Guest

Networking Software (IOS & NX-OS)

Configuring Multicast VPN

 Feedback

Table Of Contents

Configuring Multicast VPN

Contents

Prerequisites for Configuring Multicast VPN

Restrictions for Configuring Multicast VPN

Information About Configuring Multicast VPN

Multicast VPN Operation

Benefits of Multicast VPN

Multicast VPN Routing and Forwarding and Multicast Domains

Multicast Distribution Trees

Multicast Tunnel Interface

Multicast Distributed Switching Support for Multicast VPN

MDT Address Family in BGP for Multicast VPN

BGP Advertisement Methods for Multicast VPN Support

Auto-Migration to the MDT SAFI

Guidelines for Configuring the MDT SAFI

Guidelines for Upgrading a Network to Support the MDT SAFI

Supported Policy

How to Configure Multicast VPN

Configuring a Default MDT Group for a VRF

Configuring the MDT Address Family in BGP for Multicast VPN

Prerequisites

Restrictions

Configuring the Data Multicast Group

Prerequisites

Configuring Multicast Routes and Information

Prerequisites

Verifying Information for the MDT Default Group

Configuration Examples for Multicast VPN

Configuring MVPN and SSM: Example

Enabling a VPN for Multicast Routing: Example

Configuring the MDT Address Family in BGP for Multicast VPN: Example

Configuring the Multicast Group Address Range for Data MDT Groups: Example

Configuring the IP Source Address of Register Messages: Example

Configuring an MSDP Peer: Example

Limiting the Number of Multicast Routes: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Feature Information for Configuring Multicast VPN


Configuring Multicast VPN


First Published: May 2, 2005
Last Updated: July 30, 2010

The Multicast VPN (MVPN) feature provides the ability to support multicast over a Layer 3 Virtual Private Network (VPN). As enterprises extend the reach of their multicast applications, service providers can accommodate these enterprises over their Multiprotocol Label Switching (MPLS) core network. IP multicast is used to stream video, voice, and data to an MPLS VPN network core.

Historically, point-to-point tunnels were the only way to connect through a service provider network. Although such tunneled networks tend to have scalability issues, they represented the only means of passing IP multicast traffic through a VPN.

Because Layer 3 VPNs support only unicast traffic connectivity, deploying in conjunction with a Layer 3 VPN allows service providers to offer both unicast and multicast connectivity to Layer 3 VPN customers.

Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for Configuring Multicast VPN" section.

Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for Configuring Multicast VPN

Restrictions for Configuring Multicast VPN

Information About Configuring Multicast VPN

How to Configure Multicast VPN

Configuration Examples for Multicast VPN

Additional References

Feature Information for Configuring Multicast VPN

Prerequisites for Configuring Multicast VPN

Before performing the tasks in this module, you should be familiar with the concepts described in "IP Multicast Technology Overview" module.

The tasks in this module assume that IP multicasting has been enabled and that the Protocol Independent Multicast (PIM) interfaces have been configured using the tasks described in "Configuring Basic IP Multicast" module.

Restrictions for Configuring Multicast VPN

The update source interface for the Border Gateway Protocol (BGP) peerings must be the same for all BGP peerings configured on the router in order for the default MDT to be configured properly. If you use a loopback address for BGP peering, then PIM sparse mode must be enabled on the loopback address.

The ip mroute-cache command must be enabled on the loopback interface used as the BGP peering interface in order for distributed multicast switching to function on the platforms that support it. The no ip mroute-cache command must not be present on these interfaces.

MVPN does not support multiple BGP peering update sources.

Data MDTs are not created for VPN routing and forwarding instance (VRF) PIM dense mode multicast streams because of the flood and prune nature of dense mode multicast flows and the resulting periodic bring-up and tear-down of such data MDTs.

Multiple BGP update sources are not supported and configuring them can break MVPN reverse path forwarding (RPF) checking. The source IP address of the MVPN tunnels is determined by the highest IP address used for the BGP peering update source. If this IP address is not the IP address used as the BGP peering address with the remote Provider Edge (PE) router, MVPN will not function properly.

