Академический Документы
Профессиональный Документы
Культура Документы
AR120&AR150&AR160&AR200&AR1200&AR2200&A
R3200&AR3600 Series Enterprise Routers
Cli-based Configuration Guide - IP Multicast 7 Multicast VPN Configuration
The multicast VPN feature allows you to deploy multicast services such as video
conferencing on a BGP/MPLS IP VPN network.
NOTE
The feature is just for beta test, and is not for commercial use. If the feature is required in the test,
contact technical support personnel.
Maintaining the IPv4 multicast VPN involves monitoring the running status of the IPv4
multicast VPN and controlling the output of logs.
7.9 Configuration Examples
Examples for configuring the IPv4 multicast VPN, including the single-AS MD VPN and
inter-AS MD VPN, are provided.
Definition
Multicast VPN (MVPN) implements multicast service transmission over MPLS/BGP VPNs.
It is a solution based on the multicast domain (MD) scheme defined in RFC 6037.
Purpose
MVPN implements multicast transmission on MPLS/BGP VPNs. It transmits multicast data
and control messages of the PIM instances in private network over the public network to the
remote sites of the VPN.
The PIM instances in the public network (PIM P-instances) need not know multicast data
transmitted between the private networks and the PIM C-instances also need not know
multicast routing information of the PIM P-instance. Therefore, isolating the PIM instances of
the public network from those of the private networks is implemented.
Concepts in MVPN
l MD
MD is short for Multicast Domains. MD is the set of all the VPN instances that can
transmit multicast packets on each Provider Edge (PE).Different VPN instances belong
to different MDs. An MD serves a specific VPN. All private multicast data transmitted in
the VPN is transmitted in the MD.
l Share-Group
Based on the MD principle, all the VPN instances on the PEs in the same MD must join
a common group, called a Share-Group.
Currently, one VPN instance can be configured with only one Share-Group, that is, one
VPN instance can join only one MD.
l Share-Multicast Distribution Tree
Share-MDT is short for Share-Multicast Distribution Tree. Actually, it is set up when the
PIM C-instances on the PEs join Share-Groups. A Share-MDT transmits the PIM
protocol packets and data packets to other PEs within the same VPN. The Share-MDT is
regarded as a multicast tunnel (MT) within an MD.
l MTI
MTI is short for Multicast Tunnel Interface. It is the outgoing interface or incoming
interface of an MT. An MTI is equal to the outgoing interface or incoming interface of
an MD. The local PE and remote PE send and receive VPN data through MTIs.
The MTI is the channel through which the public network instance and VPN instances
on PEs communicate. PEs are connected to an MT by using MTIs, which is equal to the
situation that PEs are connected to a shared network segment. On each PE, VPN
instances that belong to the MD set up the PIM neighbor relationship on MTIs.
l Switch-Group
It is a group to which all the VPN receivers of the PE join for establishing a Switch-
MDT after a Share-MDT is established.
l Switch-MDT
7.2 Principles
This section describes implementation of multicast VPN.
7.2.1 Introduction
This section describes the concept of IPv4 multicast VPN and the network conditions that
must be met for IPv4 multicast VPN implementation.
BGP/MPLS Virtual Private Network (VPN) is widely applied because it is easy to deploy and
control. As network applications evolve and become more and more popular, VPN users now
require IPTV services, multimedia on-demand services, and real-time video conference
services.
If these services are directly transmitted on an MPLS/BGP VPN, the following problems
arise:
l Unicast transmission of IPTV, multimedia on demand, and real-time video conference
services wastes too much bandwidth.
l The device on the public network does not know the VPN routing and forwarding (VRF)
table of each VPN instance and therefore is unable to forward the VPN multicast data.
Multicast VPN can solve the problems. It allows the multicast data of private networks to be
transmitted to the destination over the public network.
As shown in Figure 7-1, three instances are configured on the network to bear multicast
services, the VPN A instance, VPN B instance, and public network instance. They are
independent from each other, and each instance corresponds to an isolated plane.
site4 PE2
site6
site5 PE1
VPN instance B
P
PE2
PE1
PIM
PE3
Public instance
site2
site1 PE2
PE1
site3
The following takes VPN A as an example to describe how multicast VPN works:
l The multicast source S1 belongs to VPN A. S1 sends multicast data to the multicast
group G.
l Among all possible data receivers, only members of VPN A (namely, site 1, site 2, and
site 3) can receive multicast data from S1.
l Multicast data is multicast on various sites and the public network.
The greatest advantage of the MD mode is that only Provider Edges (PEs) are required to
support multi-instance. Customer Edges (CEs) and Providers (Ps) do not need to be upgraded,
and the existing protocol independent multicast (PIM) configurations on CEs and Ps do not
need to be modified. The MD scheme is transparent to CEs and Ps. In MD mode, however,
multicast VPN can only run on the public network tunnel based on the multicast distribution
tree (MDT) in the PIM-ASM model (PIM-ASM is short for protocol independent multicast -
any-source multicast).
The advantage of the BGP A-D mode is that peers in a multicast VPN can be discovered
automatically. Multicast VPN services can run on the public network tunnel based on the
MDT in the PIM-SSM model (PIM-SSM is short for protocol independent multicast - source-
specific multicast).
MD VPN
Multicast VPN that is implemented in MD mode is called MD VPN.
In MD VPN implementation, PEs that belong to an MD join the same multicast group by
having a VPN instance added to the group on each of them, and this group is called the Share-
Group.
A Share-MDT, short for Share-Multicast Distribution Tree, is set up when a private network
PIM instance joins the Share-Group on each of the PEs. The Share-MDT transmits PIM
packets and data packets from a PE in the VPN to other PEs within the same VPN. The
Share-MDT is regarded as a multicast tunnel (MT) within the MD and is uniquely identified
by a Share-Group address.
VPN data is transparently transmitted through the MT over the public network. A multicast
tunnel interface (MTI) is configured on each PE to seamlessly connect to the MT. A VPN
instance only knows that private network data is sent out from an MTI and will be received by
another MTI on the remote end. As virtual interfaces, MTIs transmit data between private
networks and the public network.
If the VPN spans several autonomous systems (ASs), VPN sites in different ASs need to be
connected. In MD VPN, there are two connection modes:
Switch-MDT Switchover
When multicast packets are forwarded along the share-MDT in the public network, the
packets are forwarded to all PEs in the same VPN instance, regardless of whether there is a
receiver at the site to which a PE is connected to. This may lead to data flooding in the VPN if
the VPN multicast data is transmitted at a high rate, which wastes the network bandwidth and
increases the stress on PEs.
The device uses an optimized MD scheme. A switch-MDT is set up between the PEs
connected to VPN receivers and the PE connected to a VPN source for the high-rate VPN
multicast data flowing to the public network. The multicast data flow is then switched from
the Share-MDT to the Switch-MDT so that multicast data can be transmitted on demand.
VPN CE2B
RED CE1R P VPN
BLUE
PC2
PC1
As shown in Figure 7-2, VPN BLUE instances bound to PE1 and PE2 communicate through
the MD BLUE and similarly, VPN RED instances bound to PE1 and PE2 communicate
through the MD RED, as shown in Figure 7-3 and Figure 7-4.
VPN CE1B
BLUE
CE2B
VPN
BLUE
PC2
CE2R VPN
RED
VPN CE1R
RED
PC1
The PIM C-instance on the PE considers the MTI as a LAN interface and sets up the PIM
neighbor relationship with the remote PIM C-instance through MTIs. The PIM C-instances
then use MTIs to perform DR election, send Join/Prune messages, and forward and receive
multicast data.
The PIM C-instance sends PIM protocol packets or multicast data packets to the MTI and the
MTI encapsulates the received packets. The packets after encapsulation are public network
multicast data packets and therefore are forwarded by the PIM P-instances on the network. In
conclusion, an MT is actually a multicast distribution tree on the public network.
l Different VPNs use different topologies and each topology uses a unique packet
encapsulation mode. In this manner, multicast data in different VPNs is isolated from
each other.
l The PIM C-instances on the PEs in the same VPN use the same MT and communicate
through this MT.
NOTE
A VPN uniquely defines an MD. An MD serves only one VPN. This relationship is called one-to-one
relationship. The VPN, MD, MTI, Share-Group, and Switch-group-pool are all in one-to-one
relationship.
VPNA
site1
CE1
PE1_vpnA-instance
PE3_vpnA-instance MD A
CE2
VPN A
site3 CE3
PE2_vpnA-instance
VPN A
site2
CE3
PE3
CE1 CE2
P
MD
PE1 PE2
PE-PE neighbour
PE-P neighbour
PE-CE neighbour
P RP
MD
PE1 PE2
IBGP:11.1.1.1/24 IBGP:11.1.2.1/24
As shown in Figure 7-7, the public network runs PIM-SM. The process of establishing a
Share-MDT is as follows:
1. The PIM P-instance on PE1 sends a Join message with the Share-Group address being
the multicast group address to the Rendezvous Point (RP) in the public network. PEs that
receive the Join message then create the (*, 239.1.1.1) entry on themselves. PE2 and PE3
also send Join messages to the RP in the public network. A Rendezvous Point Tree
(RPT) is thus formed in the MD, with the RP being the root and PE1, PE2, and PE3
being leaves.
2. The PIM P-instance on PE1 sends a Register message with the Multicast Tunnel
Interface (MTI) address being the source address and the Share-Group address being the
group address to the RP in the public network. The RP then creates the (11.1.1.1,
239.1.1.1) entry on itself. PE2 and PE3 also send Register messages to the RP in the
public network. Thus, three independent RP-source trees that connect PEs to the RP are
formed in the multicast domain (MD).
In the PIM-SM network, an RPT (*, 239.1.1.1) and three independent RP-source trees form a
Share-MDT.
MD
PE1 PE2
IBGP:11.1.1.1/24 IBGP:11.1.2.1/24
As shown in Figure 7-8, the public network runs PIM-DM. The process of establishing a
Share-MDT is as follows.
A flooding-pruning process is initiated on the entire public network with the PIM P-instance
on PE1 being a multicast source, the Share-Group address being the multicast group address,
and other PEs that support VPN A being group members. During this process, the (11.1.1.1,
239.1.1.1) entry is created on the PEs along the path in the public network. A Shortest Path
Tree (SPT) with PE1 being the root and PE2 and PE3 being leaves is thus set up. PE2 and
PE3 also start the similar flooding-pruning process in the public network to form two SPTs.
As a result, in the PIM-DM network, three independent SPTs are created and form a Share-
MDT.
4. The packet is forwarded to the public network instance on the remote PE along the
Share-multicast distribution tree (Share-MDT).
5. The remote PE decapsulates the packet, reverts it to a VPN multicast packet, and
forwards it to the VPN instance.
Figure 7-9 shows the process of converting a VPN multicast packet into a public network
multicast data packet and then into a VPN multicast packet. Table 7-1 describes the meaning
of each field in a VPN or public network multicast packet.
P-IP Header
Field Description
NOTE
l All interfaces that belong to the same VPN, including the PE interfaces bound to the VPN instance
and MTI, must be in the same PIM mode.
l The VPN instance and the public network instance are independent of each other. They can be in
different PIM modes.
l MTIs exchange Hello packets to set up PIM neighbors between VPN instances.
l If receivers and the VPN Rendezvous Point (RP) belong to different sites, receivers need
to send Join messages across the public network to set up a shared tree.
l If the multicast source and the VPN RP belong to different sites, registration must be
initiated across the public network to set up a source tree.
In the following example, the public network and VPNs run PIM-SM. VPN receivers send
Join messages across the public network. An example is given to show the process of
transmitting multicast protocol packets.
As shown in Figure 7-10, the receiver in VPN A belongs to Site2 and is connected to CE2.
CE1 is the RP of the VPN group G (225.1.1.1) and belongs to Site1.
RP
1. Through IGMP, the receiver informs CE2 to receive and forward data of the multicast
group G. CE2 creates the (*, 225.1.1.1) entry locally, and then sends a Join messages to
the VPN RP (CE1).
2. The VPN instance on PE2 receives the Join message sent by CE2, creates the (*,
255.1.1.1) entry, and specifies an MTI as the upstream interface. The instance then
forwards the Join message to the P for further processing. The VPN instance on PE2 then
considers that the Join message is sent out from the MTI.
3. PE2 encapsulates the Join message with GRE, reverts it to a common multicast data
packet (11.11.2.1, 239.1.1.1) on the public network with the address of the IBGP
interface on PE2 being the source address and the share-group address being the group
address. PE2 forwards the multicast data packet to the public network instance on PE2
for forwarding.
4. The multicast data packet (11.11.2.1, 239.1.1.1) is forwarded to the public network
instance on each PE along the Share-MDT. PEs decapsulate the packet and revert it to
the Join message sent to the VPN RP. The PEs then check the Join message. If the VPN
RP (CE1) is their directly connected sites, the PEs send the message to the VPN
instances on them for further processing. Otherwise, the Join message is discarded.
5. After receiving the Join message, the VPN instance on PE1 considers that the message is
received from an MTI. The instance creates the (*, 225.1.1.1) entry, and specifies an
MTI as the downstream interface and the interface towards CE1 as the upstream
interface. Then, the instance sends the Join message to the VPN RP.
6. After receiving the Join message from the instance on PE1, CE1 updates or creates the
(*, 225.1.1.1) entry. The multicast shared tree across VPNs is thus set up.
RP
P
The process of transmitting VPN multicast data across the public network is as follows:
1. The source sends VPN multicast data (192.1.1.1, 225.1.1.1) to CE1.
2. CE1 forwards the VPN multicast data to PE1 along the SPT. The VPN instance on PE1
searches for the forwarding entry. If the outgoing interface of the forwarding entry
contains an MTI, the instance forwards the VPN multicast data to the related P for
further processing. The VPN instance on PE1 then considers that the Join message is
sent out from the MTI.
3. PE1 encapsulates the VPN multicast data with GRE and reverts it to a public network
multicast data packet (11.1.1.1, 239.1.1.1) with the address of the IBGP interface on PE1
being the source address and the share-group address being the group address. PE1 then
forwards the multicast data packet to the public network instance for forwarding.
4. The multicast data packet (11.1.1.1, 239.1.1.1) is sent to the public network instance on
each PE along Share-MDT. Each PE decapsulates it, reverts it to VPN multicast data,
and forwards it to the related VPN instance for further processing. If there is an SPT
downstream interface on the PE, the data is forwarded along SPT. Otherwise, the data is
discarded.
