Guest

Layer 3 VPNs (L3VPN)

Multi-VRF and IP Multicast

WHITE PAPER

OVERVIEW

Multi-VRF Customer Edge (VRF-Lite) enables Multiple VPN routing instances on Customer Edge devices and supports Cisco IOS® IP Multicast. Since Multicast has become an integral part of many networks, it is critical that Cisco IOS Technologies support it.

CONFIGURATION PROCESS

Once the unicast setup is complete, follow these steps to configure Multi-VRF and IP Multicast between the VPN provider and the customer.

Enable IP Multicast over VPN (Service Providers)

1. Enable Multicast on the Provider and Provider Edge routers and interfaces
2. Enable VRFs for Multicast by assigning them default Multicast Diagnostic
Toolset (MDT) groups and optionally data MDT groups

Configure Multi-VRF to support IP Multicast (Customers)

3. Enable individual VRFs on the Multi-VRF Customer Edges for IP Multicast
4. Configure Rendezvous Points using either static Auto-Rendezvous Point or Boot Strap Router (BSR) within each VRF on the Provider Edge/Multi-VRF Customer Edge routers. When using Auto-Rendezvous Point, make sure all the participating interfaces are sparse-dense.
The Customer Edge portion of the configuration process illustrates that no special configuration is required to enable IP Multicast with Multi VRF. The configuration is VRF-specific.

Figure 1

Multi-VRF Topology

Figure 1 illustrates Multi-VRF deployment for a customer who requires two separate VPNs for its operations: finance (yellow) and engineering (red). This customer also has a VPN service from Provider and two sites connected to both VPNs.
A single physical interface uses sub-interfaces to carry per-VPN traffic between the Customer Edge and Provider Edge. Each VPN could also be assigned its own physical interface between the Customer Edge and Provider Edge; however, this option is more expensive.
The Multi-VRF Customer Edge provides the capability of supporting multiple VRFs on the Customer Edge.
Customer Edge1 and Customer Edge2 each support VPNs, Finance, and Engineering. Also, assume that the Rendezvous Point for Finance is Customer Edge2, and the Rendezvous Point for Engineering is Customer Edge1.
Following are the configurations that enable IP Multicast on Customer Edge1 and Customer Edge2:

Customer Edge1

ip multicast-routing vrf FINANCE
ip multicast-routing vrf ENG
! FINANCE is sub-intf 2
int Ethernet0/0.2
descr Sub-interface to PE for the ENG VPN
ip pim sparse-dense
!
! ENG is sub-intf 3
int Ethernet0/0.3
descr Sub-interface to PE for the FINANCE VPN
ip pim sparse-dense
!
ip pim vrf FINANCE rp-address <x.x.x.x>
ip pim vrf ENG rp-address <x.x.x.x>

CONFIGURATION EXAMPLES

Complete Configuration from the network described above.
In the following configurations, the provider uses a default MDT over Source Specific Multicast (SSM) with a default SSM address. In the Customer Edge VRF the group range 228.0.0.0 is being used by both VRFs independently from each other. Static Rendezvous Points for Protocol Independent Multicast sparse mode (PIM SM) have been used this time; however, any PIM Mode is supported within the VRF.

Customer Edge1

hostname CE1
!
ip cef
ip vrf ENG
rd 200:200
!
ip vrf FINANCE
rd 300:300
!
ip multicast-routing vrf ENG
ip multicast-routing vrf FINANCE
!
interface Loopback1
ip vrf forwarding ENG
ip address 200.10.100.1 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Loopback2
ip vrf forwarding FINANCE
ip address 210.10.100.1 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet0/0
description Link between routers CE1 PE1
no ip address
no ip directed-broadcast
no cdp enable
!
interface Ethernet0/0.2
encapsulation dot1Q 2
ip vrf forwarding ENG
ip address 200.10.10.4 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet0/0.3
encapsulation dot1Q 3
ip vrf forwarding FINANCE
ip address 210.10.10.4 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
router rip
version 2
!
address-family ipv4 vrf FINANCE
version 2
network 210.10.10.0
network 210.10.100.0
no auto-summary
exit-address-family
!
address-family ipv4 vrf ENG
version 2
network 200.10.10.0
network 200.10.100.0
no auto-summary
exit-address-family
!
ip classless
!
ip pim vrf ENG rp-address 200.20.20.5 50
ip pim vrf FINANCE rp-address 210.10.10.4 50
!
access-list 50 permit 228.0.0.0 0.255.255.255
!
end