Information About Configuring Multicast VPN

Before you configure MVPN, you should understand the following concepts:

Multicast VPN Operation

Benefits of Multicast VPN

Multicast VPN Routing and Forwarding and Multicast Domains

Multicast Distribution Trees

Multicast Tunnel Interface

Multicast Distributed Switching Support for Multicast VPN

MDT Address Family in BGP for Multicast VPN

Multicast VPN Operation

MVPN IP allows a service provider to configure and support multicast traffic in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment. This feature supports routing and forwarding of multicast packets for each individual VPN routing and forwarding (VRF) instance, and it also provides a mechanism to transport VPN multicast packets across the service provider backbone.

A VPN is network connectivity across a shared infrastructure, such as an Internet service provider (ISP). Its function is to provide the same policies and performance as a private network, at a reduced cost of ownership, thus creating many opportunities for cost savings through operations and infrastructure.

An MVPN allows an enterprise to transparently interconnect its private network across the network backbone of a service provider. The use of an MVPN to interconnect an enterprise network in this way does not change the way that enterprise network is administered, nor does it change general enterprise connectivity.

Benefits of Multicast VPN

Provides a scalable solution to dynamically send information to multiple locations.

Provides high-speed information delivery.

Provides connectivity through a shared infrastructure.

Multicast VPN Routing and Forwarding and Multicast Domains

MVPN introduces multicast routing information to the VPN routing and forwarding table. When a provider edge (PE) router receives multicast data or control packets from a customer edge (CE) router, forwarding is performed according to the information in the Multicast VPN routing and forwarding instance (MVRF). MVPN does not use label switching.

A set of MVRFs that can send multicast traffic to each other constitutes a multicast domain. For example, the multicast domain for a customer that wanted to send certain types of multicast traffic to all global employees would consist of all CE routers associated with that enterprise.

Multicast Distribution Trees

MVPN establishes a static default MDT for each multicast domain. The default MDT defines the path used by PE routers to send multicast data and control messages to every other PE router in the multicast domain.

If Source Specific Multicast (SSM) is used as the core multicast routing protocol, then the multicast IP addresses used for the default and data multicast distribution tree (MDT) must be configured within the SSM range on all PE and P routers.

MVPN also supports the dynamic creation of MDTs for high-bandwidth transmission. Data MDTs are a feature unique to Cisco IOS software. Data MDTs are intended for high-bandwidth sources such as full-motion video inside the VPN to ensure optimal traffic forwarding in the MPLS VPN core. The threshold at which the data MDT is created can be configured on a per-router or a per-VRF basis. When the multicast transmission exceeds the defined threshold, the sending PE router creates the data MDT and sends a User Datagram Protocol (UDP) message, which contains information about the data MDT to all routers on the default MDT. The statistics to determine whether a multicast stream has exceeded the data MDT threshold are examined once every second; on distributed platforms such as the Cisco 7500 and Cisco 12000, those statistics are updated to the route processor every 10 seconds. After a PE router sends the UDP message, it waits 3 more seconds before switching over; 13 seconds is the worst case switchover time; 3 seconds is the best case.

Data MDTs are created only for (S, G) multicast route entries within the VRF multicast routing table. They are not created for (*, G) entries regardless of the value of the individual source data rate.

In the following example, a service provider has a multicast customer with offices in San Jose, New York, and Dallas. A one-way multicast presentation is occurring in San Jose. The service provider network supports all three sites associated with this customer, in addition to the Houston site of a different enterprise customer.

The default MDT for the enterprise customer consists of provider routers P1, P2, and P3 and their associated PE routers. PE4 is not part of the default MDT, because it is associated with a different customer. Figure 1 shows that no data flows along the default MDT, because no one outside of San Jose has joined the multicast.

Figure 1 Default Multicast Distribution Tree Overview

An employee in New York joins the multicast session. The PE router associated with the New York site sends a join request that flows across the default MDT for the multicast domain of the customer. PE1, the PE router associated with the multicast session source, receives the request. Figure 2 depicts that the PE router forwards the request to the CE router associated with the multicast source (CE1a).