5. The VPN instance on PE2 searches for the forwarding entry and then sends the VPN
multicast data to the receiver. So far, the process of transmitting VPN multicast data
across the public network is complete.
Background
According to the process of establishing a Share-multicast distribution tree (Share-MDT)
described in the previous section, you can find that the VPN instance bound to PE3 has no
receivers but PE3 still receives the VPN multicast data packet of the group (192.1.1.1,
225.1.1.1). This is a defect of the multicast domain (MD) scheme: All the PEs belonging to
the same MD can receive multicast data packets regardless of whether they have receivers.
This wastes the bandwidth and imposes extra burden on PEs.
Implementation
Figure 7-12 shows the switch-MDT implementation process based on the assumption that a
share-MDT has been successfully established.
RP
– The source and group addresses of VPN multicast data packets match the source
and group address ranges defined in the ACL filtering rules. Otherwise, the packets
are still forwarded along the Share-MDT.
– The forwarding rate of VPN multicast data packets exceeds the switchover
threshold, and this situation keeps for a certain period.
4. In some cases, the forwarding rate of VPN multicast data packets fluctuates around the
switchover threshold. To prevent the multicast data packets from being frequently
switched between the Share-MDT and Switch-MDT, the system does not perform the
switchover immediately after the system finds that the forwarding rate is greater than the
switchover threshold. Instead, the system starts the switch-delay timer. During the setup
of the Switch-MDT, the Share-MDT is still used for multicast data packet forwarding.
That is, the switch-delay timer can ensure non-stop forwarding during switch from the
Share-MDT to the Switch-MDT. Before the switch-delay timer times out, the system
continues to detect the data forwarding rate. If the rate remains higher than the
switchover threshold, data packets are switched to the Switch-MDT. Otherwise, the
packets are still forwarded through the Share-MDT.
l The forwarding rate of VPN multicast data packets should be lower than the specified
threshold and remain unchanged in the switch-Holddown period.
l In some cases, the forwarding rate of VPN multicast data packets fluctuates around the
switchover threshold. To prevent the multicast data flow from being frequently switched
between the Switch-MDT and Share-MDT, the system does not perform the switchover
when the system finds that the forwarding rate is lower than the switchover threshold.
Instead, the system starts the Holddown timer. The timeout period of the timer is
configured through the related command. Before the Holddown timer expires, the system
continues to detect the data forwarding rate. If the rate is always lower than the
switchover threshold, the data packets are switched back to the Share-MDT. Otherwise,
the packets are still forwarded through the Switch-MDT.
l When the switch-group-pool is changed, the switch-group address used to encapsulate
the VPN multicast data should be outside the switch-group-pool.
l If the advanced ACL rules used to control the switchover of VPN multicast data packets
to the Switch-MDT change, the VPN multicast data packets cannot pass the filtering of
new ACL rules.
Applicable Environment
Multicast VPN extranet meets the following requirements:
l Distributes multicast services among different enterprise users.
l Enables service or contents providers to distribute multicast services to different
enterprise users. The multicast data of a VPN can be provided for users in other VPNs to
use.
Principles
Multicast VPN extranet is applicable to two scenarios: remote-cross scenario and local-cross
scenario. The basic principles of multicast VPN extranet applied in the two scenarios are
described as follows:
l Remote-cross scenario
Figure 7-13 Networking diagram of the remote-cross scenario of multicast VPN extranet
Source
VPN
Source BLUE
VPN
RED
CE2
PE1 PE2
CE1
IP MPLS Core
PE3
CE3
VPN
BLUE
Receiver Receiver
As shown in Figure 7-13, VPN RED is configured on PE1; the address of the share-
group is the address of G1; the site where CE1 resides is connected to the multicast
source of VPN RED. VPN BLUE is configured on PE2; the address of the share-group is
the address of G2; the site where CE2 resides is connected to the multicast source of
VPN BLUE. Therefore, PE1 functions as the source PE of VPN RED, and PE2 functions
as the source PE of VPN BLUE. VPN BLUE is configured on PE3; the address of the
share-group is the address of G2; PE3 establishes an MDT with PE2 on the public
network. A user at the site where CE3 resides needs to receive multicast data from both
VPN BLUE and VPN RED. Therefore, PE3 functions as the receiver PE of VPN RED
and VPN BLUE.
In such a scenario, after configuring a VPN instance on the local PE, you need to
establish a multicast tunnel between the VPN instance of the local PE and that of the
remote PE. There are two configuration options available to provide multicast VPN
extranet services:
– Configure the source VPN on the PE where the receiver VPN resides. Based on the
multicast domain (MD) to which the VPN to be accessed belongs, configure source
VPN RED on PE3 and a multicast routing policy for the receiver VPN instance.
Then, hosts in the receiver VPN instance can send Join messages to source VPN.
PE3 then encapsulates multicast Join messages with the share-group address of
VPN RED, and sends the multicast Join messages to PE1 over the public network.
Finally, the multicast Join messages reach the multicast source of VPN RED.
Similarly, the multicast source of VPN RED sends multicast traffic over the public
network to VPN RED at the PE3 side. The multicast traffic is then imported to VPN
BLUE, and finally reaches the user.
– Configure the receiver VPN on the PE where the source VPN resides. Based on the
MD to which the VPN to be accessed belongs, configure receiver VPN BLUE
instance on PE1. Then, the source VPN instance and the receiver VPN instance can
exchange unicast routes. Hosts in the receiver VPN instance send Join messages to
the source VPN instance.
PE3 then encapsulates multicast Join messages with the share-group address of
VPN BLUE, and then sends the multicast Join messages to VPN BLUE on PE1
over the public network. PE1 then imports the multicast Join messages from VPN
BLUE to VPN RED. Therefore, the multicast Join messages reach the multicast
source of VPN RED. Similarly, after multicast traffic sent by the multicast source of
VPN RED is imported by PE1 to receiver VPN BLUE, VPN BLUE encapsulates
the multicast traffic with its share-group address, and then sends the multicast
traffic to the local VPN instance of PE3. Finally, the multicast traffic is forwarded
to the user on the associated VPN.
l Local-cross scenario
Figure 7-14 Networking diagram of the local-cross scenario of multicast VPN extranet
Receiver Source
VPN VPN
RED BLUE
CE1
IP MPLS Core
PE3
CE3-1 CE3-2
VPN VPN
RED BLUE
Receiver Receiver
Source
As shown in Figure 7-14, users at the site where CE3-2 resides need to receive multicast
data from both VPN BLUE and VPN RED. PE2 is the source PE of VPN BLUE. The
site where CE2 resides is connected to the multicast source of VPN BLUE. The
multicast source of VPN RED is connected to CE3-1. Both CE3-1 and CE3-2 are at the
PE3 side.
In the local-cross scenario, the receiver VPN and the source VPN are on the same PE,
and multicast traffic enters the PE through a VPN instance and leaves the PE through
another VPN instance. On PE3, the Import Route Target (IRT) of VPN BLUE needs to
be configured to be the same as the Export Route Target (ERT) of VPN RED so that
CE3-1 and CE3-2 can exchange VPN unicast routes. The process for a user to request
and receive multicast data from VPN RED is as follows:
a. A user at the site where CE3-2 resides requests multicast data from VPN RED. PE3
receives a PIM Join message from CE3-2, and then creates a multicast routing entry
of VPN BLUE. Through the RPF check, PE3 finds that the upstream interface of
the RPF route belongs to VPN RED. Then, PE3 sends a Join message to VPN RED.
b. PE3 creates a multicast routing entry (which has the receiver list including receiver
VPN BLUE) for VPN RED and then sends a PIM Join message to CE3-1.
c. The multicast data of VPN RED reaches PE3 through CE3-1. PE3 then imports the
multicast data to receiver VPN BLUE based on the multicast routing entries of VPN
RED.
d. After importing multicast data from VPN RED to VPN BLUE, PE3 sends the
multicast data to CE3-2 based on multicast routing entries of VPN BLUE. CE3-2
then sends the required multicast data of VPN RED to the user.
NOTE
A VPN extranet's multicast protocol and data packets are not encapsulated by GRE if the VPN extranet
connects to multicast sources on a public network.
Related Concepts
BGP A-D MVPN related concepts are as follows:
l Peer: BGP speakers that exchange messages with each other are called peers.
l A-D route: is used to discover all peers in the same VPN. This type of route helps
implement tunnel setup and control message exchange between peers.
l BGP update message: is used to exchange routes between BGP peers.
Principles
Currently, two BGP A-D modes, namely, MDT-Subsequent Address Family Identifier (SAFI)
A-D and MCAST-VPN SAFI A-D, are supported:
l In MDT-SAFI A-D mode, a new address family is defined by BGP. In this manner, after
VPN instance is configured on a PE, the PE advertises the VPN configuration including
the RD and share-group address to all its BGP peers. After a remote PE receives an
MDT-SAFI message advertised by BGP, the remote PE compares the share-group
address in the message with its share-group address. If the remote PE confirms that it is
in the same VPN with the sender of the MDT-SAFI message, the remote PE establishes
the PIM-SSM MDT on the public network to transmit multicast VPN services.
l The principles of MCAST-VPN SAFI A-D are similar to that of MDT-SAFI A-D. That
is, the multicast VPN configuration is transmitted through BGP Update packets. The
difference is that in MCAST-VPN SAFI A-D mode, a BGP Update packet carries more
multicast VPN attributes and information for establishing the public network tunnel.
Therefore, the MCAST-VPN SAFI A-D mode is applicable to the next-generation
multicast VPN.
The same VPN to which different PEs are added can use the same BGP A-D mode, and the
different VPNs to which the same PE is added can use different BGP A-D modes to
automatically discover the BGP peers of PEs.
l Scenario where the same VPN to which different PEs are added can use the same BGP
A-D mode in MVPN in BGP A-D mode
Figure 7-15 Networking diagram of the scenario where the same VPN to which different
PEs are added can use the same BGP A-D mode in MVPN in BGP A-D mode
Source
VPN
RED
PE1
CE1
IP MPLS Core
PE2
PE3
CE3 CE2
VPN VPN
RED RED
Receiver Receiver
Receiver
As shown in Figure 7-15, PE1, PE2, and PE3 belong to VPN RED, and join the share-
group G1. The address of G1 is within the SSM group address range. BGP A-D in the
same mode is enabled on each PE. In addition, the BGP A-D function is enabled on VPN
RED. The site where CE1 resides is connected to Source of VPN RED, and CE2 and
CE3 are connected to VPN users. Based on the BGP A-D mechanism, every PE on the
network obtains and records information about all its BGP peers on the same VPN, and
then directly establishes a PIM-SSM MDT on the public network for transmitting
multicast VPN services. In this manner, MVPN services can be transmitted over a public
network tunnel based on the PIM-SSM MDT.
The following takes PE3 as an example to describe service processing in MVPN in BGP
A-D mode:
a. After being configured with the BGP A-D function, PE1, PE2, and PE3 negotiate
session parameters, and confirm that both ends support the BGP A-D function.
Then, the PEs can establish BGP peer relationships. After receiving a BGP Update
packet from PE1 and PE2 respectively, PE3 obtains and records the BGP peer
addresses of PE1 and PE2. The BGP Update packets carry the information about
the PEs that send packets, such as the PE address and supported tunnel type.
b. VPN RED is configured on PE3. PE3 joins the share-group G1. PE3 creates a PIM-
SSM entry with G1 being the group address and the address of PE1 being the
source address and another PIM-SSM entry with G1 being the group address and
the address of PE2 being the source address. PE3 then directly sends PIM Join
messages to PE1 and PE2 to establish two PIM-SSM MDTs to PE1 and PE2
respectively.
c. CE3 sends a Join message to PE3. After receiving the Join message, PE3
encapsulates the Join message with the PIM-SSM share-group address, and then
sends it to PE1 over the public network tunnel. PE1 then decapsulates the received
Join message, and then sends it to the multicast source.
d. After the multicast data sent by the multicast source reaches PE1, PE1 encapsulates
the multicast data with the share-group address, and then forwards it to PE3 over
the public network tunnel. PE3 then forwards the multicast data to CE3, and CE3
sends the multicast data to the user.
l Scenario where the different VPNs to which the same PE is added can use different BGP
A-D modes in MVPN in BGP A-D mode
Figure 7-16 Networking diagram of the scenario where the different VPNs to which the
same PE is added can use different BGP A-D modes in MVPN in BGP A-D mode
Source Source
VPN VPN
RED BLUE
CE1
IP MPLS Core
PE3
CE3 CE2
VPN VPN
RED BLUE
Receiver Receiver
Receiver
As shown in Figure 7-16, PE1 belongs to VPN RED, PE2 belongs to VPN BLUE, and
PE3 belongs to both VPN RED and VPN BLUE. BGP A-D in MDT-SAFI mode is
enabled on PE1, BGP A-D in MCAST-VPN SAFI mode is enabled on PE2, and both
BGP A-D in BGP MDT-SAFI mode and BGP A-D in MCAST-VPN SAFI mode are
enabled on PE3. In addition, on PE3, BGP A-D in MDT-SAFI A-D mode is used by
VPN RED whereas BGP A-D in MCAST-VPN SAFI A-D mode is used by VPN BLUE.
The site where CE1 resides is connected to the multicast source of VPN RED and the
site where CE4 resides is connected to the multicast source of VPN BLUE. CE2 and
CE3 are connected to VPN users. Based on the BGP A-D mechanism, BGP peers
enabled with BGP A-D in the same mode obtain the BGP A-D information from each
other, and every PE on the network obtains and records information about all peers on
the same VPN and directly establishes a PIM-SSM MDT on the public network for
transmitting multicast VPN services. In this manner, MVPN services can be sent over a
public network tunnel based on the PIM-SSM MDT.