Provider Edge1

hostname PE1
!
ip cef
ip vrf ENG
rd 200:200
route-target export 200:200
route-target import 200:200
mdt default 232.1.1.1
!
ip vrf FINANCE
rd 300:300
route-target export 300:300
route-target import 300:300
mdt default 232.2.2.2
!
ip multicast-routing
ip multicast-routing vrf ENG
ip multicast-routing vrf FINANCE
!
interface Loopback0
ip address 205.1.0.1 255.255.255.255
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet0/0
description Link between routers CE1 PE1
no ip address
no ip directed-broadcast
ip pim sparse-dense-mode
no cdp enable
!
interface Ethernet0/0.2
encapsulation dot1Q 2
ip vrf forwarding ENG
ip address 200.10.10.1 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet0/0.3
encapsulation dot1Q 3
ip vrf forwarding FINANCE
ip address 210.10.10.1 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet1/0
description Link between routers PE1 P
ip address 10.10.10.1 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
tag-switching ip
no cdp enable
!
router ospf 200
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
network 205.1.0.1 0.0.0.0 area 0
!
router rip
version 2
!
address-family ipv4 vrf FINANCE
version 2
redistribute bgp 200 metric 10
network 210.10.10.0
no auto-summary
exit-address-family
!
address-family ipv4 vrf ENG
version 2
redistribute bgp 200 metric 10
network 200.10.10.0
no auto-summary
exit-address-family
!
router bgp 200
bgp log-neighbor-changes
neighbor 205.2.0.2 remote-as 200
neighbor 205.2.0.2 update-source Loopback0
!
address-family ipv4
neighbor 205.2.0.2 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 205.2.0.2 activate
neighbor 205.2.0.2 send-community extended
exit-address-family
!
address-family ipv4 vrf FINANCE
redistribute rip metric 50
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf ENG
redistribute rip metric 50
no auto-summary
no synchronization
exit-address-family
!
ip classless
!
ip pim ssm default
ip pim vrf ENG rp-address 200.20.20.5 50
ip pim vrf FINANCE rp-address 210.10.10.4 50
!
access-list 50 permit 228.0.0.0 0.255.255.255
!
end

Provider

hostname P
!
ip cef
ip multicast-routing
!
interface Ethernet1/0
description Link between routers PE1 P
ip address 10.10.10.3 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
tag-switching ip
no cdp enable
!
interface Ethernet2/0
description Link between routers P PE2
ip address 10.10.20.3 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
tag-switching ip
no cdp enable
!
router ospf 200
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
network 10.10.20.0 0.0.0.255 area 0
!
ip classless
!
ip pim ssm default
!
end

Provider Edge2

hostname PE2
!
ip cef
ip vrf ENG
rd 200:200
route-target export 200:200
route-target import 200:200
mdt default 232.1.1.1
!
ip vrf FINANCE
rd 300:300
route-target export 300:300
route-target import 300:300
mdt default 232.2.2.2
!
ip multicast-routing
ip multicast-routing vrf ENG
ip multicast-routing vrf FINANCE
!
interface Loopback0
ip address 205.2.0.2 255.255.255.255
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet2/0
description Link between routers P PE2
ip address 10.10.20.2 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
tag-switching ip
no cdp enable
!
interface Ethernet3/0
description Link between routers PE2 CE2
no ip address
no ip directed-broadcast
no cdp enable
!
interface Ethernet3/0.2
encapsulation dot1Q 2
ip vrf forwarding ENG
ip address 200.20.20.2 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet3/0.3
encapsulation dot1Q 3
ip vrf forwarding FINANCE
ip address 210.20.20.2 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
router ospf 200
log-adjacency-changes
network 10.10.20.0 0.0.0.255 area 0
network 205.2.0.2 0.0.0.0 area 0
!
router rip
version 2
!
address-family ipv4 vrf FINANCE
version 2
redistribute bgp 200 metric 10
network 210.20.20.0
no auto-summary
exit-address-family
!
address-family ipv4 vrf ENG
version 2
redistribute bgp 200 metric 10
network 200.20.20.0
no auto-summary
exit-address-family
!
router bgp 200
bgp log-neighbor-changes
neighbor 205.1.0.1 remote-as 200
neighbor 205.1.0.1 update-source Loopback0
!
address-family ipv4
neighbor 205.1.0.1 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 205.1.0.1 activate
neighbor 205.1.0.1 send-community extended
exit-address-family
!
address-family ipv4 vrf FINANCE
redistribute rip metric 50
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf ENG
redistribute rip metric 50
no auto-summary
no synchronization
exit-address-family
!
ip classless
!
ip pim ssm default
ip pim vrf ENG rp-address 200.20.20.5 50
ip pim vrf FINANCE rp-address 210.10.10.4 50
!
access-list 50 permit 228.0.0.0 0.255.255.255
!
end