Figure 2 Initializing the Data MDT

The CE router (CE1a) begins to send the multicast data to the associated PE router (PE1), which sends the multicast data along the default MDT. Immediately sending the multicast data, PE1 recognizes that the multicast data exceeds the bandwidth threshold for which a data MDT should be created. Therefore, PE1 creates a data MDT, sends a message to all routers using the default MDT that contains information about the data MDT, and, three seconds later, begins sending the multicast data for that particular stream using the data MDT. Only PE2 has interested receivers for this source, so only PE2 will join the data MDT and receive traffic on it.

PE routers maintain a PIM relationship with other PE routers over the default MDT as well as a PIM relationship with its directly attached PE routers.

Multicast Tunnel Interface

An MVRF, which is created per multicast domain, requires the router to create a tunnel interface from which all MVRF traffic is sourced. A multicast tunnel interface is an interface the MVRF uses to access the multicast domain. It can be thought of as a conduit that connects an MVRF and the global MVRF. One tunnel interface is created per MVRF.

Multicast Distributed Switching Support for Multicast VPN

Multicast distributed switching (MDS) is supported for MVPN on the Cisco 7500 series routers. When MDS is configured, ensure that all interfaces enabled for IP multicast have MDS enabled correctly—verify that no interface has the no ip mroute-cache command configured (including loopback interfaces).

MDT Address Family in BGP for Multicast VPN

The mdt keyword has been added to the address-family ipv4 command to configure an MDT address-family session. MDT address-family sessions are used to pass the source PE address and MDT group address to PIM using Border Gateway Protocol (BGP) MDT Subaddress Family Identifier (SAFI) updates.

BGP Advertisement Methods for Multicast VPN Support

Auto-Migration to the MDT SAFI

Guidelines for Configuring the MDT SAFI

Guidelines for Upgrading a Network to Support the MDT SAFI

Supported Policy

BGP Advertisement Methods for Multicast VPN Support

In a single autonomous system, if the default MDT for an MVPN is using PIM sparse mode (PIM-SM) with a rendezvous point (RP), then PIM is able to establish adjacencies over the Multicast Tunnel Interface (MTI) because the source PE and receiver PE discover each other through the RP. In this scenario, the local PE (the source PE) sends register messages to the RP, which then builds a shortest-path tree (SPT) toward the source PE. The remote PE, which acts as a receiver for the MDT multicast group, then sends (*, G) joins toward the RP and joins the distribution tree for that group.

However, if the default MDT group is configured in a PIM Source Specific Multicast (PIM-SSM) environment rather than a PIM-SM environment, the receiver PE needs information about the source PE and the default MDT group. This information is used to send (S, G) joins toward the source PE to build a distribution tree from the source PE (without the need for an RP). The source PE address and default MDT group address are sent using BGP.

Table 1 lists the BGP advertisement methods for sending the source PE address and the default MDT group that are available (by Cisco IOS release).

Table 1 BGP Advertisement Methods for MVPN 

Cisco IOS Release
BGP Advertisement Method

Release 12.0(29)S

Release 12.2(33)SRA1

Release 12.2(31)SB2

Release 12.2(33)SXH

Extended Communities

Release 12.0(29)S and later 12.0S releases

Release 12.2(31)SB2 and later 12.2SB releases

Release 12.2(33)SRA and later 12.2SR releases

Release 12.2(33)SXH and later 12.2SX releases

BGP address family MDT SAFI


BGP Extended Community

When BGP extended communities are used, the PE loopback (source address) information is sent as a VPNv4 prefix using Route Distinguisher (RD) Type 2 (to distinguish it from unicast VPNv4 prefixes). The MDT group address is carried in a BGP extended community. Using a combination of the embedded source in the VPNv4 address and the group in the extended community, PE routers in the same MVRF instance can establish SSM trees to each other.


Note Prior to the introduction of MDT SAFI support, the BGP extended community attribute was used as an interim solution to advertise the IP address of the source PE and default MDT group before IETF standardization. A BGP extended community attribute in an MVPN environment, however, has certain limitations: it cannot be used in inter-AS scenarios (as the attribute is non-transitive), and it uses RD Type 2 (which is not a supported standard).