The interaction between MVPNs supporting BGP A-D through different BGP A-D
address families is as follows:
a. After being configured with BGP A-D, PE1, PE2, and PE3 negotiate session
parameters. Because PE1 and PE2 are configured with BGP A-D in different
modes, PE1 and PE2 fail to negotiate session parameters and cannot set up the BGP
peer relationship. Because PE3 is configured with BGP A-D in both modes, PE3
can establish BGP peer relationships with PE1 and PE2 respectively. After
receiving a BGP Update packet from PE1 and PE2 respectively, PE3 obtains and
records the BGP peer addresses of PE1 and PE2. The BGP update packets carry the
information about the PEs that send packets, such as the PE address and supported
tunnel type.
b. PE3 encapsulates its BGP A-D information including the address and supported
tunnel type in a packet used by MVPN in MDT-SAFI mode and in another packet
used by MVPN in MCAST-VPN SAFI mode, and then sends the former packet to
PE1 and latter packet to PE2. After receiving the corresponding packet, PE1 and
PE2 record the information about PE3.
c. PE1 and PE3 that belong to the same VPN RED obtain each other's information,
and send an (S, G) Join message to each other. Similarly, PE2 and PE3 that belong
to the same VPN BLUE obtain each other's peers, and send an (S, G) Join message
to each other.
d. Finally, the multicast traffic of each VPN is forwarded to users attached to CE3 of
VPN RED and users attached to CE2 of VPN BLUE respectively.
Principles
As multicast services are widely deployed and the number of users requesting multicast
services is increasing, multicast users and multicast sources may reside in different ASs. To
allow multicast users in a different AS to enjoy multicast services, multicast services need to
be transmitted in a VPN across ASs. There are two types of inter-AS MVPNs: Option A and
Option B.
NOTE
Related Concepts
The following part briefly describes the concept of inter-AS MVPN with reference to the
following figures:
Implementation
Among three types of inter-AS MVPN, Option A supports Any-Source Multicast (ASM) and
Source-Specific Multicast (SSM), whereas Option B only supports MDT-SAFI auto-discovery
(A-D) of MVPN BGP A-D in SSM. The implementation of each type of inter-AS MVPN is
described as follows:
b. After the VPN multicast data of CE1 reaches ASBR2", ASBR2" considers that the
multicast data comes from VPN2. ASBR2" then encapsulates the multicast data and
forwards it to PE2 and then CE2 in MD2. Similarly, VPN multicast data of CE2 can
also reach CE1 based on the preceding process. In this manner, CE1 and CE2 can
exchange VPN multicast data across ASs.
l Inter-AS MVPN Option B:
As shown in Figure 7-18, each P does not know the route to the other AS, and each
ASBR does not know the route to the PE in the other AS. This hinders the establishment
of a multicast distribution tree across ASs because the next hop to the multicast source
cannot be identified when PIM Join messages are sent. To solve this problem, the PIM
Vector technique is used. Based on PIM Vector, PEs and ASBRs check the BGP MDT
SAFI route to obtain the BGP neighbor information (Vector information containing RD
information), and add the Vector information to the PIM Join messages. In this manner, a
multicast distribution tree can be established across ASs.
To be specific, after receiving a PIM Join message with Vector information, a device
checks whether the Vector information specifies the IP address of a local interface:
– If the Vector information does not specify the IP address of a local interface, the
device continues to send the PIM Join message to the next hop based on the Vector
information.
– If the Vector information specifies the IP address of a local interface, the device
searches for the new Vector information in the BGP MDT SAFI routing table based
on the RD and the multicast source IP address. If the new Vector information
specifies an IP address in the same AS as the multicast source address, the device
forwards the PIM Join message based on an Interior Gateway Protocol (IGP) route.
If the new Vector information does not specify an IP address in the same AS as the
multicast source address, the device continues to send the PIM Join message to the
next hop based on the Vector information.
In this manner, a multicast distribution tree can be established across ASs.
Inter-AS MVPN Option B needs only one MD to be established across ASs.
AS1 AS2
ASBR1 ASBR2 PE2
PE1
Real physical link
P1 P2
Public instance
MTI MTI
CE1 MD
In inter-AS MVPN Option B, VPN multicast data is transmitted in the following process:
a. VPN multicast data of CE1 is encapsulated on PE1 based on MTI and then
forwarded over Multicast Tunnel (MT) tunnels. The encapsulated VPN multicast
data is transmitted over the public network as common multicast data based on
Share-Group or Switch-Group entries of the public network.
b. The VPN multicast data reaches PE2 and inter-AS multicast is implemented. PE1
and PE2 do not know how VPN multicast data is transmitted across ASs and
consider that the VPN multicast data is transmitted within the same AS.
Application scenario
Inter-AS MVPN is applicable to networks that adopt inter-AS VPN Option A and Option B.
Advantages
Inter-AS MVPN allows carriers to deploy multicast VPN across ASs to provide multicast
services for users in different ASs.
7.3 Applications
This section describes multicast VPN applications.
CE1B VPN
VPN CE2R
BLUE RED
Public
PE1 PE2
VPN CE2B
RED CE1R P VPN
BLUE
PC2
PC1
As shown in Figure 7-19, a single AS runs MPLS/BGP VPN. Both PE1 and PE2 are
configured with two VPN instances, namely, VPN BLUE and VPN RED, and the same Share-
Group address is set for the same VPN instances on the two PEs. In such a case, the VPN
instances with the same Share-Group address join the same MD. After the corresponding
Share-multicast distribution tree (MDT) is established, the protocol packets and low-rate data
in the VPNs can be transmitted through their respective Multicast Tunnel (MT).
VPN BLUE is taken as an example to describe how multicast services are transmitted
between VPNs.
1. A VPN instance named VPN BLUE is configured on both PE1 and PE2 and the
instances on the two PEs use the same Share-Group address. After the corresponding
Share-MDT is established, the VPN BLUE instances connected with CE1B and CE2B
can exchange multicast protocol packets through the corresponding MT.
2. Multicast devices in the VPNs connected with CE1B and CE2B can then establish
neighbor relationships, and send Join, Prune, and BootStrap router (BSR) messages to
each other. The protocol packets in the VPNs are encapsulated and decapsulated only on
the MT of the PEs. The devices, however, do not know that they are in VPN networks.
They still process the multicast protocol packets and forward multicast data packets like
the devices in the public network. In this way, multicast service transmission in one VPN
instance is implemented and multicast services in different VPN instances are isolated.
VPN1 VPN1
Source1
PC3
As shown in Figure 7-20, ASs 100 and 200 are deployed between Source 1 and PC3. Source
1 is required to provide multicast services for PC3. Inter-AS MVPN must be deployed to
enable Source 1 to provide multicast services for PC3.
Among two types of inter-AS MVPN, OptionA supports Any-Source Multicast (ASM) and
Source-Specific Multicast (SSM), whereas OptionB only support MDT-SAFI auto-discovery
(A-D) of MVPN BGP A-D in SSM.
l Inter-AS MVPN OptionA: an independent multicast domain (MD) is established in each
AS, and VPN multicast data is transmitted between MDs.
l Inter-AS MVPN OptionB: each P does not know the route to the other AS, and each
ASBR does not know the route to the PE in the other AS. This hinders the establishment
of a multicast distribution tree across ASs because the next hop to the multicast source
cannot be identified when PIM Join messages are sent. To solve this problem, the PIM
Vector technique is used. Based on PIM Vector, PEs and ASBRs check the BGP MDT
SAFI route to obtain the BGP neighbor information (Vector information containing RD
information), and add the Vector information to the PIM Join messages. In this manner, a
multicast distribution tree can be established across ASs.
Usage Scenario
MD VPN only supports IP multicast in Any-Source Multicast (ASM) mode on the public
network. Protocol independent multicast (PIM) tunnels are set up on the public network to
transmit multicast data between sites in a VPN.
You need to ensure that a VPN operates properly if you want to have multicast data
transmitted in the VPN. To allow a Provider Edge (PE) to receive data from multiple VPNs,
configure a public network instance and multiple VPN instances on the PE. The public
network instance is responsible for the communication with the Provider (P), and the VPN
instances are responsible for the communication with respective Customer Edges (CEs).
A Share-MDT (MDT is short for multicast distribution tree) is used to guide multicast
forwarding in MD VPN. Alternatively, a special Switch-MDT can be constructed to guide
forwarding of VPN multicast data flowing to the public network. The VPN multicast data is
then switched from the Share-MDT to the Switch-MDT. Multicast data can therefore be
transmitted on demand, and the stress on PEs is reduced.
Pre-configuration Tasks
Before configuring MD VPN, complete the following tasks:
Data Preparation
To configure MD VPN, you need the following data.
No. Data
2 Share-Group address
Context
IP multicast routing needs to be enabled on every PE on the network.
Procedure
Step 1 Run:
system-view
The VPN instance IPv4 address family is enabled and its view is displayed.
Step 5 Run:
route-distinguisher route-distinguisher
----End
Context
An MD is a group of VPN instances that can transmit and receive multicast packets between
PEs.Different VPN instances belong to different MDs. An MD serves a specific VPN. All
private multicast data transmitted in the VPN is transmitted in the MD. All VPN instances on
the PEs that belong to an MD need to join the same multicast group, which is called the
Share-Group. A multicast distribution tree (MDT) is set up on the public network to transmit
PIM packets and multicast data packets between PEs in the MD.
Multicast Tunnel Interfaces (MTIs) are the ingress and egress of the MDT in the public
network. A PE in a VPN sends VPN data through an MTI, and a remote PE receives the data
through another MTI. MTIs enable interaction between the public network instance and VPN
instances on PEs.
NOTE
One Share-Group address cannot be configured for different VPN instances on a PE.
In MD VPN, the value range of a Share-Group address is the same as that of an Any-Source Multicast
(ASM) group address range.
In BGP A-D multicast VPN, the value range of a Share-Group address is the same as that of an Source-
Specific Multicast (SSM) group address range.
Procedure
Step 1 Run:
system-view
The VPN instance IPv4 address family is enabled and its view is displayed.
Step 4 Run:
multicast-domain share-group group-address binding mtunnel number
A Share-Group is configured. The system automatically creates an MTI, and then binds the
Share-Group to the MTI and binds the MTI to the VPN instance IPv4 address family.
NOTE
After an MTI is created using the command in this step, the system automatically configures PIM on the
MTI. You do not need to configure PIM on this MTI.
PIM-SM is enabled on an MTI by default. If a physical interface configured with a PIM mode exists in
the same VPN with an MTI, the PIM mode of the MTI will be the same as that of the physical interface.
----End
Context
Multicast Tunnel Interfaces (MTIs) are virtual interfaces. They enable interaction between the
public network instance and VPN instances on PEs. Exchanging PIM packets between MTIs,
PEs can set up PIM neighbor relationships with each other in the public network instance.
When being transmitted between a VPN instance and the public network instance, multicast
packets need to be encapsulated into or decapsulated from Generic Routing Encapsulation
(GRE) packets. If the length of VPN multicast packets equals or approaches the MTU of the
outbound interface of the public network instance, the length of GRE packets into which
multicast packets are encapsulated will exceed the MTU of the outbound interface of the
public network instance. The GRE packets then need to be fragmented before being sent out
through the outbound interface of the public network instance and assembled after arriving at
the receive end. Therefore, setting a small MTU on the MTI is recommended to make large
VPN multicast packets be fragmented before being encapsulated into GRE packets. GRE
packets then do not need to be assembled on the receive end, and this improves efficiency.
NOTE
Procedure
l Automatic configuration
a. Run:
system-view
An IPv4 address family is enabled for the VPN instance and the VPN instance IPv4
address family view is displayed.
d. Run:
multicast-domain source-interface interface-type interface-number
NOTE
To avoid frequent protocol changes caused by interface flapping, use the loopback interface
address as the MTI address.
l Manual configuration
a. Run:
system-view
b. Run:
interface mtunnel number
NOTE
The MTI address must be the same as the IP address that is used to set up the Internal BGP
(IBGP) peer relationship on the PE in the public network. Otherwise, the VPN multicast
packets received on the MTI cannot pass the Reverse Path Forwarding (RPF) check.
d. (Optional) Run:
mtu mti-mtu
Context
In MD VPN, an MDT is set up between PEs. All PEs that belong to the same MD receive
multicast packets, irrespective of whether they have receivers connected to them. This wastes
bandwidth resources and imposes an extra burden on PEs. The Switch-MDT is an
optimization of the MDT. It allows on-demand multicast transmission. Traffic will be
switched from the Share-MDT to the Switch-MDT if multicast traffic on PEs reaches the
maximum. Only the PEs that have receivers connected to them will receive multicast data
from the Switch-MDT. This reduces the stress on PEs and bandwidth consumption.
NOTE
If you do not configure a Switch-MDT, VPN multicast data will always be transmitted along the Share-
MDT.
Procedure
Step 1 Run:
system-view
ipv4-family
The VPN instance IPv4 address family is enabled and its view is displayed.
Step 4 Run:
multicast-domain switch-group-pool switch-group-pool { network-mask |network-mask-
length } [ threshold threshold-value | acl { advanced-acl-number | acl-name } ] *
The switching group pool of a Switch-MDT and conditions for Switch-MDT switching are
configured.
The time for keeping the rate of VPN multicast data lower than the threshold before data
switchback from the Switch-MDT to the Share-MDT is set.
By default, the delay for switching back VPN multicast traffic from the Share-MDT to the
Switch-MDT is 60 seconds.
disables the source PE from sending null Register messages to the rendezvous point (RP) to
establish the shortest path tree (SPT) on the public network before encapsulating the Switch-
Group address to VPN data. After this command is configured, the Switch-Group switchover
on the public network is established as defined in RFC 6037.
By default, the source PE sends null Register messages to the RP to establish the SPT on the
public network before encapsulating the Switch-Group address to VPN data.
----End
Procedure
l Run the display multicast-domain vpn-instance vpn-instance-name share-group
[ local | remote ] command to check the Share-Group information of the MD for a
specified VPN instance.
l Run the display pim vpn-instance vpn-instance-name interface mtunnel interface-
number [ verbose ] command to check information about the MTI.
----End
Example
Run the display multicast-domain vpn-instance command to view Share-Group and MTI
information. For example:
<Huawei> display multicast-domain vpn-instance BLUE share-group
MD local share-group information for VPN-Instance: BLUE
Share-group: 224.0.2.0
MTunnel address: 3.3.3.3
Info: There is no MD remote share-group information for VPN-Instance: BLUE
Usage Scenario
In MD VPN, Provider Edges (PEs) in a VPN do not know information about peers or the
multicast source. As a result, the PEs cannot send Join packets to the multicast source, and a
Protocol Independent Multicast-Source-Specific Multicast (PIM-SSM) multicast distribution
tree (MDT) cannot be set up.