Customer Edge2

hostname CE2
!
ip cef
ip vrf ENG
rd 200:200
!
ip vrf FINANCE
rd 300:300
!
ip multicast-routing vrf ENG
ip multicast-routing vrf FINANCE
!
interface Loopback1
ip vrf forwarding ENG
ip address 200.20.200.1 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Loopback2
ip vrf forwarding FINANCE
ip address 210.20.200.1 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet3/0
description Link between routers PE2 CE2
no ip address
no ip directed-broadcast
no cdp enable
!
interface Ethernet3/0.2
encapsulation dot1Q 2
ip vrf forwarding ENG
ip address 200.20.20.5 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet3/0.3
encapsulation dot1Q 3
ip vrf forwarding FINANCE
ip address 210.20.20.5 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
router rip
version 2
!
address-family ipv4 vrf FINANCE
version 2
network 210.20.20.0
network 210.20.200.0
no auto-summary
exit-address-family
!
address-family ipv4 vrf ENG
version 2
network 200.20.20.0
network 200.20.200.0
no auto-summary
exit-address-family
!
ip classless
!
ip pim vrf ENG rp-address 200.20.20.5 50
ip pim vrf FINANCE rp-address 210.10.10.4 50
!
access-list 50 permit 228.0.0.0 0.255.255.255
!
end

VERIFYING IP MULTICAST ROUTE INFORMATION

Since IP Multicast relies on Unicast routing or performs it RPF check, its status has to be always checked before verifying the IP Multicast route information.

Output from Customer Edge1

CE1#sh ip route vrf ENG
Routing Table: ENG
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR
Gateway of last resort is not set
R 200.20.200.0/24 [120/10] via 200.10.10.1, 00:00:10, Ethernet0/0.2
R 200.20.20.0/24 [120/10] via 200.10.10.1, 00:00:10, Ethernet0/0.2
C 200.10.100.0/24 is directly connected, Loopback1
C 200.10.10.0/24 is directly connected, Ethernet0/0.2
CE1#sh ip pim vrf ENG int cou
State: * - Fast Switched, D - Distributed Fast Switched
H - Hardware Switching Enabled
Address Interface FS Mpackets In/Out
200.10.100.1 Loopback1 * 42/0
200.10.10.4 Ethernet0/0.2 * 0/0
CE1#sh ip vrf
Name Default RD Interfaces
ENG 200:200 Loopback1
Ethernet0/0.2
green 300:300 Loopback2
Ethernet0/0.3
The VRF for a specific group command, SH IP MROUTE, matches the access list on the Provider Edge for the ENG VRF. The incoming interface from Provider Edge neighbor is the address of the Provider Edge interface. The Rendezvous Point is the address of the remote Customer Edge.
CE1#sh ip mroute vrf ENG 228.1.1.1
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report, Z - Multicast Tunnel,
Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 228.1.1.1), 00:00:12/00:02:49, RP 200.20.20.5, flags: SJCL
Incoming interface: Ethernet0/0.2, RPF nbr 200.10.10.1
Outgoing interface list:
Loopback1, Forward/Sparse-Dense, 00:00:12/00:02:49
Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:   408 526-4000    800 553-NETS (6387)Fax: 408 526-4100    European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:  31 0 20 357 1000Fax:    31 0 20 357 1100    Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:    408 526-7660Fax:    408 527-0883    Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital Tower Singapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the Cisco Web site at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus  Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland Israel · Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland Portugal · Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden Switzerland · Taiwan · Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · Zimbabwe                      Copyright  2005 Cisco Systems, Inc. All rights reserved. Cisco, Cisco IOS, Cisco Systems, and the Cisco Systems logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R)    205283.B_ETMG_SH_5.05Printed in the USA Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:    408 526-4000    800 553-NETS (6387)Fax: 408 526-4100    European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:  31 0 20 357 1000Fax:    31 0 20 357 1100    Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:    408 526-7660Fax:    408 527-0883    Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital Tower Singapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed on the Cisco Web site at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus  Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland Israel · Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland Portugal · Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden Switzerland · Taiwan · Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · Zimbabwe                      Copyright  2005 Cisco Systems, Inc. All rights reserved. Cisco, Cisco IOS, Cisco Systems, and the Cisco Systems logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R)    205283.B_ETMG_SH_5.05Printed in the USA