BGP MDT SAFI

In Cisco IOS releases that support the MDT SAFI, the source PE address and the MDT group address are passed to PIM using BGP MDT SAFI updates. The RD type has changed to RD type 0 and BGP determines the best path for the MDT updates before passing the information to PIM.


Note To prevent backwards compatibility issues, BGP allows the communication of the older style updates with peers that are unable to understand the MDT SAFI address family.


In Cisco IOS releases that support the MDT SAFI, the MDT SAFI address family needs to be explicitly configured for BGP neighbors using the address-family ipv4 mdt command. Neighbors that do not support the MDT SAFI still need to be enabled for the MDT SAFI in the local BGP configuration. Prior to the introduction of the MDT SAFI, additional BGP configuration from the VPNv4 unicast configuration was not needed to support MVPN.

Because the new MDT SAFI does not use BGP route-target extended communities, the regular extended community methods to filter these updates no longer apply. As a result, the match mdt-group route-map configuration command has been added to filter on the MDT group address using access control lists (ACLs). These route maps can be applied—inbound or outbound—to the IPv4 MDT address-family neighbor configuration.

Auto-Migration to the MDT SAFI

In Cisco IOS Release 12.0(30)S3, auto-migration to the MDT SAFI functionality was introduced to ease the migration to the MDT SAFI. This functionality was integrated into Cisco IOS Releases 12.2(33)SRA1, 12.2(31)SB2, and 12.2(33)SXH. When migrating a Cisco IOS release to the MDT SAFI, existing VPNv4 neighbors will be automatically configured for the MDT SAFI upon bootup based on the presence of an existing default MDT configuration (that is, pre-MDT SAFI configurations will be automatically converted to an MDT SAFI configuration upon bootup). In addition, when a default MDT configuration exists and a VPNv4 neighbor in BGP is configured, a similar neighbor in the IPv4 MDT address family will be automatically configured.


Note Because there is no VRF configuration on route reflectors (RRs), auto-migration to the MDT SAFI will not be triggered on RRs. The MDT SAFI configuration, thus, will need to be manually configured on RRs. Having a uniform MDT transmission method will reduce processing time on the routers (as MDT SAFI conversion is not necessary).


Guidelines for Configuring the MDT SAFI

We recommended that you configure the MDT SAFI on all routers that participate in the MVPN. Even though the benefits of the MDT SAFI are for SSM tree building, the MDT SAFI must also be configured when using MVPN with the default MDT group for PIM-SM. From the multicast point of view, the MDT SAFI is not required for MVPN to work within a PIM-SM core. However, in certain scenarios, the new address family must be configured in order to create the MTI. Without this notification, the MTI would not be created and MVPN would not function (even with PIM-SM).

For backward compatible sessions, extended communities must be enabled on all MDT SAFI peers. In a pure MDT SAFI environment there is no need to configure extended communities explicitly for MVPN. However, extended communities will be needed for VPNv4 interior BGP (iBGP) sessions to relay the route-target. In a hybrid (MDT SAFI and pre-MDT SAFI) environment, extended communities must be configured to send the embedded source in the VPNv4 address and the MDT group address to MDT SAFI neighbors.

Guidelines for Upgrading a Network to Support the MDT SAFI

When moving from a pre-MDT SAFI to an MDT SAFI environment, upmost care should be taken to minimize the impact to the MVPN service. The unicast service will not be affected, other than the outage due to the reload and recovery. To upgrade a network to support the MDT SAFI, we recommended that you perform the following steps:

1. Upgrade the PEs in the MVPN to a Cisco IOS release that supports the MDT SAFI. Upon bootup, the PE configurations will be auto-migrated to the MDT SAFI. For more information about the auto-migration to the MDT SAFI functionality, see the "Auto-Migration to the MDT SAFI" section.

2. After the PEs have been upgraded, upgrade the RRs and enable the MDT SAFI for all peers providing MVPN service. Enabling or disabling the MDT SAFI will reset the BGP peer relationship for all address families; thus, a loss of routing information may occur.