To solve this problem, deploy BGP auto-discovery (A-D) multicast VPN in an autonomous
system (AS) to allow PEs to automatically discover members in a VPN. A PIM-SSM MDT
then can be set up, and multicast services in the VPN can be transmitted along the MDT in the
public network.
At present, two A-D modes are supported. They are the multicast distribution tree-Subsequent
Address Family Identifier (MDT-SAFI) A-D mode and the MCAST-VPN SAFI A-D mode.
l MDT-SAFI A-D mode: defines a new address family in the MDT-SAFI message
advertised using BGP. After being configured with multicast VPN, a PE advertises its
multicast VPN configurations (including the RD and Share-Group address) in an MDT-
SAFI message to all BGP peers. When a BGP peer receives the MDT-SAFI message, it
compares the RD in the message with the local Route Distinguisher (RD). If the RDs are
same, the BGP peer and the PE are members of the same VPN. The BGP peer then uses
the MDT-SAFI message to set up a PIM-SSM MDT for transmitting VPN multicast
services.
l MCAST-VPN SAFI A-D mode: defines a new address family in the MCAST-VPN SAFI
message advertised using BGP. Similar to MDT-SAFI A-D, MCAST-VPN SAFI A-D
transmits messages between BGP peers to advertise multicast VPN configurations
(including the RD and Share-Group address). Different from MDT-SAFI A-D, MCAST-
VPN SAFI A-D is defined in a broader sense and supports more extensions. More
multicast VPN attributes and information used for setting up the public network tunnel
are carried in MCAST-VPN SAFI messages. For this reason, the MCAST-VPN SAFI A-
D mode applies to next-generation multicast VPN.
BGP A-D multicast VPN is suitable for single-AS scenarios, with no Rendezvous Point (RP)
configured on the public network.
The BGP A-D function does not affect the original multicast VPN service flow. If the Share-
Group address is in the Any-Source Multicast (ASM) address range, or the Protocol
Independent Multicast-Dense Mode (PIM-DM) protocol is used on the public network,
tunnels can also be set up over the public network to transmit multicast traffic between sites
of a VPN.
Pre-configuration Tasks
Before configuring BGP A-D multicast VPN, complete the following tasks:
l Configuring a unicast routing protocol
l Configuring BGP/MPLS IP VPN
l Configuring multicast on the public network
Data Preparation
To configure BGP A-D multicast VPN, you need the following data.
No. Data
3 Share-Group address and Switch-Group address pool range of the VPN instance
Context
IP multicast routing needs to be enabled on every PE on the network.
Procedure
Step 1 Run:
system-view
Step 2 Run:
multicast routing-enable
The VPN instance IPv4 address family is enabled and its view is displayed.
Step 5 Run:
route-distinguisher route-distinguisher
----End
Context
An MD is a group of VPN instances that can transmit and receive multicast packets between
PEs.Different VPN instances belong to different MDs. An MD serves a specific VPN. All
private multicast data transmitted in the VPN is transmitted in the MD. All VPN instances on
the PEs that belong to an MD need to join the same multicast group, which is called the
Share-Group. A multicast distribution tree (MDT) is set up on the public network to transmit
PIM packets and multicast data packets between PEs in the MD.
Multicast Tunnel Interfaces (MTIs) are the ingress and egress of the MDT in the public
network. A PE in a VPN sends VPN data through an MTI, and a remote PE receives the data
through another MTI. MTIs enable interaction between the public network instance and VPN
instances on PEs.
NOTE
One Share-Group address cannot be configured for different VPN instances on a PE.
In MD VPN, the value range of a Share-Group address is the same as that of an Any-Source Multicast
(ASM) group address range.
In BGP A-D multicast VPN, the value range of a Share-Group address is the same as that of an Source-
Specific Multicast (SSM) group address range.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip vpn-instance vpn-instance-name
Step 3 Run:
ipv4-family
The VPN instance IPv4 address family is enabled and its view is displayed.
Step 4 Run:
multicast-domain share-group group-address binding mtunnel number
A Share-Group is configured. The system automatically creates an MTI, and then binds the
Share-Group to the MTI and binds the MTI to the VPN instance IPv4 address family.
NOTE
After an MTI is created using the command in this step, the system automatically configures PIM on the
MTI. You do not need to configure PIM on this MTI.
PIM-SM is enabled on an MTI by default. If a physical interface configured with a PIM mode exists in
the same VPN with an MTI, the PIM mode of the MTI will be the same as that of the physical interface.
----End
Context
Multicast Tunnel Interfaces (MTIs) are virtual interfaces. They enable interaction between the
public network instance and VPN instances on PEs. Exchanging PIM packets between MTIs,
PEs can set up PIM neighbor relationships with each other in the public network instance.
When being transmitted between a VPN instance and the public network instance, multicast
packets need to be encapsulated into or decapsulated from Generic Routing Encapsulation
(GRE) packets. If the length of VPN multicast packets equals or approaches the MTU of the
outbound interface of the public network instance, the length of GRE packets into which
multicast packets are encapsulated will exceed the MTU of the outbound interface of the
public network instance. The GRE packets then need to be fragmented before being sent out
through the outbound interface of the public network instance and assembled after arriving at
the receive end. Therefore, setting a small MTU on the MTI is recommended to make large
VPN multicast packets be fragmented before being encapsulated into GRE packets. GRE
packets then do not need to be assembled on the receive end, and this improves efficiency.
NOTE
Procedure
l Automatic configuration
a. Run:
system-view
An IPv4 address family is enabled for the VPN instance and the VPN instance IPv4
address family view is displayed.
d. Run:
multicast-domain source-interface interface-type interface-number
NOTE
To avoid frequent protocol changes caused by interface flapping, use the loopback interface
address as the MTI address.
l Manual configuration
a. Run:
system-view
NOTE
The MTI address must be the same as the IP address that is used to set up the Internal BGP
(IBGP) peer relationship on the PE in the public network. Otherwise, the VPN multicast
packets received on the MTI cannot pass the Reverse Path Forwarding (RPF) check.
d. (Optional) Run:
mtu mti-mtu
----End
Context
BGP A-D multicast VPN, in either MDT-SAFI A-D or MCAST-VPN SAFI A-D mode,
transmits messages between BGP peers to advertise multicast VPN configurations, including
the RD and Share-Group address. After member PEs in a VPN are automatically discovered,
VPN multicast services are transmitted along the public network tunnel based on the PIM-
SSM MDT. Compared with MDT-SAFI A-D, MCAST-VPN SAFI A-D is defined in a
broader sense and supports more extensions. More multicast VPN attributes and information
used for setting up the public network tunnel are carried in MCAST-VPN SAFI messages. For
this reason, the MCAST-VPN SAFI A-D mode applies to next-generation multicast VPN.
NOTE
If multicast VPN is implemented in BGP A-D mode, the configured A-D mode must be consistent with
the A-D address family type configured in the BGP view.
The same VPN instance enabled with the IPv4 address family supports only one A-D mode.
Different VPN instances enabled with the IPv4 address family on the same PE must be
configured with different A-D modes. Enable the two types of A-D address families in the
BGP view, ensuring that each VPN instance selects a specific A-D mode to forward multicast
data.
Procedure
l Configure the MDT-SAFI A-D mode.
a. Run:
system-view
Route exchange with a specific peer or peer group is enabled in the BGP-MDT
address family view.
e. Run:
quit
The VPN instance IPv4 address family is enabled and its view is displayed.
i. Run:
auto-discovery mdt [ import route-policy route-policy-name ]
The MDT-SAFI A-D mode is configured for the VPN instance IPv4 address family.
l Configure the MCAST-VPN SAFI A-D mode.
a. Run:
system-view
Route exchange with a specific peer or peer group is enabled in the BGP-MVPN
address family view.
e. Run:
quit
The VPN instance IPv4 address family is enabled and its view is displayed.
i. Run:
auto-discovery mvpn [ import route-policy route-policy-name ]
The MCAST-VPN SAFI A-D mode is configured for the VPN instance IPv4
address family.
----End
Context
In MD VPN, an MDT is set up between PEs. All PEs that belong to the same MD receive
multicast packets, irrespective of whether they have receivers connected to them. This wastes
bandwidth resources and imposes an extra burden on PEs. The Switch-MDT is an
optimization of the MDT. It allows on-demand multicast transmission. Traffic will be
switched from the Share-MDT to the Switch-MDT if multicast traffic on PEs reaches the
maximum. Only the PEs that have receivers connected to them will receive multicast data
from the Switch-MDT. This reduces the stress on PEs and bandwidth consumption.
NOTE
If you do not configure a Switch-MDT, VPN multicast data will always be transmitted along the Share-
MDT.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip vpn-instance vpn-instance-name
Step 3 Run:
ipv4-family
The VPN instance IPv4 address family is enabled and its view is displayed.
Step 4 Run:
multicast-domain switch-group-pool switch-group-pool { network-mask |network-mask-
length } [ threshold threshold-value | acl { advanced-acl-number | acl-name } ] *
The switching group pool of a Switch-MDT and conditions for Switch-MDT switching are
configured.
The time for keeping the rate of VPN multicast data lower than the threshold before data
switchback from the Switch-MDT to the Share-MDT is set.
By default, the delay for switching back VPN multicast traffic from the Share-MDT to the
Switch-MDT is 60 seconds.
disables the source PE from sending null Register messages to the rendezvous point (RP) to
establish the shortest path tree (SPT) on the public network before encapsulating the Switch-
Group address to VPN data. After this command is configured, the Switch-Group switchover
on the public network is established as defined in RFC 6037.
By default, the source PE sends null Register messages to the RP to establish the SPT on the
public network before encapsulating the Switch-Group address to VPN data.
----End
Prerequisites
BGP A-D multicast VPN has been configured.
Procedure
l Run either of the following commands to check the multicast routing table:
– display multicast { vpn-instance vpn-instance-name | all-instance } routing-table
[ group-address [ mask { group-mask | group-mask-length } ] | source-address
[ mask { source-mask | source-mask-length } ] | incoming-interface { interface-
type interface-number | register } | outgoing-interface { include | exclude |
match } { interface-type interface-number | register | none } ] * [ outgoing-
interface-number [ number ] ]
– display multicast routing-table [ group-address [ mask { group-mask | group-
mask-length } ] | source-address [ mask { source-mask | source-mask-length } ] |
incoming-interface { interface-type interface-number | register } | outgoing-
interface { include | exclude | match } { interface-type interface-number | vpn-
instance vpn-instance-name | register | none } ] * [ outgoing-interface-number
[ number ] ]
l Run one of the following commands to check the PIM routing table:
– display pim { vpn-instance vpn-instance-name | all-instance } routing-table
[ group-address [ mask { group-mask-length | group-mask } ] | source-address
[ mask { source-mask-length | source-mask } ] | incoming-interface { interface-
type interface-number | register } | outgoing-interface { include | exclude |
match } { interface-type interface-number | register | none } | mode { dm | sm |
ssm } | flags flag-value | fsm ] * [ outgoing-interface-number [ number ] ]
– display pim routing-table [ group-address [ mask { group-mask-length | group-
mask } ] | source-address [ mask { source-mask-length | source-mask } ] |
incoming-interface { interface-type interface-number | register } | outgoing-
interface { include | exclude | match } { interface-type interface-number | vpn-
instance vpn-instance-name | register | none } | mode { dm | sm | ssm } | flags
flag-value | fsm ] * [ outgoing-interface-number [ number ] ]
– display pim [ vpn-instance vpn-instance-name | all-instance ] routing-table brief
[ group-address [ mask { group-mask-length | group-mask } ] | source-address
[ mask { source-mask-length | source-mask } ] | incoming-interface { interface-
type interface-number | register } ] *
l Run the display multicast [ vpn-instance vpn-instance-name | all-instance ] rpf-info
source-address [ group-address ] [ rpt | spt ] command to check the source-specific or
source/group-specific RPF route.
l Run the display multicast-domain vpn-instance vpn-instance-name share-group
[ local | remote ] command to check the Share-Group information of a specified VPN
instance in a multicast domain.
----End
Example
Run the display pim routing-table command to view the PIM routing table. For example:
<Huawei> display pim routing-table
VPN-Instance: public net
Total 0 (*, G) entry; 3 (S, G) entries
(1.1.1.1, 225.1.1.0)
RP: 2.2.2.2
Protocol: pim-sm, Flag: ACT
UpTime: 00:12:04
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 192.168.2.1
RPF prime neighbor: 192.168.2.1
Downstream interface(s) information: None
(1.1.1.1, 232.2.2.0)
Protocol: pim-ssm, Flag: SG_RCVR
UpTime: 00:36:36
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 192.168.2.1
RPF prime neighbor: 192.168.2.1
Downstream interface(s) information:
Total number of downstreams: 1
1: VPN-Instance: BLUE
Protocol: MD, UpTime: 00:36:36, Expires: -
(3.3.3.3, 232.2.2.0)
Protocol: pim-ssm, Flag: LOC
UpTime: 00:36:34
Upstream interface: LoopBack1
Upstream neighbor: NULL
The command output shows that a PIM-SSM MDT is set up on the public network to carry
VPN multicast services.
Run the display multicast-domain vpn-instance BLUE share-group command to view
Share-Group information of a VPN instance named BLUE. For example:
<Huawei> display multicast-domain vpn-instance BLUE share-group
MD local share-group information for VPN-Instance: BLUE
Share-group: 232.2.2.0
MTunnel address: 3.3.3.3
MD remote share-group information for VPN-Instance: BLUE
Share-group Peer-address Tunnel-type
232.2.2.0 1.1.1.1 PIM SSM
The command output shows that the remote Share-Group address of the VPN instance BLUE
is 232.2.2.0; the IP address of the remote peer is 1.1.1.1; and the tunnel type is PIM SSM.
Usage Scenario
Multicast services are widely applied, and more and more users require multicast services.
Sometimes, users and multicast sources from which the users want to obtain multicast data
may reside in areas that span multiple ASs. As shown in Figure 7-21, ASs 100 and 200 are
deployed between Source 1 and PC3. Source 1 is required to provide multicast services for
PC3. Inter-AS MVPN must be deployed to enable Source 1 to provide multicast services for
PC3.
VPN1 VPN1
Source1
PC3
Two inter-AS VPN solutions can be used: Options A and B. Furthermore, three inter-AS
MVPN modes have been developed for the three solutions.
