philip for that, a very interesting document.

I think I didn't phrase my question correctly initially. My DMVPN is up and working, at least for unicast flows.

What I'm struggling with is how to get multicast streams from sources behind the spoke routers. In this application all sites generate multicast streams.

In this situation I understood that spoke to spoke streams go via the hub site, is that correct? I realise this has a performance hit on the hub site, but these streams are low bandwidth speech, so I don't expect too much impact.

How do I need to set up the hub to permit these the spoke sites to source mcast streams and for other spokes to join them? Does DMVPN do this by default or do I have to specifically enable this at the hub?

All interfaces are set for sparse mode, with static RP at the hub, and the RP is advertised in EIGRP, so visible at each site.

It may be that the problem I'm looking has nothing to do with the DMVPN, but I want to verify that my solution should have a chance of working.

Andy

Highlighted

Hi Andy

I'm working in the same solution and I'm at the same point of you. All spokes works but not multicast between them. I test the same using conventional tunnels and works great.

Even i can ping each VIF. But when I add a third router the OSPF goes crazy and keep adding and deleting routes.

Do you make it work?

Best regards

Highlighted

Hi Philip

I get it work using other DMVPN guide a little bit old because I'm not be able to run ios 15.

Works but I have some IGMP or route problem. Because all the spokes can upload multicast to HUB, the HUB download to all the spokes but not between them, I mean if one spoke upload multicast this arrive only to the HUB. Spoke to Spoke multicast don't work.

So, I suspects that my OSPF policy is wrong, or I need to enable the loopback interface at the HUB to use to replicate the multicast and send to all the spokes.

In few words I'm close to success but I little more reading is needing :)

This multicast service is very very particular from the LMR services, I try to get some in IPICs documentation.

Best Regards

Frank 

Highlighted

Which multicast routing protocol are you using?

Highlighted

I'm using OSPF I always use it for LMR.

Now at the Dynamic Multipoint VPN (DMVPN) 1.1 Design Guide:

"IPmc over DMVPN works in a hub-and-spoke deployment when all of the speakers are behind the NHRP hub router, providing the number of joined branches does not exceed the RxRing limit of the encryption engine. If an IPmc stream originates from a branch location, only clients at the hub location are able to receive the stream."

....I'm think that I reach the limit of DMVPN and multicast....

I'm keep reading...

Highlighted

That does not sound good.  I have a potential idea but it would only work if there were a small number of spokes.  How many spokes do you have, roughly?

Highlighted

"Spoke-to-spoke DMVPN networks present a unique challenge because the spokes cannot directly exchange information with one another, even though they are on the same logical network. This inability to directly exchange information can also cause problems when running IP Multicast.
To resolve this issue requires a method where each remote PIM neighbor has its join messages tracked separately. A router in PIM NBMA mode treats each remote PIM neighbor as if it were connected to the router through a point-to-point link"

I'm testing but all the cms runs even I'm using an old ios may be can be done. The document confuse me a little because when it talks about HUB then shows (I think) the SPOKE cmd. It's not prety clear where goes each.

There are few of them (8-12), the challenge is link all of them using hostnames and not fixed IP, this is the only reason that I decide to use DMVPN.

If I can set gre tunnels using hostnames will be great!

Best Regards!

Highlighted

This bit suggests to me that it should act like simple GRE tunnels.

A router in PIM NBMA mode treats each remote PIM neighbor as if it were connected to the router through a point-to-point link

Another interest experiment you could try is to put the spokes into "point to point" mode, with DMVPN.  To do this, on the spoke, remove the " tunnel mode gre multipoint" line from the tunnel, and add a "tunnel destination" like normal.  DMVPN will still work, but it absolutely forces all traffic back to the hub first, plus provides the spoke with what looks like a point to point tunnel.

You might need to also add " ip nhrp server-only" to the spoke tunnel.

Another experiment you could try, is to use a separate DMVPN for every spoke on the hub. and make the spoke tunnels point to point, like above.  This would give you something that looks like a point to point tunnel for every branch, but that can handle dynamic IP addressing.  You could try this with two spokes first to see how it goes.

Highlighted

Hi Philip!

Is nice have a lot of options and ways to implement this solution.

I will test each and let all know what I will use finally.

Best regards!!

Highlighted

I'm missing something in the igmp config. So I decide first test the join mechanism of the multicast group without any tunnel or vpn.

Setting sparse-dense-mode and OSPF the multicast works great and the solution come up. 

Changing to sparse mode and using igmp 3 I get the same group state.

IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter Group Accounted
239.255.255.250 FastEthernet0/0 00:24:46 00:02:10 192.168.1.1
239.27.0.8 Vif1 00:10:25 stopped 0.0.0.0
224.0.1.40 Vif1 00:24:54 stopped 10.164.0.1

But the solution do not come up, is not multicast over the network.

I miss something ...

Highlighted

Some basic multicast troubleshooting step:

1, can you ping the RP address on the hub from the LAN interface on a spoke?

2, If you are using static RP's (keep it simple!) does your spoke have a config entry for the RP? Also check the multicast group is allowed by any ACL this entry auto created:

ip pim rp-address 10.1.1.255 MULTICAST

ip access-list standard MULTICAST
 permit 239.255.0.0 0.0.255.255

3, start your multicast stream, check the ipmroute table on the local router to make sure there is a S,G entry, which will be <source ip>, <mcast group ip>

4, at the spoke try to join the stream, the spoke router should create an entry under " sh ip igmp group" if it does, look at the ipmroute table, do you see an S,G entry created for the source to host multicast stream?

I use VLC for testing multicast, take a look at http://peakdrive.com/?p=440 for more info, or ask here

Let me know you get on. I've just set this up last night!

Andy

Highlighted

Just one odd issue that might be relevant, I was testing with Win 7 PC's, and found that on my IOS the IGMP v3 join was ignored by the 2811 I was using. But if I swapped that for a later router (867VAE) the win 7 IGMP v3 join was accepted!

Go figure that one. The 2811's work fine with the digital radios and IGMP v3, so I'm not too concerned about this, I found whilst testing with VLC to multicast a video stream.

Highlighted

I installed several LMR solutions with several routers models with great results.

Some new IP LMR radio devices do not have the audio codecs complexity that an old router from cisco always had.

I always use it in a private wan so I never use VPN connections apply to this solution.

If you want mail me and we talk about this LMR & cisco.

Mail Me