Note In the case of a multihomed BGP RR scenario, one of the RRs must be upgraded and configured last. The upgraded PEs will use this RR to relay MDT advertisements while the other RRs are being upgraded.


Supported Policy

The following policy configuration parameters are supported under the MDT SAFI:

Mandatory attributes and well-known attributes, such as the AS-path, multi-exit discriminator MED, BGP local-pref, and next hop attributes.

Standard communities, community lists, and route maps.

How to Configure Multicast VPN

This section contains the following procedures.

Configuring a Default MDT Group for a VRF (required)

Configuring the MDT Address Family in BGP for Multicast VPN (required)

Configuring the Data Multicast Group (optional)

Configuring Multicast Routes and Information (optional)

Verifying Information for the MDT Default Group (optional)

Configuring a Default MDT Group for a VRF

Perform this task to configure a default MDT group for a VRF.

The default MDT group must be the same group configured on all routers that belong to the same VPN. The source IP address will be the address used to source the BGP sessions.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip multicast-routing

4. ip multicast-routing vrf vrf-name

5. ip vrf vrf-name

6. mdt default group-address

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip multicast-routing

Example:

Router(config)# ip multicast-routing

Enables multicast routing.

Step 4 

ip multicast-routing vrf vrf-name

Example:

Router(config)# ip multicast-routing vrf vrf1

Supports the Multicast Virtual Private Network (VPN) routing and forwarding (VRF) instance.

Step 5 

ip vrf vrf-name

Example:

Router(config)# ip vrf vrf1

Enters VRF configuration mode and defines the VPN routing instance by assigning a VRF name.

Step 6 

mdt default group-address

Example:

Router(config-vrf)# mdt default 232.0.0.1

Configures the multicast group address range for data multicast distribution tree (MDT) groups for a VRF.

A tunnel interface is created as a result of this command.

By default, the destination address of the tunnel header is the group-address argument.

Configuring the MDT Address Family in BGP for Multicast VPN

Perform this task to configure an MDT address family session on PE routers to establish MDT peering sessions for MVPN.

Prerequisites

Before MVPN peering can be established through an MDT address family, MPLS and Cisco Express Forwarding (CEF) must be configured in the BGP network and multiprotocol BGP on PE routers that provide VPN services to CE routers.

Restrictions

The following policy configuration parameters are not supported:

Route-originator attribute

Network Layer Reachability Information (NLRI) prefix filtering (prefix lists, distribute lists)

Extended community attributes (route target and site of origin)

SUMMARY STEPS

1. enable

2. configure terminal

3. router bgp as-number

4. address-family ipv4 mdt

5. neighbor neighbor-address activate

6. neighbor neighbor-address send-community [both | extended | standard]

7. exit

8. address-family vpnv4

9. neighbor neighbor-address activate

10. neighbor neighbor-address send-community [both | extended | standard]

11. end

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router bgp as-number

Example:

Router(config)# router bgp 65535

Enters router configuration mode and creates a BGP routing process.

Step 4 

address-family ipv4 mdt

Example:

Router(config-router)# address-family ipv4 mdt

Enters address family configuration to create an IP MDT address family session.

Step 5 

neighbor neighbor-address activate

Example:

Router(config-router-af)# neighbor 192.168.1.1 activate

Enables the MDT address family for this neighbor.

Step 6 

neighbor neighbor-address send-community [both | extended | standard]

Example:

Router(config-router-af)# neighbor 192.168.1.1 send-community extended

Enables community and (or) extended community exchange with the specified neighbor.

Step 7 

exit

Example:

Router(config-router-af)# exit

Exits address family configuration mode and returns to router configuration mode.

Step 8 

address-family vpnv4

Example:

Router(config-router)# address-family vpnv4

Enters address family configuration mode to create a VPNv4 address family session.

Step 9 

neighbor neighbor-address activate

Example:

Router(config-router-af)# neighbor 192.168.1.1 activate

Enables the VPNv4 address family for this neighbor.

Step 10 

neighbor neighbor-address send-community [both | extended | standard]

Example:

Router(config-router-af)# neighbor 192.168.1.1 send-community extended

Enables community and (or) extended community exchange with the specified neighbor.