NOTE
Pre-configuration Tasks
Before configuring inter-AS MVPN, complete the following tasks:
l Configuring inter-AS BGP/MPLS IP VPN (Option A and B)
l Configuring multicast functions on the public network
Data Preparation
To configure inter-AS MVPN, you need the following data.
No. Data
2 Share-group address
Context
Autonomous system boundary routers (ASBRs) on an inter-AS VPN Option A network are
directly connected and function as Provider Edges (PEs) in their respective ASs. An ASBR
takes the peer ASBR as its Customer Edge (CE); therefore, an inter-AS network can be
considered a network where multiple ASs are directly connected. An inter-AS network can be
configured in the same way as a single AS.
Inter-AS MVPN Option A supports Any-Source Multicast (ASM) and Source-Specific
Multicast (SSM).
l If ASM is configured, BGP A-D MVPN does not need to be configured.
l If SSM is configured, BGP A-D MVPN needs to be configured.
Before configuring inter-AS MVPN Option A, configure inter-AS VPN Option A. For
configuration details, see the chapter "Configuring Inter-AS VPN Option A" in the BGP/
MPLS IP VPN Configuration of the Huawei
AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 Series Enterprise
Routers CLI-based Configuration - VPN.
Perform the following steps on PEs and ASBRs:
Procedure
Step 1 Enable IPv4 multicast routing.
1. Run:
system-view
The IPv4 address family is enabled for the VPN instance and the VPN instance IPv4
address family view is displayed.
4. Run:
route-distinguisher route-distinguisher
4. Run:
ip address ip-address { mask | mask-length }
Or,
ip address unnumbered interface interface-type interface-number
The device is enabled to exchange routing information with a specified peer or peer
group.
4. Run:
quit
The IPv4 address family is enabled for the VPN instance and the VPN instance IPv4
address family view is displayed.
8. Run:
auto-discovery mdt [ import route-policy route-policy-name ]
The device is enabled to exchange routing information with a specified peer or peer
group.
4. Run:
quit
An IPv4 address family is enabled for the VPN instance and the VPN instance IPv4
address family view is displayed.
8. Run:
auto-discovery mvpn [ import route-policy route-policy-name ]
----End
Context
On an inter-AS VPN Option B network, three independent tunnels are used to transmit public
network data between two ASs. A P device in an AS cannot obtain routing information of the
other AS, and an ASBR in an AS cannot obtain the routes to PEs in the other AS. As a result,
the P and ASBR cannot find the next hop of the route towards the multicast source when
sending it a PIM Join message, and therefore no MDT can be set up. So, after configuring
BGP A-D MVPN, you must enable PIM RPF Vector (with RD information) in VPN instances
to implement inter-AS MVPN.
Before configuring inter-AS MVPN Option B, configure inter-AS VPN Option B. For
configuration details, see the chapter "Configuring Inter-AS VPN Option A" in the BGP/
MPLS IP VPN Configuration of the Huawei
AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 Series Enterprise
Routers CLI-based Configuration - VPN.
Procedure
Step 1 Enable IPv4 multicast routing.
1. Run:
system-view
The IPv4 address family is enabled for the VPN instance and the VPN instance IPv4
address family view is displayed.
4. Run:
route-distinguisher route-distinguisher
Step 2 Run:
multicast-domain share-group group-address binding mtunnel number
l Automatic configuration
1. Run:
multicast-domain source-interface interface-type interface-number
Or,
ip address unnumbered interface interface-type interface-number
ipv4-family mdt
The PE is enabled to exchange routing information with a specified peer or peer group.
NOTE
If there are more than one peer or peer group, run this command many times to make that all peers
or peer groups can exchange routing information.
4. Run:
quit
An IPv4 address family is enabled for the VPN instance and the VPN instance IPv4
address family view is displayed.
8. Run:
auto-discovery mdt [ import route-policy route-policy-name ]
VPN target-based filtering is disabled for received VPN routes or label blocks.
4. Run:
peer { group-name | ipv4-address } enable
The ASBR is enabled to exchange routing information with a specified peer or peer
group.
NOTE
If there are more than one peer or peer group, run this command many times to make that all peers
or peer groups can exchange routing information.
5. (Optional) Run:
peer { group-name | ipv4-address | ipv6-address } next-hop-local
The ASBR is configured to set its IP address as the next-hop addresses of routes when
advertising these routes to an IBGP peer or peer group.
----End
Procedure
l Run the display pim routing-table rpf-vector [ vector-address ] command to check the
PIM routing table.
l Run the display pim [ vpn-instance vpn-instance-name ] neighbor [ neighbor-address |
interface interface-type interface-number | verbose ] * command to check PIM
neighbors.
l Run the display multicast [ vpn-instance vpn-instance-name | all-instance ] rpf-info
source-address [ group-address ] rd command to check a source-specific or source/
group-specific RPF route.
l Run the display pim [ vpn-instance vpn-instance-name | all-instance ] interface
[ interface-type interface-number | up | down ] [ verbose ] command to check MTIs of a
specific VPN instance.
----End
Example
Run the display pim routing-table rpf-vector command to view the PIM routing table of the
public network instance when PIM RPF Vector is enabled. The command output shows that a
PIM RPF Vector-enabled entry exists.
<Huawei> display pim routing-table rpf-vector
VPN-Instance: public net
Total 0 (*, G) entry; 4 (S, G) entry
Total matched 0 (*, G) entry; 1 (S, G) entries
(192.168.0.12, 227.0.0.1)
RP: 2.2.2.2
Protocol: pim-sm, Flag: SPT LOC ACT
UpTime: 02:54:43
Upstream interface: GigabitEthernet1/3/1
RPF vector: 55:11111/5.5.5.5
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 2
1: GigabitEthernet1/3/2
Protocol: pim-sm, UpTime: 02:54:43, Expires: 00:02:47
Total number of vectors: 2
1: vector: 55:11111/5.5.5.5, neighbor: 10.0.3.5
2: vector: 55:11111/6.6.6.6, neighbor: 10.0.3.6
2: GigabitEthernet1/3/3
Protocol: pim-sm, UpTime: 02:50:32, Expires: 00:06:58
Total number of vectors: 1
1: vector: 55:11111/5.5.5.5, neighbor: 10.0.2.5
Run the display pim neighbor 10.1.1.2 verbose command to view the PIM neighbor at
10.1.1.2. The command output shows that the PIM RPF Vector function has been enabled on
the router at 10.1.1.2.
<Huawei> display pim neighbor 10.1.1.2 verbose
VPN-Instance: public net
Neighbor: 10.1.1.2
Interface: GigabitEthernet1/3/0
Uptime: 02:53:50
Expiry time: 00:01:30
DR Priority: 1
Generation ID: 0X90B0360B
Holdtime: 105 s
LAN delay: 500 ms
Override interval: 2500 ms
PIM BFD-Session: Y
PIM BFD-Session min-tx-interval: 1000 ms
PIM BFD-Session min-rx-interval: 1000 ms
PIM BFD-Session detect-multiplier: 3
PIM join attribute: enabled
Run the display multicast rpf-info 192.168.0.1 232.1.1.1 rd command to view information
about the RPF route and RFP vector relevant to the (192.168.0.1, 232.1.1.1) entry in the
public network instance. The command output shows that the RPF vector of the (192.168.0.1,
232.1.1.1) entry is 55:11111/10.5.0.5.
<Huawei> display multicast rpf-info 192.168.0.1 232.1.1.1 rd
VPN-Instance: public net
RPF information about source 192.168.0.1 and group 232.1.1.1
RPF interface: Ethernet6/0/0, RPF neighbor: 11.1.5.2
Referenced route/mask: 192.168.0.0/24
Referenced route type: unicast
Route selection rule: preference-preferred
Load splitting rule: disabled
RPF vector information about source 192.168.0.1 and group 232.1.1.1
RPF interface: Ethernet6/0/0, RPF neighbor: 11.1.5.2
Referenced route/mask: 10.5.0.0/24
Run the display pim interface gigabitethernet1/3/0 verbose command to view detailed PIM
configurations of GE 1/3/0. The command output shows that the PIM RPF Vector function
has been enabled on GE 1/3/0.
<Huawei> display pim interface gigabitethernet1/3/0 verbose
VPN-Instance: public net
Interface: GigabitEthernet1/3/0, 10.1.1.1
PIM version: 2
PIM mode: Sparse
PIM state: up
PIM DR: 10.1.1.2
PIM DR Priority (configured): 1
PIM neighbor count: 1
PIM hello interval: 30 s
PIM LAN delay (negotiated): 500 ms
PIM LAN delay (configured): 500 ms
PIM hello override interval (negotiated): 2500 ms
PIM hello override interval (configured): 2500 ms
PIM Silent: enabled
PIM neighbor tracking (negotiated): enabled
PIM neighbor tracking (configured): enabled
PIM join attribute (negotiated): enabled
PIM generation ID: 0XF5712241
PIM require-GenID: disabled
PIM hello hold interval: 105 s
PIM assert hold interval: 180 s
PIM triggered hello delay: 5 s
PIM J/P interval: 60 s
PIM J/P hold interval: 210 s
PIM BSR domain border: disabled
PIM BFD: enabled
PIM BFD min-tx-interval: 10 ms
PIM BFD min-rx-interval: 10 ms
PIM BFD detect-multiplier: 3
PIM dr-switch-delay timer : 20 s
Number of routers on link not using DR priority: 0
Number of routers on link not using LAN delay: 0
Number of routers on link not using neighbor tracking: 2
ACL of PIM neighbor policy: myacl
ACL of PIM ASM join policy: 2000
ACL of PIM SSM join policy: -
Usage Scenario
Multicast VPN implemented in either multicast domain (MD) or BGP auto-discovery (A-D)
mode supports multicast data transmission within a VPN only. VPN sites that belong to
different VPNs cannot access each other in either of the two modes.
In real world situations, the following needs, however, may arise:
l Enterprises in different VPNs need to communicate with each other.
l A service provider in a VPN needs to provide multicast services for users that reside in
other VPNs.
In the two situations, the multicast source and multicast data receivers reside in different
VPNs. Multicast services need to be transmitted between different VPNs, or the multicast data
from a VPN user needs to reach other VPN users. Multicast VPN extranet can be deployed to
meet these needs. Note that multicast VPN extranet applies to PIM SM/Source-Specific
Multicast (SSM) networks only.
As shown in Figure 7-22, after multicast VPN extranet is configured, the receiver connected
to PE3 in VPN BLUE (a VPN instance named BLUE) can receive multicast data both from
VPN BLUE and VPN GREEN. This is an example of multicast data transmission between
VPNs.
VPN VPN
GREEN BLUE
CE1 CE2
PE2
PE1
PE3
CE3
VPN
BLUE
Receiver Receiver
Before configuring multicast VPN extranet, note the following points when you deploy
multicast services on the network:
l The rendezvous point (RP) set for the source VPN and receiver VPN must be a static RP,
and the static RP must reside adjacent to the multicast source to serve the multicast
groups adopting the multicast VPN extranet service. RPs that serve other multicast
groups in this VPN can be either dynamic or static. The anycast RP function will not be
affected.
l The address range of the multicast groups adopting the multicast VPN extranet service
cannot overlap the multicast group address range internally used by the local VPN; the
address range of new multicast groups adopting the multicast VPN extranet service
cannot overlap the address range that has been configured for other multicast groups
adopting the multicast VPN extranet service.
l The SSM group address range must be set consistently for both the source VPN and the
receiver VPN for providing the multicast VPN extranet service.
Pre-configuration Tasks
Before configuring multicast VPN extranet, complete the following tasks:
l Configuring a unicast routing protocol
l Configuring BGP/MPLS IP VPN
l Configuring multicast on the public network
l Configuring basic multicast VPN functions
Data Preparation
To configure multicast VPN extranet, you need the following data.
No. Data
2 Address of the multicast group adopting the multicast VPN extranet service
4 Address pool ranges for the Share-Group and Switch-Group in each VPN instance
Context
Multicast VPN extranet uses a multicast routing policy to specify another VPN as the
upstream of the selected Reverse Path Forwarding (RPF) route to allow the multicast data
transmission between VPNs.
Multicast VPN extranet applies to the following scenarios:
l Different VPN instances connected to different PEs need to exchange multicast data.
Such a scenario is called a remote-cross scenario. There are two configuration options
available to provide multicast VPN extranet services in this scenario:
– Configure the source VPN instance on the receiver PE and create a multicast
routing policy.
– Configure the receiver VPN instance on the source PE. No multicast routing policy
is required. This option is applicable to the scenario where the receiver PE is a non-
Huawei device and configuring the source VPN instance on the receiver PE is
prohibited.
l Different VPN instances connected to the same PE need to exchange multicast data or
the multicast source belongs to the public network instance. Such a scenario is called a
local-cross scenario.
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip vpn-instance vpn-instance-name
Step 3 Run:
ipv4-family
The VPN instance IPv4 address family is enabled and its view is displayed.
Step 4 Run:
multicast extranet select-rpf { vpn-instance vpn-instance-name | public } group
group-address { group-mask | group-mask-length }
A multicast routing policy is configured. with the upstream of the RPF route selected by the
PIM entry corresponding to a multicast group address set to another VPN instance enabled
with the IPv4 address family or the public network instance.
----End
Usage Scenario
By default, VLANIF interfaces do not forward traffic on a multicast VPN extranet, causing
traffic interruptions. To resolve this issue, enable the traffic forwarding function for VLANIF
interfaces. After this function is enabled, forwarding information on the VLANIF interfaces
will be delivered from the VPN routing and forwarding (VRF) table for receivers to the VRF
table for multicast sources. Then, the VLANIF interfaces will be capable of forwarding traffic
to receivers.
NOTE
The traffic forwarding function is ineffective for existing multicast entries. To resolve this issue, run the
reset multicast forwarding-table command to delete the existing multicast entries. After the multicast
entries are regenerated, the traffic forwarding function will become effective for them.
Procedure
Step 1 Run:
system-view
The traffic forwarding function is enable for VLANIF interfaces on a multicast VPN extranet.
----End
Prerequisites
Multicast VPN extranet has been configured.
