Re: SD Access multicast with extranet policy - Page 2

KevinR99 · ‎03-22-2024

Hi

Are there any special considerations needed for SD Access multicast when you’ve deployed an extranet policy. I’m doing some testing and previously got intra-VN multicast routing working fine. Now I have deployed an extranet policy to use the Infra VN as the provider and my Corp VN as the subscriber. Routing is fine. I can exit the fabric via my infra L3 handoff from the Corp VN. However, my initial attempt at multicast is failing. I’ve defined my Borders as the anycast RP in both the underlay and the Corp VN and am using msdp between the borders. As an initial test I have a client (switch with join-group) configured on an SVI outside the fabric. I then have a sender in the Corp VN. TBH I have only done initial setup and not done any extensive troubleshooting but I’m just wondering if this is a valid setup, client outside fabric via infra and sender in the fabric in a subscriber VN or even the other way round. Or am I trying to setup and troubleshoot something that either needs extra config or isn’t even supported?

Thanks for any input, Kev.

jedolphi · ‎03-25-2024

When you engage the SDA multicast configuration workflow it asks if you wish to have an RP inside the fabric or RP outside the fabric. If you choose to have RP inside fabric and there is an existing/legacy RP outside fabric then yes you need to establish MSDP between fabric RPs and the external RPs.

Another option is to have pure RP outside the fabric, in which case there is no RP inside fabric, thus no MSDP from fabric RP to external RP. Some people prefer this option because it's a simpler design, the downside is the multicast traffic has more hops to traverse in the shared tree, but if the links to the external RP are high capacity then this is a minor concern.

KevinR99 · ‎03-26-2024

That description is exactly what I thought. External RP only seems to be the easiest option and what I want but it just won’t work. I can get purely fabric RPs working with both my Borders and fabric RP with external RP and msdp working. However, purely external doesn’t work even though it would seem to be the simplest. Select external RP in the workflow, define your rp, ensure it is reachable from the fabric devices in the multicast VN, add the group mapping to the RP. In my case 239.0.0.0/8. I will do more testing.

Andrii Oliinyk · ‎03-26-2024

" I can get purely fabric RPs working with both my Borders and fabric RP with external RP and msdp working. "
can you bring output of "show ip msdp vrf <your-vrf> summary" & show external RP in there ?

jedolphi · ‎03-26-2024

T/shooting multicast routing not exactly the easiest thing you could choose to do with your time! (not an SDA specific jibe, just general to multicast routing). Stab in the dark here, in a pure external RP scenario, you need to make sure PIM-SM is configured on all hops between your external RP and SDA Border Nodes, including BN external interfaces. All those hops need to reference the external RP IP address (static RP config is easiest). And all hops between SDA and external RP need RIB entries for SDA user subnets for successful RPF checks.

finn29 · ‎03-25-2024

When dealing with SD Access multicast and extranet policies, ensure your configuration is accurate, including RP settings and MSDP between border nodes. Understand how extranet policies impact multicast traffic and verify that border nodes are configured to handle multicast between VNIs.

jalejand · ‎03-26-2024

Tshooting Multicast can be challenging specially on a forum as it requires validation in several pieces of the network. If you decide to open a case for this on TAC, feel free to include my name /username on the case, I can gladly assist you on this one in PST timezone.

KevinR99 · ‎03-27-2024

I’ve resolved the issue but not quite sure why. Perhaps it’s a platform issue or a code bug but I moved my sender from a 9200 to a 9300 and it’s all working perfectly now. External sp only. Sender in the fabric, receiver outside but all in or reachable in the same VN.

Thanks for all the input. K.

jedolphi · ‎03-27-2024

Well done Kevin. It should also work fine on 9200 Fabric Edge Node. Check underlay PIM and multicast-related configs for consistency or raise TAC case if you like. Good luck.