Step 11 

end

Example:

Router(config-router-af)# end

Exits address-family configuration mode and enters privileged EXEC mode.

Configuring the Data Multicast Group

Perform this task to configure a data MDT group.

A data MDT group can include a maximum of 256 multicast groups per VPN per VRF per PE router. Multicast groups used to create the data MDT group are dynamically chosen from a pool of configured IP addresses.

Prerequisites

Before configuring a default MDT group, the VPN must be configured for multicast routing as described in the "Configuring a Default MDT Group for a VRF" section.

All access lists needed when using the tasks in this module should be configured prior to beginning the configuration task. For information about how to configure an access list, see the "Creating an IP Access List and Applying It to an Interface" module.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip vrf vrf-name

4. mdt data group-address-range wildcard-bits [threshold kb/s] [list access-list]

5. mdt log-reuse

6. exit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip vrf vrf-name

Example:

Router(config)# ip vrf vrf1

Enters VRF configuration mode and defines the VPN routing instance by assigning a VRF name.

Step 4 

mdt data group-address-range wildcard-bits [threshold kb/s] [list access-list]

Example:

Router(config-vrf)# mdt data 239.192.20.32 0.0.0.15 threshold 1

Specifies a range of addresses to be used in the data MDT pool.

For the group-address-range and wildcard-bits arguments, specify a a multicast group address range. The range is from 224.0.0.1 to 239.255.255.255. Because the range of addresses used in the data MDT pool are multicast group addresses (Class D addresses), there is no concept of a subnet; therefore, you can use all addresses in the mask (wildcard) range that you specify for the wildcard-bits argument.

The threshold is in kb/s. The range is from 1 through 4294967.

Use the optional list keyword and access-list argument to define the (S, G) MVPN entries to be used in a data MDT pool, which would further limit the creation of a data MDT pool to the particular (S, G) MVPN entries defined in the access list specified for the access-list argument

Step 5 

mdt log-reuse

Example:

Router(config-vrf)# mdt log-reuse

(Optional) Enables the recording of data multicast distribution tree (MDT) reuse and generates a syslog message when a data MDT has been reused.

Step 6 

exit

Example:

Router(config-vrf)# exit

Returns to global configuration mode.

Configuring Multicast Routes and Information

Perform this task to limit the number of multicast routes that can be added in a router.

Prerequisites

Before configuring a default MDT group, the VPN must be configured for multicast routing as described in the "Configuring a Default MDT Group for a VRF" section.

All access lists needed when using the tasks in this module should be configured prior to beginning the configuration task. For information about how to configure an access list, see the "Creating an IP Access List and Applying It to an Interface" module.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip multicast vrf vrf-name route-limit limit [threshold]

4. ip multicast mrinfo-filter access-list

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip multicast vrf vrf-name route-limit limit [threshold]

Example:

Router(config)# ip multicast vrf cisco route-limit 200000 20000

Sets the mroute limit and the threshold parameters.

Step 4 

ip multicast mrinfo-filter access-list

Example:

Router(config)# ip multicast mrinfo-filter 4

Filters the multicast router information request packets for all sources specified in the access list.

Verifying Information for the MDT Default Group

Perform this task to verify information about the MDT default group.

SUMMARY STEPS

1. enable

2. show ip msdp [vrf vrf-name] peer [peer-address | peer-name]

3. show ip msdp [vrf vrf-name] summary

4. show ip pim [vrf vrf-name] mdt bgp

5. show ip pim [vrf vrf-name] mdt send

6. show ip pim mdt history

DETAILED STEPS


Step 1 enable

Enables privileged EXEC mode.

Enter your password if prompted.

