cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
691
Views
4
Helpful
3
Replies

Multicast support in single vrf

johnelliot6
Level 2
Level 2

Hi,

We have a client wanting us to support multicast across our network(They have multiple tails in single vrf, connected to our P/PE's(All 7200's)

(Customer is running there own RP)

As we are only provding multicast support to a single customer, On our P/PE routers is it still necessary to enable multicast routing globally, MP-BGP Loop Interfaces and tag-switching/mpls interfaces? (I'm guessing it would be as the client has tails terminating on multiple P/PE's?)

i.e.

Loop0 is MP-BGP loop

Router-PE1(config)#ip multicast-routing
Router-PE1(config)#interface Loopback0
Router-PE1(config-if)#ip address 10.0.0.2 255.255.255.255
Router-PE1(config-if)#ip pim sparse-dense-mode
Router-PE1(config-if)#exit

Router-PE1(config)#interface FastEth2/0
Router-PE1(config-if)#ip address 10.1.1.13 255.255.255.252
Router-PE1(config-if)#ip pim sparse-dense-mode
Router-PE1(config-if)#tag-switching ip

Or, is it sufficient to enable it only within the vrf, and all Interfaces in that vrf?

Router-PE1(config)#ip multicast-routing vrf NetworkA
Router-PE1(config)#ip vrf NetworkA
Router-PE1(config-vrf)#rd 100:1
Router-PE1(config-vrf)#route-target export 100:1
Router-PE1(config-vrf)#route-target import 100:1
Router-PE1(config-vrf)#mdt default 239.100.100.1

Router-PE1(config)#interface Ethernet0/0.99
Router-PE1(config-if)#description connection to customer A, site 1
Router-PE1(config-if)#encapsualtion dot1q 99
Router-PE1(config-if)#ip vrf forwarding NetworkA
Router-PE1(config-if)#ip address 192.168.1.1 255.255.255.0
Router-PE1(config-if)#ip pim sparse-dense-mode

Also, is the mdt default IP an address that we (client+provider) agree on?

Thanks in advance.

3 Replies 3

Atif Awan
Cisco Employee
Cisco Employee

johnelliot6 wrote:

Hi,

We have a client wanting us to support multicast across our network(They have multiple tails in single vrf, connected to our P/PE's(All 7200's)

(Customer is running there own RP)

As we are only provding multicast support to a single customer, On our P/PE routers is it still necessary to enable multicast routing globally, MP-BGP Loop Interfaces and tag-switching/mpls interfaces? (I'm guessing it would be as the client has tails terminating on multiple P/PE's?)

i.e.

Loop0 is MP-BGP loop

Router-PE1(config)#ip multicast-routing
Router-PE1(config)#interface Loopback0
Router-PE1(config-if)#ip address 10.0.0.2 255.255.255.255
Router-PE1(config-if)#ip pim sparse-dense-mode
Router-PE1(config-if)#exit

Router-PE1(config)#interface FastEth2/0
Router-PE1(config-if)#ip address 10.1.1.13 255.255.255.252
Router-PE1(config-if)#ip pim sparse-dense-mode
Router-PE1(config-if)#tag-switching ip

Or, is it sufficient to enable it only within the vrf, and all Interfaces in that vrf?

Router-PE1(config)#ip multicast-routing vrf NetworkA
Router-PE1(config)#ip vrf NetworkA
Router-PE1(config-vrf)#rd 100:1
Router-PE1(config-vrf)#route-target export 100:1
Router-PE1(config-vrf)#route-target import 100:1
Router-PE1(config-vrf)#mdt default 239.100.100.1

Router-PE1(config)#interface Ethernet0/0.99
Router-PE1(config-if)#description connection to customer A, site 1
Router-PE1(config-if)#encapsualtion dot1q 99
Router-PE1(config-if)#ip vrf forwarding NetworkA
Router-PE1(config-if)#ip address 192.168.1.1 255.255.255.0
Router-PE1(config-if)#ip pim sparse-dense-mode

Also, is the mdt default IP an address that we (client+provider) agree on?

Thanks in advance.

If you want to provide mVPN service across your network, which appears to be the case, then you will need to configure your IP/MPLS core for this. Choose an appropriate PIM variant (SSM, SM, Bidir) for your core to allow the customer multicast traffic to be appropriately handled within your core. The VRF multicast configuration itself only configures the PE to speak PIM with the customer and unless you have your core multicast enabled the multicast traffic will not be carried across the core as it relies on encapsulating customer multicast in GRE which is then sent to your core multicast groups that respective PEs have joined. The MDT groups (default / data) are not required to be synchronized with customers. Just make sure that you use unique groups per VRF that requires multicast.

Atif

Thanks very much!

Client is using sparse mode on all there CE Interfaces, so would we then just configure

ip pim sparse-mode

Under each Interface?

Is there any benefits to running sparse-dense mode?

Client also has a number of dsl tails in this vrf(P/PE's are also LNS's) - Would a cisco-avpair reply attribute in radius for specific users like this be sufficient?

cisco-avpair="lcp:interface-config=ip pim sparse-mode"

Also, should we expect any noticable load increase on our core from enabling this?(And are there any "best-practice" security policies we should be implementing for multicast?

johnelliot6 wrote:

Thanks very much!

Client is using sparse mode on all there CE Interfaces, so would we then just configure

ip pim sparse-mode

Under each Interface?

Is there any benefits to running sparse-dense mode?

Client also has a number of dsl tails in this vrf(P/PE's are also LNS's) - Would a cisco-avpair reply attribute in radius for specific users like this be sufficient?

cisco-avpair="lcp:interface-config=ip pim sparse-mode"

Also, should we expect any noticable load increase on our core from enabling this?(And are there any "best-practice" security policies we should be implementing for multicast?

John,

How you configure multicast for the VRF depends on how customer has it deployed. If they are using PIM sparse mode with bsr then all you need to do is to configure 'ip pim sparse-mode' under the VRF interface along with the other VRF multicast global commands. Sparse-dense mode is normally used when auto-rp is being used for RP discovery/propagation. If customer is using static RP then you will need to configure 'ip pim vrf rp-address x.x.x.x' command instead.

Is multicast required to be extended to the DSL tails? If yes then depending on how you have it configured you can either return the attribute you mentioned or probably make it a part of the virtual-template config.

Multicast, like other technologies, does need to be secured to protect your core devices. I will suggest you read the basic multicast security guidelines first at:

http://www.cisco.com/web/about/security/intelligence/multicast_toolkit.html

Regarding the CPU load it is difficult to predict for software based platforms like the 7200 without scale testing. Even then the numbers can potentially change depending on your environment specific variables. I will let someone with experience with running mVPN on 7200s chime in as I personally have worked with platforms that support this feature in hardware.

Atif