Procedure
l Run either of the following commands to check the multicast routing table:
– display multicast { vpn-instance vpn-instance-name | all-instance } routing-table
[ group-address [ mask { group-mask | group-mask-length } ] | source-address
[ mask { source-mask | source-mask-length } ] | incoming-interface { interface-
type interface-number | register | mcast-extranet } | outgoing-interface { include |
exclude | match } { interface-type interface-number | register | none } | extranet
{ source-vpn-instance { all | public | vpn-instance-name } | receive-vpn-instance
{ all | vpn-instance-name } } ] * [ outgoing-interface-number [ number ] ]
– display multicast routing-table [ group-address [ mask { group-mask | group-
mask-length } ] | source-address [ mask { source-mask | source-mask-length |
mcast-extranet } ] | incoming-interface { interface-type interface-number |
register } | outgoing-interface { include | exclude | match } { interface-type
interface-number | vpn-instance vpn-instance-name | register | none } | extranet
{ source-vpn-instance { all | public | vpn-instance-name } | receive-vpn-instance
{ all | vpn-instance-name } } ] * [ outgoing-interface-number [ number ] ]
l Run one of the following commands to check the PIM routing table:
– display pim { vpn-instance vpn-instance-name | all-instance } routing-table
[ group-address [ mask { group-mask-length | group-mask } ] | source-address
[ mask { source-mask-length | source-mask } ] | extranet { source-vpn-instance
{ all | public | vpn-instance-name } | receive-vpn-instance { all | vpn-instance-
name } } | incoming-interface { interface-type interface-number | register | mcast-
extranet } | outgoing-interface { include | exclude | match } { interface-type
Example
Run the display multicast vpn-instance RED routing-table extranet source-vpn-instance
BLUE command to view information about the multicast routing table of VPN BLUE, which
is the upstream of the RPF route of the multicast entry in VPN RED. For example:
<Huawei> display multicast vpn-instance RED routing-table extranet source-vpn-
instance BLUE
Multicast routing table of VPN-Instance: RED
Total 1 entry ,1 matched
The command output shows that the upstream of the RPF route of the entry (10.110.1.2,
228.0.0.1) in VPN RED is a multicast extranet interface, namely, VPN BLUE.
Run the display pim vpn-instance RED routing-table extranet source-vpn-instance
BLUE command to view information about the PIM routing table of VPN BLUE, which is
the upstream of the RPF route of the multicast entry in VPN RED. For example:
<Huawei> display pim vpn-instance RED routing-table extranet source-vpn-instance
BLUE
VPN-Instance: RED
Total 2 (*, G) entries; 1 (S, G) entry
(*, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: WC
UpTime: 00:01:28
Upstream interface: MCAST_Extranet(BLUE)
Upstream neighbor: 1.1.1.1
(10.110.1.2, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:01:28
Upstream interface: MCAST_Extranet(BLUE)
Upstream neighbor: 1.1.1.1
RPF prime neighbor: 1.1.1.1
Downstream interface(s) information:
Total number of downstreams: 1
1: Pos1/0/1
Protocol: pim-sm, UpTime: 00:01:28, Expires: 00:03:07
The command output shows that the upstream of the RPF route of the PIM entry with the
group address being 228.0.0.1 in VPN RED is a multicast extranet interface, namely, VPN
BLUE.
Run the display multicast vpn-instance RED rpf-info 10.110.1.2 228.0.0.0 command to
view information about the RPF route of the multicast source 10.110.1.2 in VPN RED. For
example:
<Huawei> display multicast vpn-instance RED rpf-info 10.110.1.2 228.0.0.0
VPN-Instance: RED
RPF information about source 10.110.1.2 and group 228.0.0.0
RPF interface: MCAST_Extranet
RPF Source VPN-Instance: BLUE
Referenced route/mask: 10.110.1.0/24
Referenced route type: unicast
Route selection rule: preference-preferred
Load splitting rule: disable
The command output shows that the upstream of the RPF route of the entry (10.110.1.2,
228.0.0.0) in VPN RED is a multicast extranet interface, namely, VPN BLUE.
Context
NOTICE
Statistics about group switching messages will be all deleted after you run the reset
multicast-domain control-message counters command. Exercise caution when running the
command.
Procedure
l To clear IPv4 multicast VPN statistics, run the reset multicast-domain { vpn-instance
vpn-instance-name | all-instance } control-message counters command in the user
view.
----End
Context
In routine maintenance, you can run the following commands in any view to check the
running status of IPv4 Multicast VPN.
Procedure
l Run the display multicast-domain vpn-instance vpn-instance-name share-group
[ local | remote ] command in any view to check information about Share-Group of a
specified VPN instance in an MD.
l Run the following commands in any view to check information about Switch-Group
received by a specified VPN instance in an MD.
– display multicast-domain vpn-instance vpn-instance-name switch-group receive
brief
– display multicast-domain vpn-instance vpn-instance-name switch-group receive
[ active | group group-address | sender source-address | vpn-source-address
[ mask { source-mask-length | source-mask } ] | vpn-group-address [ mask { group-
mask-length | group-mask } ] ] *
l Run the display multicast-domain vpn-instance vpn-instance-name switch-group
send [ group group-address | reuse interval | vpn-source-address [ mask { source-mask-
length | source-mask } ] | vpn-group-address [ mask { group-mask-length | group-
mask } ] ] * command in any view to check information about the Switch-Group sent to a
specified VPN instance in an MD.
l Run the display multicast-domain { vpn-instance vpn-instance-name | all-instance }
control-message counters command in any view to check the statistics about sent and
received MDT switch messages in a specified VPN instance or all VPN instances.
l Run the display multicast-domain { vpn-instance vpn-instance-name | all-instance }
invalid-packet command in any view to check the statistics about invalid MDT switch
messages received by a device.
----End
Context
In the VPN instance on the source PE, if the number of VPN multicast data flows that need to
be switched is more than the number of group addresses in the switch-group-pool of Switch-
multicast distribution tree (Switch-MDT), the group addresses in the switch-group-pool can
be used repeatedly.
By default, the logs of the reused Switch-Group addresses are not recorded.
To know the running status of the system or locate a fault through logs, do as follows on the
PE:
Procedure
Step 1 Run:
system-view
Step 2 Run:
ip vpn-instance vpn-instance-name
Step 3 Run:
ipv4-family
An IPv4 address family is enabled for the VPN instance and the VPN instance IPv4 address
family view is displayed.
Step 4 Run:
multicast-domain log switch-group-reuse
----End
Networking Requirements
In the single-AS MPLS/BGP VPN shown in Figure 7-23, the multicast domain (MD)
solution is used to deploy multicast services.
PC2
VPN
RED
Source2
GE1
CE-Rb
GE2 GE3
PC3
GE1 Loopback1
VPN Loopback1
BLUE GE3 GE3 GE1
GE2 VPN
Loopback1 RED
CE-Bb Public
GE2 GE2
P CE-Rc
Loopback2 PE-B GE1 PE-C
GE2 GE3 GE2
Loopback2
GE1
Source1 GE1 GE3
CE-Ra
GE1Loopback1 GE2
GE1 GE3 VPN
CE-Bc BLUE
GE2
VPN GE2 GE1
RED PE-A
PC4
PC1 Loopback1
NOTE
In Figure 7-23, GE1 stands for GigabitEthernet 1/0/0, GE2 stands for GigabitEthernet 2/0/0, and GE3
stands for GigabitEthernet 3/0/0. The IP address of each interface is shown in the following table.
P GE1: 192.168.6.2/24 -
GE2: 192.168.7.2/24 -
GE3: 192.168.8.2/24 -
GE2: 10.110.2.2/24 -
GE2: 10.110.3.2/24 -
Loopback 2: 8.8.8.9/32 -
GE2: 10.110.4.2/24 -
GE3: 10.110.12.1/24 -
GE2: 10.110.5.2/24 -
GE3: 10.110.12.2/24 -
GE2: 10.110.6.2/24 -
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure MPLS/BGP VPN to ensure that the VPN network works normally and unicast
routes are reachable.
2. Enable multicast and PIM in the entire network. Enable multicast of public network on
PEs and Ps, and enable multicast of the VPN instances enabled with the IPv4 address
family on PEs and CEs.
3. Configure the same Share-group address, the same Multicast Tunnel Interface (MTI),
and the same switch-MDT for the same VPN instance enabled with the IPv4 address
family on each PE. Set the automatic configuration mode for the MTI.
Data Preparation
See Table 7-4.
Multicast Multicast source of VPN RED is Source1. The receivers include PC1, PC2,
source/ and PC3. Multicast source of VPN BLUE is Source2. The receiver is PC4. In
receiver VPN RED, Share-Group address is 239.1.1.1 and Switch-Group address pool
ranges from 225.2.2.1 to 225.2.2.16. In VPN BLUE, Share-Group address is
239.2.2.2 and Switch-Group address pool ranges from 225.4.4.1 to
225.4.4.16.
VPN On PE-A, GE2 and GE3 belong to VPN-RED instance, and GE1 and
instance Loopback1 belong to the public network instance. On PE-B, GE2 belongs to
which the VPN-BLUE instance, GE3 belongs to VPN-RED instance, and GE1 and
interfaces Loopback1 belong to the public network instance. On PE-C, GE2 belongs to
on PEs VPN-RED instance, GE3 and Loopback2 belong to VPN-BLUE instance,
belong to and GE1 and Loopback1 belong to the public network instance.
Routing Configure OSPF on the public network. Enable Routing Information Protocol
protocol (RIP) on PE and CE devices. Establish a BGP peer connection and transmit
and MPLS all VPN routes between Loopback1 interfaces on PE-A, PE-B, and PE-C.
Enable MPLS forwarding on the public network.
IGMP Enable IGMP on GE2 of PE-A.Enable IGMP on GE1 of CE-Rb, GE1 of CE-
function Rc, and GE1 of CE-Bc.
PIM Enable PIM-SM on all the VPN interfaces in VPN-RED instance. Enable
function PIM-SM on all the VPN interfaces in VPN-BLUE instance. Enable PIM-SM
on all the interfaces of P and CEs, as well as public network instance
interfaces of PEs. Configure Loopback1 of P as the Candidate-BSR (C-BSR)
and C-RP of public network (serving all multicast groups). Configure
Loopback1 of CE-Rb as the C-BSR and C-RP of VPN-RED (serving all
multicast groups). Configure Loopback2 of PE-C as the C-BSR and C-RP of
VPN-BLUE (serving all multicast groups).
Procedure
Step 1 Configure PE-A.
# Configure an ID for PE-A, enable IP multicast routing in the public network, configure
MPLS label switching routers (LSR)-ID, and enable LDP.
[PE-A] router id 1.1.1.1
[PE-A] multicast routing-enable
[PE-A] mpls lsr-id 1.1.1.1
[PE-A] mpls
[PE-A-mpls] quit
[PE-A] mpls ldp
[PE-A-mpls-ldp] quit
# Create VPN RED instance enabled with the IPv4 address family and enter the VPN instance
IPv4 address family view. Configure the VPN route distinguisher and create egress and
ingress vpn-target for the instance. Enable IP multicast and configure Share-Group. Specify
an MTI bound to the VPN instance and the range of the switch-address-pool.Set the automatic
configuration mode for the MTI.
[PE-A] ip vpn-instance RED
[PE-A-vpn-instance-RED] ipv4-family
[PE-A-vpn-instance-RED-af-ipv4] route-distinguisher 100:1
[PE-A-vpn-instance-RED-af-ipv4] vpn-target 100:1 export-extcommunity
[PE-A-vpn-instance-RED-af-ipv4] vpn-target 100:1 import-extcommunity
[PE-A-vpn-instance-RED-af-ipv4] multicast routing-enable
[PE-A-vpn-instance-RED-af-ipv4] multicast-domain share-group 239.1.1.1 binding
mtunnel 0
[PE-A-vpn-instance-RED-af-ipv4] multicast-domain source-interface loopback 1
[PE-A-vpn-instance-RED-af-ipv4] multicast-domain switch-group-pool 225.2.2.1 28
[PE-A-vpn-instance-RED-af-ipv4] quit
[PE-A-vpn-instance-RED] quit
# Enable LDP and PIM-SM on the interface GigabitEthernet 1/0/0 in the public network.
[PE-A] interface gigabitethernet 1/0/0
[PE-A-GigabitEthernet1/0/0] ip address 192.168.6.1 24
[PE-A-GigabitEthernet1/0/0] pim sm
[PE-A-GigabitEthernet1/0/0] mpls
[PE-A-GigabitEthernet1/0/0] mpls ldp
# Bind the interface GigabitEthernet 2/0/0 to VPN RED instance, and enable IGMP and PIM-
SM.
[PE-A] interface gigabitethernet 2/0/0
[PE-A-GigabitEthernet2/0/0] ip binding vpn-instance RED
# Create the VPN BLUE instance enabled with the IPv4 address family and enter the VPN
instance IPv4 address family view. Configure VPN IPv4 prefix and create the egress and
ingress routes for the instance. Enable IP multicast and configure Share-Group. Specify an
MTI bound to the VPN instance and the range of the switch-address-pool. Set the automatic
configuration mode for the MTI.
[PE-B] ip vpn-instance BLUE
[PE-B-vpn-instance-BLUE] ipv4-family
[PE-B-vpn-instance-BLUE-af-ipv4] route-distinguisher 200:1
[PE-B-vpn-instance-BLUE-af-ipv4] vpn-target 200:1 export-extcommunity
# Create VPN RED instance enabled with the IPv4 address family and enter the VPN instance
IPv4 address family view. Configure VPN IPv4 prefix and create egress and ingress routes for
the instance. Enable IP multicast and configure Share-Group. Specify an MTI bound to the
VPN instance and the range of the switch-address-pool. Set the automatic configuration mode
for the MTI.