Example:

Router> enable


Step 2 show ip msdp [vrf vrf-name] peer [peer-address | peer-name]

Enter the show ip msdp peer command to verify detailed information about MSDP peer 224.135.250.116:

Router# show ip msdp peer 224.135.250.116 

MSDP Peer 224.135.250.116 (rtp5-rp1.cisco.com), AS 109 (configured AS) 
Description: 
 Connection status: 
   State: Up, Resets: 9, Connection source: Loopback2 (228.69.199.17) 
   Uptime(Downtime): 1d10h, Messages sent/received: 436765/429062 
   Output messages discarded: 0 
   Connection and counters cleared 1w2d     ago 
 SA Filtering: 
   Input (S,G) filter: none, route-map: none 
   Input RP filter: none, route-map: none 
   Output (S,G) filter: none, route-map: none 
   Output RP filter: none, route-map: none 
 SA-Requests: 
   Input filter: none 
   Sending SA-Requests to peer: disabled 
 Peer ttl threshold: 0 
 SAs learned from this peer: 32, SAs limit: 500 
 Input queue size: 0, Output queue size: 0 

Step 3 show ip msdp [vrf vrf-name] summary

Enter the show ip msdp summary command to display MSDP peer status:

Router# show ip msdp summary 

MSDP Peer Status Summary 
Peer Address     AS    State    Uptime/  Reset SA    Peer Name 
                                Downtime Count Count 
224.135.250.116  109   Up       1d10h    9     111   rtp5-rp1 
*144.228.240.253 1239  Up       14:24:00 5     4010  sl-rp-stk 
172.16.253.19    109   Up       12:36:17 5     10    rtp4-rp1 
172.16.170.110   109   Up       1d11h    9     12    ams-rp1 

Step 4 show ip pim [vrf vrf-name] mdt bgp

To display information about and to verify information about the BGP advertisement of the route distinguisher (RD) for the MDT default group, use the show ip pim mdt bgp command in EXEC mode.

Router# show ip pim mdt bgp 
 
MDT-default group 232.2.1.4 rid:1.1.1.1 next_hop:1.1.1.1 

Step 5 show ip pim [vrf vrf-name] mdt send

To display detailed information about and to verify information regarding the MDT data group, perform the following steps.

Enter the show ip pim mdt send command to show the MDT advertisements that a specified router has made.


Router# show ip pim mdt send 

MDT-data send list for VRF:vpn8 
  (source, group)                     MDT-data group      ref_count 
  (10.100.8.10, 225.1.8.1)            232.2.8.0           1 
  (10.100.8.10, 225.1.8.2)            232.2.8.1           1 
  (10.100.8.10, 225.1.8.3)            232.2.8.2           1 
  (10.100.8.10, 225.1.8.4)            232.2.8.3           1 
  (10.100.8.10, 225.1.8.5)            232.2.8.4           1 
  (10.100.8.10, 225.1.8.6)            232.2.8.5           1 
  (10.100.8.10, 225.1.8.7)            232.2.8.6           1 
  (10.100.8.10, 225.1.8.8)            232.2.8.7           1 
  (10.100.8.10, 225.1.8.9)            232.2.8.8           1 
  (10.100.8.10, 225.1.8.10)           232.2.8.9           1 

Step 6 show ip pim mdt history

Enter the show ip pim mdt history command to display the data MDTs that have been reused during the past configured interval.

Router# show ip pim vrf vrf1 mdt history interval 20 

   MDT-data send history for VRF - vrf1 for the past 20 minutes 


MDT-data group        Number of reuse 
     10.9.9.8           3 
     10.9.9.9           2 

Configuration Examples for Multicast VPN

This section contains the following configuration examples:

Configuring MVPN and SSM: Example

Enabling a VPN for Multicast Routing: Example

Configuring the MDT Address Family in BGP for Multicast VPN: Example

Configuring the Multicast Group Address Range for Data MDT Groups: Example

Configuring the IP Source Address of Register Messages: Example

Configuring an MSDP Peer: Example

Limiting the Number of Multicast Routes: Example

Configuring MVPN and SSM: Example

In the following example, PIM-SSM is configured in the backbone. Therefore, the default and data MDT groups are configured within the SSM range of IP addresses. Inside the VPN, PIM-SM is configured and only Auto-RP announcements are accepted.

ip vrf vrf1 
 rd 1:1 
 route-target export 1:1 
 route-target import 1:1 
 mdt default 232.0.0.1 
 mdt data 232.0.1.0 0.0.0.255 threshold 500 list 101 
! 
ip pim ssm default 
ip pim vrf vrf1 accept-rp auto-rp 

Enabling a VPN for Multicast Routing: Example

In the following example, multicast routing is enabled with a VPN routing instance named vrf1:

ip multicast-routing vrf1 

Configuring the MDT Address Family in BGP for Multicast VPN: Example

In the following example, an MDT address family session is configured on a PE router to establish MDT peering sessions for MVPN.

!
ip vrf test
 rd 55:2222
 route-target export 55:2222
 route-target import 55:2222
 mdt default 232.0.0.1
!
ip multicast-routing
ip multicast-routing vrf test
!
router bgp 55
.
.
.
!
 address-family vpnv4
 neighbor 192.168.1.1 activate
 neighbor 192.168.1.1 send-community both
!
 address-family ipv4 mdt
 neighbor 192.168.1.1 activate
 neighbor 192.168.1.1 send-community both
!

Configuring the Multicast Group Address Range for Data MDT Groups: Example

In the following example, the VPN routing instance is assigned a VRF named blue. The MDT default group for a VPN VRF is 239.1.1.1, and the multicast group address range for MDT groups is 239.1.2.0 with wildcard bits of 0.0.0.3:

ip vrf blue 
 rd 55:1111 
 route-target both 55:1111 
 mdt default 239.1.1.1 
 mdt data 239.1.2.0 0.0.0.3 
 end 

Configuring the IP Source Address of Register Messages: Example

In the following example, the IP source address of the register message is configured to the Ethernet interface 1/0/1 of a DR:

ip pim register-source Ethernet1/0/1 

Configuring an MSDP Peer: Example

In the following example, an MSDP peer is configured with a VPN routing instance named vrf1 and a source of 10.10.0.1 from Ethernet interface 1/0/1:

ip msdp vrf vrf1 peer 10.10.0.1 connect-source Ethernet 1/0/1 

Limiting the Number of Multicast Routes: Example

In the following example, the number of multicast routes that can be added in to a multicast routing table is set to 200,000 and the threshold value of the number of mroutes that will cause a warning message to occur is set to 20,000:

!
ip multicast-routing distributed 
ip multicast-routing vrf cisco distributed 
ip multicast cache-headers 
ip multicast route-limit 200000 20000 
ip multicast vrf cisco route-limit 200000 20000 
no mpls traffic-eng auto-bw timers frequency 0 
! 

Additional References

The following sections provide references related to the configuring Multicast VPN.

Related Documents

Related Topic
Document Title

Extranet MVPN concepts, tasks, and configuration examples

"Configuring Multicast VPN Extranet Support" module

Inter-AS MVPN concepts, tasks, and configuration examples

"Configuring Multicast VPN Inter-AS Support" module

MVPN MIB concepts and tasks

"Multicast VPN MIB" module

IP multicast commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples

Cisco IOS IP Multicast Command Reference, Release 12.4


Standards

Standard
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIB
MIBs Link

CISCO_MVPN_MIB.my

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.


Technical Assistance

Description
Link

The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies.

To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds.

Access to most tools on the Cisco Support website requires a Cisco.com user ID and password.

http://www.cisco.com/techsupport


Feature Information for Configuring Multicast VPN

Table 2 lists the release history for this feature.

Table 2 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Releases 12.2(1) or 12.0(3)S or a later release appear in the table.

For information on a feature in this technology that is not documented here, see the IP Multicast Features Roadmap.

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.


Note Table 2 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.


Table 2 Feature Information for Configuring Multicast VPN 

Feature Name
Releases
Feature Information

Multicast VPN—IP Multicast Support of MPLS VPNs

12.0(23)S
12.2(13)T
12.2(14)S
12.0(25)S1
12.0(26)S
12.0(32)SY
15.0(1)S

The Multicast VPN feature provides the ability to support multicast over a Layer 3 Virtual Private Network (VPN). As enterprises extend the reach of their multicast applications, service providers can accommodate these enterprises over their Multiprotocol Label Switching (MPLS) core network. IP multicast is used to stream video, voice, and data to an MPLS VPN network core.

This entire module provides information about this feature.