[PE-B] ip vpn-instance RED
[PE-B-vpn-instance-BLUE] ipv4-family
[PE-B-vpn-instance-RED-af-ipv4] route-distinguisher 100:1
[PE-B-vpn-instance-RED-af-ipv4] vpn-target 100:1 export-extcommunity
[PE-B-vpn-instance-RED-af-ipv4] vpn-target 100:1 import-extcommunity
[PE-B-vpn-instance-RED-af-ipv4] multicast routing-enable
[PE-B-vpn-instance-RED-af-ipv4] multicast-domain share-group 239.1.1.1 binding
mtunnel 0
[PE-B-vpn-instance-RED-af-ipv4] multicast-domain source-interface loopback 1
[PE-B-vpn-instance-RED-af-ipv4] multicast-domain switch-group-pool 225.2.2.1 28
[PE-B-vpn-instance-RED-af-ipv4] quit
[PE-B-vpn-instance-BLUE] quit
# Enable LDP and PIM-SM on the interface GigabitEthernet 1/0/0 in the public network.
[PE-B] interface gigabitethernet 1/0/0
[PE-B-GigabitEthernet1/0/0] ip address 192.168.7.1 24
[PE-B-GigabitEthernet1/0/0] pim sm
[PE-B-GigabitEthernet1/0/0] mpls
[PE-B-GigabitEthernet1/0/0] mpls ldp
# Bind the interface GigabitEthernet 2/0/0 to VPN BLUE instance, and enable PIM-SM.
[PE-B] interface gigabitethernet 2/0/0
[PE-B-GigabitEthernet2/0/0] ip binding vpn-instance BLUE
[PE-B-GigabitEthernet2/0/0] ip address 10.110.3.1 24
[PE-B-GigabitEthernet2/0/0] pim sm
# Bind the interface GigabitEthernet 3/0/0 to VPN RED instance, and enable PIM-SM.
[PE-B] interface gigabitethernet 3/0/0
[PE-B-GigabitEthernet3/0/0] ip binding vpn-instance RED
[PE-B-GigabitEthernet3/0/0] ip address 10.110.4.1 24
[PE-B-GigabitEthernet3/0/0] pim sm
# Create VPN RED instance enabled with the IPv4 address family and enter the VPN instance
IPv4 address family view. Configure VPN IPv4 prefix and create egress and ingress routes for
the instance. Enable IP multicast and configure Share-Group. Specify an MTI bound to the
VPN instance and the range of the switch-group-pool. Set the automatic configuration mode
for the MTI.
[PE-C] ip vpn-instance RED
[PE-C-vpn-instance-RED] ipv4-family
[PE-C-vpn-instance-RED-af-ipv4] route-distinguisher 100:1
[PE-C-vpn-instance-RED-af-ipv4] vpn-target 100:1 export-extcommunity
[PE-C-vpn-instance-RED-af-ipv4] vpn-target 100:1 import-extcommunity
[PE-C-vpn-instance-RED-af-ipv4] multicast routing-enable
[PE-C-vpn-instance-RED-af-ipv4] multicast-domain share-group 239.1.1.1 binding
mtunnel 0
[PE-C-vpn-instance-RED-af-ipv4] multicast-domain source-interface loopback 1
[PE-C-vpn-instance-RED-af-ipv4] multicast-domain switch-group-pool 225.2.2.1 28
[PE-C-vpn-instance-RED-af-ipv4] quit
[PE-C-vpn-instance-RED] quit
# Create VPN BLUE instance enabled with the IPv4 address family and enter the VPN
instance IPv4 address family view. Configure the VPN IPv4 prefix and create egress and
ingress routes for the instance. Enable IP multicast and configure Share-Group. Specify an
MTI bound to the VPN instance and the range of the switch-address-pool. Set the automatic
configuration mode for the MTI.
[PE-C] ip vpn-instance BLUE
[PE-C-vpn-instance-BLUE] ipv4-family
[PE-C-vpn-instance-BLUE-af-ipv4] route-distinguisher 200:1
[PE-C-vpn-instance-BLUE-af-ipv4] vpn-target 200:1 export-extcommunity
[PE-C-vpn-instance-BLUE-af-ipv4] vpn-target 200:1 import-extcommunity
[PE-C-vpn-instance-BLUE-af-ipv4] multicast routing-enable
# Enable LDP and PIM-SM on the interface GigabitEthernet1/0/0 in the public network.
[PE-C] interface gigabitethernet 1/0/0
[PE-C-GigabitEthernet1/0/0] ip address 192.168.8.1 24
[PE-C-GigabitEthernet1/0/0] pim sm
[PE-C-GigabitEthernet1/0/0] mpls
[PE-C-GigabitEthernet1/0/0] mpls ldp
# Bind the interface GigabitEthernet2/0/0 to VPN RED instance, and enable PIM-SM.
[PE-C] interface gigabitethernet 2/0/0
[PE-C-GigabitEthernet2/0/0] ip binding vpn-instance RED
[PE-C-GigabitEthernet2/0/0] ip address 10.110.5.1 24
[PE-C-GigabitEthernet2/0/0] pim sm
# Bind the interface GigabitEthernet3/0/0 to VPN BLUE instance, and enable PIM-SM.
[PE-C] interface gigabitethernet 3/0/0
[PE-C-GigabitEthernet3/0/0] ip binding vpn-instance BLUE
[PE-C-GigabitEthernet3/0/0] ip address 10.110.6.1 24
[PE-C-GigabitEthernet3/0/0] pim sm
# Bind the interface Loopback2 to VPN BLUE instance, and enable PIM-SM.
[PE-C] interface loopback 2
[PE-C-LoopBack2] ip binding vpn-instance BLUE
[PE-C-LoopBack2] ip address 33.33.33.33 32
[PE-C-LoopBack2] pim sm
[PE-C-LoopBack2] quit
# Configure the interface Loopback2 as the C-BSR and the C-RP of VPN-BLUE.
[PE-C] pim vpn-instance BLUE
[PE-C-pim-blue] c-bsr Loopback2
[PE-C-pim-blue] c-rp Loopback2
[PE-C-pim-blue] quit
[PE-C-bgp-af-vpnv4] quit
[PE-C-bgp] quit
[PE-C] ospf 1
[PE-C-ospf-1] area 0.0.0.0
[PE-C-ospf-1-area-0.0.0.0] network 1.1.1.3 0.0.0.0
[PE-C-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.255.255
[PE-C-ospf-1-area-0.0.0.0] quit
[PE-C-ospf-1] quit
[PE-C] rip 2 vpn-instance RED
[PE-C-rip] network 10.0.0.0
[PE-C-rip] import-route bgp cost 3
[PE-C-rip] quit
[PE-C] rip 3 vpn-instance BLUE
[PE-C-rip] network 10.0.0.0
[PE-C-rip] import-route bgp cost 3
Step 4 Configure P.
# Enable multicast in the public network, configure MPLS LSR-ID, and enable LDP.
[P] multicast routing-enable
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
# Enable LDP and PIM-SM on the interface GigabitEthernet 1/0/0 in the public network.
[P] interface gigabitethernet 1/0/0
[P-GigabitEthernet1/0/0] ip address 192.168.6.2 24
[P-GigabitEthernet1/0/0] pim sm
[P-GigabitEthernet1/0/0] mpls
[P-GigabitEthernet1/0/0] mpls ldp
# Enable LDP and PIM-SM on the interface GigabitEthernet 2/0/0 in the public network.
[P] interface gigabitethernet 2/0/0
[P-GigabitEthernet2/0/0] ip address 192.168.7.2 24
[P-GigabitEthernet2/0/0] pim sm
[P-GigabitEthernet2/0/0] mpls
[P-GigabitEthernet2/0/0] mpls ldp
# Enable LDP and PIM-SM on the interface GigabitEthernet 3/0/0 in the public network.
[P] interface gigabitethernet 3/0/0
[P-GigabitEthernet3/0/0] ip address 192.168.8.2 24
[P-GigabitEthernet3/0/0] pim sm
[P-GigabitEthernet3/0/0] mpls
[P-GigabitEthernet3/0/0] mpls ldp
# Configure the interface Loopback1 as the C-BSR and C-RP of the public network instance.
[P] pim
[P-pim] c-bsr Loopback1
[P-pim] c-rp Loopback1
# Configure OSPF.
[P] ospf 1
[P-ospf-1] area 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 192.168.0.0 0.0.255.255
[P-ospf-1-area-0.0.0.0] quit
# Configure RIP.
[CE-Ra] rip 2
[CE-Ra-rip-2] network 10.0.0.0
[CE-Ra-rip-2] import-route direct
# Configure RIP.
[CE-Bb] rip 3
[CE-Bb-rip-3] network 10.0.0.0
[CE-Bb-rip-3] import-route direct
# Configure RIP.
[CE-Rb] rip 2
[CE-Rb-rip-2] network 10.0.0.0
[CE-Rb-rip-2] network 22.0.0.0
[CE-Rb-rip-2] import-route direct
# Enable PIM-SM and IGMP on the interface GigabitEthernet 1/0/0 in the VPN.
[CE-Rc] interface gigabitethernet 1/0/0
[CE-Rc-GigabitEthernet1/0/0] ip address 10.110.10.1 24
[CE-Rc-GigabitEthernet1/0/0] pim sm
[CE-Rc-GigabitEthernet1/0/0] igmp enable
# Configure RIP.
[CE-Rc] rip 2
[CE-Rc-rip-2] network 10.0.0.0
[CE-Rc-rip-2] import-route direct
# Enable PIM-SM and IGMP on the interface GigabitEthernet 1/0/0 in the VPN.
# Configure RIP.
[CE-Bc] rip 3
[CE-Bc-rip-3] network 10.0.0.0
[CE-Bc-rip-3] import-route direct
# Run the igmp static-group command on CE-Bc to configure a static multicast group.
[CE-Bc] interface gigabitethernet 1/0/0
[CE-Bc-GigabitEthernet1/0/0] igmp static-group 227.111.1.2 source 8.8.8.9
# Run the display pim vpn-instance neighbor command on PE-C and PE-B to check the
neighbors of each MTI bound to a specific VPN.
[PE-C] display pim vpn-instance BLUE neighbor
VPN-Instance: BLUE
The preceding command output shows that MTIs can establish neighbor relationships
properly. Therefore, multicast VPN tunnels are established.
# Run the display pim vpn-instance routing-table on PE-C to view the PIM routing table.
[PE-C] display pim vpn-instance BLUE routing-table
VPN-Instance: BLUE
Total 0 (*, G) entry; 1 (S, G) entry
(8.8.8.9, 227.111.1.2)
RP: 33.33.33.33(local)
Protocol: pim-sm, Flag: SPT
UpTime: 06:39:55
Upstream interface: MTunnel1
Upstream neighbor: 1.1.1.2
RPF prime neighbor: 1.1.1.2
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet3/0/0
Protocol: pim-sm, UpTime: 06:38:41, Expires: 00:02:49
The preceding command output shows that PIM routing entries are created for VPNs on PE-
C.
The preceding command output shows that forwarding entries are created for VPNs on PE-C
and traffic is forwarded properly.
# Run the display pim routing-table command on CE-Bb connected to a source and CE-Bc
connected to receivers to check the PIM routing tables established for the public network.
[CE-Bb] display pim routing-table
VPN-Instance: public net
Total 0 (*, G) entry; 1 (S, G) entry
(8.8.8.9, 227.111.1.2)
RP: 33.33.33.33
Protocol: pim-sm, Flag: SPT LOC
UpTime: 00:01:29
Upstream interface: LoopBack1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-sm, UpTime: 00:00:15, Expires: 00:03:15
[CE-Bc] display pim routing-table
VPN-Instance: public net
Total 0 (*, G) entry; 1 (S, G) entry
(8.8.8.9, 227.111.1.2)
RP: NULL
Protocol: pim-sm, Flag: SPT SG_RCVR
UpTime: 00:00:11
Upstream interface: GigabitEthernet2/0/0
Upstream neighbor: 10.110.6.1
RPF prime neighbor: 10.110.6.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet1/0/0
Protocol: static, UpTime: 00:00:11, Expires: -
The preceding command output shows that PIM routing entries are created for the public
network on CE-Bb and CE-Bc.
# Run the display multicast forwarding-table command on CE-Bb connected to a source
and CE-Bc connected to receivers to check the PIM forwarding tables established for the
public network.
[CE-Bb] display multicast forwarding-table
Multicast Forwarding Table of VPN-Instance: public net
Total 1 entry, 1 matched
The preceding command output shows that PIM forwarding entries are created for the public
network on CE-Bb and CE-Bc and traffic is forwarded properly.
After the preceding configurations are completed, PC4 can receive multicast data from
Source2, and PC1, PC2, and PC3 can receive multicast data from Source1.
----End
Configuration Files
l Configuration file of PE-A
#
sysname PE-A
#
router id 1.1.1.1
#
multicast routing-enable
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
ip vpn-instance RED
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 239.1.1.1 binding MTunnel 0
multicast-domain switch-group-pool 225.2.2.0 255.255.255.240
multicast-domain source-interface loopback 1
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.6.1 255.255.255.0
pim sm
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip binding vpn-instance RED
ip address 10.110.1.1 255.255.255.0
pim sm
igmp enable
#
interface GigabitEthernet3/0/0
undo shutdown
ip binding vpn-instance RED
#
interface LoopBack1
ip address 1.1.1.3 255.255.255.255
pim sm
#
interface LoopBack2
ip binding vpn-instance BLUE
ip address 33.33.33.33 255.255.255.255
pim sm
#
pim vpn-instance BLUE
c-bsr LoopBack2
c-rp LoopBack2
#
interface MTunnel0
ip binding vpn-instance RED
#
interface MTunnel1
ip binding vpn-instance BLUE
#
bgp 100
group VPN-G internal
peer VPN-G connect-interface LoopBack1
peer 1.1.1.1 as-number 100
peer 1.1.1.1 group VPN-G
peer 1.1.1.2 as-number 100
peer 1.1.1.2 group VPN-G
#
ipv4-family unicast
undo synchronization
peer VPN-G enable
peer 1.1.1.1 enable
peer 1.1.1.1 group VPN-G
peer 1.1.1.2 enable
peer 1.1.1.2 group VPN-G
#
ipv4-family vpnv4
policy vpn-target
peer VPN-G enable
peer 1.1.1.1 enable
peer 1.1.1.1 group VPN-G
peer 1.1.1.2 enable
peer 1.1.1.2 group VPN-G
#
ipv4-family vpn-instance RED
import-route rip 2
import-route direct
#
ipv4-family vpn-instance BLUE
import-route rip 3
import-route direct
#
ospf 1
area 0.0.0.0
network 1.1.1.3 0.0.0.0
network 192.168.0.0 0.0.255.255
#
rip 2 vpn-instance RED
network 10.0.0.0
import-route bgp cost 3
#
rip 3 vpn-instance BLUE
network 10.0.0.0
import-route bgp cost 3
#
return
l Configuration file of P
#
sysname P
#
multicast routing-enable
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.6.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 192.168.7.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 192.168.8.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
pim sm
#
pim
c-bsr Loopback1
c-rp Loopback1
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 192.168.0.0 0.0.255.255
#
return
l Configuration file of CE-Ra
#
sysname CE-Ra
#
multicast routing-enable
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.110.7.1 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.110.2.2 255.255.255.0
pim sm
#
rip 2
network 10.0.0.0
import-route direct
#
return
l Configuration file of CE-Bb
#
sysname CE-Bb
#
multicast routing-enable
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.110.8.1 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.110.3.2 255.255.255.0
pim sm
#
interface LoopBack2
ip address 8.8.8.9 255.255.255.255
pim sm
#
rip 3
network 10.0.0.0
import-route direct
#
return
l Configuration file of CE-Rb
#
sysname CE-Rb
#
multicast routing-enable
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.110.9.1 255.255.255.0
pim sm
igmp enable
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.110.4.2 255.255.255.0
pim sm
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 10.110.12.1 255.255.255.0
pim sm
#
interface loopback 1
ip address 22.22.22.22 32
pim sm
#
pim
c-bsr Loopback1
c-rp Loopback1
#
rip 2
network 10.0.0.0
network 22.0.0.0
import-route direct
#
return
l Configuration file of CE-Rc
#
sysname CE-Rc
#
multicast routing-enable
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.110.10.1 255.255.255.0
pim sm
igmp enable
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.110.5.2 255.255.255.0
pim sm
#
interface GigabitEthernet3/0/0
undo shutdown
ip address 10.110.12.2 255.255.255.0
pim sm
#
rip 2
network 10.0.0.0
import-route direct
#
return
l Configuration file of CE-Bc
#
sysname CE-Bc
#
multicast routing-enable
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.110.11.1 255.255.255.0
pim sm
igmp enable
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.110.6.2 255.255.255.0
pim sm
#
rip 3
network 10.0.0.0
import-route direct
#
return
Networking Requirements
A carrier needs to provide multicast services for downstream Internet Service Providers
(ISPs). Multicast Virtual Private Network (MVPN) is used to ensure network security and
reliability. Inter-AS MVPN Option A is suitable when either of the following conditions is
met:
l Multicast services need to be deployed on a network where inter-AS VPN Option A has
been deployed.
l There are a small number of VPNs that access each PE and there are a small number of
VPN routes on each PE on a network where no inter-AS VPN mode is configured.
Inter-AS MVPN Option A supports Any-Source Multicast (ASM) and Source-Specific
Multicast (SSM). ASM is used as example to show how to configure inter-AS MVPN Option
A.
On the network shown in Figure 7-24, Source1 is required to provide multicast services for
PC1. Therefore, multicast networks between ASs 65001 and 65002 must interwork to forward
MVPN services.
GE2
GE2 VPN1 VPN1
AS AS PC1
Source1 65001 65002
Figure 7-24 lists the configurations of the interfaces shown in Table 7-5.
GE2: 10.111.5.1/24 -
Loopback 1: 8.8.8.8/32 -
GE2: 10.111.8.1/24 -
Loopback 1: 9.9.9.9/32 -
NOTE
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure inter-AS BGP/MPLS IP VPN Option A to ensure that the inter-AS VPN
works properly and unicast routes are reachable.
2. Configure basic PIM-SM functions to ensure that multicast runs properly in each AS.
3. Configure the same share-group address, and MTI for the same VPN instance on
PE1,PE2,ASBR1 and ASBR2 and implement automatic MTI configuration.
Data Preparation
To complete the configuration, you need the following data:
l RD of VPN1 in AS 100 (100:1) and AS 101 (101:1)
l VPN-target (1:1) of VPN1
l Share-group address (239.1.1.1) of VPN1
Procedure
Step 1 Configure inter-AS BGP/MPLS IP VPN Option A to ensure that the inter-AS VPN works
properly and unicast routes are reachable.
Inter-AS VPN Option A has been deployed on the network in this example. For configuration
details, see the section "Example for Configuring Inter-AS VPN Option B" in the BGP/MPLS
IP VPN Configuration in the Huawei
AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 Series Enterprise
Routers Configuration Guide - VPN.
Step 2 Configure basic PIM-SM functions to ensure that multicast runs properly in each AS.
# Enable public network IP multicast routing and VPN IP multicast routing on PE1, and
enable PIM-SM on the public network interface GE 2/0/0, VPN interface GE 1/0/0, and
Loopback 1 of PE1.
[PE1] multicast routing-enable
[PE1] ip vpn-instance VPN1
[PE1-vpn-instance-VPN1] multicast routing-enable
[PE1-vpn-instance-VPN1] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] pim sm
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] pim sm
[PE1-GigabitEthernet2/0/0] quit
[PE1] interface loopback 1
[PE1-LoopBack1] pim sm
[PE1-LoopBack1] quit
# Enable public network IP multicast routing and VPN IP multicast routing on PE2, and
enable PIM-SM on the public network interface GE 1/0/0, VPN interface GE 2/0/0, and
Loopback 1 of PE2.
[PE2] multicast routing-enable
[PE2] ip vpn-instance VPN1
[PE2-vpn-instance-VPN1] multicast routing-enable
[PE2-vpn-instance-VPN1] quit
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] pim sm
[PE2-GigabitEthernet1/0/0] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] pim sm
[PE2-GigabitEthernet2/0/0] quit
[PE2] interface loopback 1
[PE2-LoopBack1] pim sm
[PE2-LoopBack1] quit
# Enable public network IP multicast routing and VPN IP multicast routing on ASBR 1,
enable PIM-SM on the public network interface GE 1/0/0, GE 2/0/0, Loopback 1, and
Loopback 2 of ASBR 1, and configure C-BSRs and C-RPs.
[ASBR1] multicast routing-enable
[ASBR1] ip vpn-instance VPN1
[ASBR1-vpn-instance-VPN1] multicast routing-enable
[ASBR1-vpn-instance-VPN1] quit
[ASBR1] interface gigabitethernet 1/0/0
[ASBR1-GigabitEthernet1/0/0] pim sm
[ASBR1-GigabitEthernet1/0/0] quit
[ASBR1] interface gigabitethernet 2/0/0
[ASBR1-GigabitEthernet2/0/0] ip binding vpn-instance VPN1
[ASBR1-GigabitEthernet2/0/0] pim sm
[ASBR1-GigabitEthernet2/0/0] quit
[ASBR1] interface loopback 1
[ASBR1-LoopBack1] pim sm
[ASBR1-LoopBack1] quit
[ASBR1] interface loopback 2
[ASBR1-LoopBack2] pim sm
[ASBR1-LoopBack2] quit
[ASBR1] pim
[ASBR1-pim] c-bsr loopback 2
[ASBR1-pim] c-rp loopback 2
[ASBR1-pim] quit
# Enable public network IP multicast routing and VPN IP multicast routing on ASBR 2,
enable PIM-SM on the public network interface GE 1/0/0, GE 2/0/0, Loopback 1, and
Loopback 2 of ASBR 2, and configure C-BSRs and C-RPs.
[ASBR2] multicast routing-enable
[ASBR2] ip vpn-instance VPN1
[ASBR2-vpn-instance-VPN1] multicast routing-enable
[ASBR2-vpn-instance-VPN1] quit
[ASBR2] interface gigabitethernet 1/0/0
[ASBR2-GigabitEthernet1/0/0] ip binding vpn-instance VPN1
[ASBR2-GigabitEthernet1/0/0] pim sm
[ASBR2-GigabitEthernet1/0/0] quit
[ASBR2] interface gigabitethernet 2/0/0
[ASBR2-GigabitEthernet2/0/0] pim sm
[ASBR2-GigabitEthernet2/0/0] quit
[ASBR2] interface loopback 1
[ASBR2-LoopBack1] pim sm
[ASBR2-LoopBack1] quit
[ASBR2] interface loopback 2
[ASBR2-LoopBack2] pim sm
[ASBR2-LoopBack2] quit
[ASBR2] pim
[ASBR2-pim] c-bsr loopback 2
[ASBR2-pim] c-rp loopback 2
[ASBR2-pim] quit
# Enable IP multicast routing on CE1, PIM-SM on the VPN interface GE 1/0/0 and Loopback
1, and PIM-SM and IGMP on the VPN interface GE 2/0/0, and configure C-BSRs and C-RPs.
[CE1] multicast routing-enable
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] pim sm
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface loopback 1
[CE1-LoopBack1] pim sm
[CE1-LoopBack1] quit
[CE1] interface gigabitethernet 2/0/0
[CE1-GigabitEthernet2/0/0] pim sm
[CE1-GigabitEthernet2/0/0] igmp enable
[CE1-GigabitEthernet2/0/0] quit
[CE1] pim
[CE1-pim] c-bsr loopback 1
[CE1-pim] c-rp loopback 1
[CE1-pim] quit
# Enable IP multicast routing on CE2, PIM-SM on the VPN interface GE 1/0/0 and Loopback
1, and PIM-SM and IGMP on the VPN interface GE 2/0/0.
[CE2] multicast routing-enable
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] pim sm
[CE2-GigabitEthernet1/0/0] quit
[CE2] interface loopback 1
[CE2-LoopBack1] pim sm
[CE2-LoopBack1] quit
[CE2] interface gigabitethernet 2/0/0
[CE2-GigabitEthernet2/0/0] pim sm
[CE2-GigabitEthernet2/0/0] igmp enable
[CE2-GigabitEthernet2/0/0] quit
Step 3 Configure the same share-group address, and Multicast Tunnel Interface (MTI) for the same
VPN instance on PE1, PE2, ASBR 1, and ASBR 2 and implement automatic MTI
configuration.
# On PE1, enter the VPN instance IPv4 address family view, configure a share-group, specify
an MTI to be bound to the VPN instance and implement automatic MTI configuration.
[PE1] ip vpn-instance VPN1
[PE1-vpn-instance-VPN1] ipv4-family
[PE1-vpn-instance-VPN1-af-ipv4] multicast-domain share-group 239.1.1.1 binding
mtunnel 0
[PE1-vpn-instance-VPN1-af-ipv4] multicast-domain source-interface loopback 1
[PE1-vpn-instance-VPN1-af-ipv4] quit
[PE1-vpn-instance-VPN1] quit
# On PE2, enter the VPN instance IPv4 address family view, configure a share-group, specify
an MTI to be bound to the VPN instance and implement automatic MTI configuration.
[PE2] ip vpn-instance VPN1
[PE2-vpn-instance-VPN1] ipv4-family
[PE2-vpn-instance-VPN1-af-ipv4] multicast-domain share-group 239.1.1.1 binding
mtunnel 0
[PE2-vpn-instance-VPN1-af-ipv4] multicast-domain source-interface loopback 1
[PE2-vpn-instance-VPN1-af-ipv4] quit
[PE2-vpn-instance-VPN1] quit
# On ASBR 1, enter the VPN instance IPv4 address family view, configure a share-group,
specify an MTI to be bound to the VPN instance and implement automatic MTI
configuration.
[ASBR1] ip vpn-instance VPN1
[ASBR1-vpn-instance-VPN1] ipv4-family
[ASBR1-vpn-instance-VPN1-af-ipv4] multicast-domain share-group 239.1.1.1 binding
mtunnel 0
[ASBR1-vpn-instance-VPN1-af-ipv4] multicast-domain source-interface loopback 1
[ASBR1-vpn-instance-VPN1-af-ipv4] quit
[ASBR1-vpn-instance-VPN1] quit
# On ASBR 2, enter the VPN instance IPv4 address family view, configure a share-group,
specify an MTI to be bound to the VPN instance and implement automatic MTI
configuration.
[ASBR2] ip vpn-instance VPN1
[ASBR2-vpn-instance-VPN1] ipv4-family
[ASBR2-vpn-instance-VPN1-af-ipv4] multicast-domain share-group 239.1.1.1 binding
mtunnel 0
# Run the display pim routing-table command on CE1 to view the PIM routing table. The
command output is as follows:
[CE1] display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 2 (S, G) entries
(8.8.8.8, 226.0.0.7)
RP: 8.8.8.8 (local)
Protocol: pim-sm, Flag: SPT LOC
UpTime: 00:03:18
Upstream interface: LoopBack1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet1/0/0
Protocol: pim-sm, UpTime: 00:03:18, Expires: 00:03:11
The preceding command output shows that Source1 can receive Join messages from PC1,
indicating that inter-AS MVPN has been configured successfully.
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
multicast routing-enable
#
ip vpn-instance VPN1
ipv4-family
route-distinguisher 100:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
multicast routing-enable
multicast-domain source-interface LoopBack1
multicast-domain share-group 239.1.1.1 binding mtunnel 0
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip binding vpn-instance VPN1
ip address 10.1.1.2 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 172.16.1.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
pim sm
#
interface MTunnel0
ip binding vpn-instance VPN1
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 2.2.2.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.9 enable
#
ipv4-family vpn-instance VPN1
peer 10.1.1.1 as-number 65001
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 172.16.1.0 0.0.0.255
#
return
l Configuration file of PE2
#
sysname PE2
#
multicast routing-enable
#
ip vpn-instance VPN1
ipv4-family
route-distinguisher 101:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
multicast routing-enable
multicast-domain source-interface LoopBack1
multicast-domain share-group 239.1.1.1 binding mtunnel 0
#
mpls lsr-id 4.4.4.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.1.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip binding vpn-instance VPN1
ip address 10.2.1.2 255.255.255.0
pim sm
#
interface LoopBack1
ip address 4.4.4.9 255.255.255.255
#
interface MTunnel0
ip binding vpn-instance VPN1
#
bgp 101
peer 3.3.3.9 as-number 101
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family vpn-instance VPN1
peer 10.2.1.1 as-number 65002
#
ospf 1
area 0.0.0.0
network 4.4.4.9 0.0.0.0
network 192.168.1.0 0.0.0.255
#
return
l Configuration file of ASBR1
#
sysname ASBR1
#
multicast routing-enable
#
ip vpn-instance VPN1
ipv4-family
route-distinguisher 100:2
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
multicast routing-enable
multicast-domain source-interface LoopBack1
multicast-domain share-group 239.1.1.1 binding mtunnel 0
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 172.16.1.1 255.255.255.0
pim sm
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip binding vpn-instance VPN1
ip address 192.168.2.1 255.255.255.0
pim sm
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
interface LoopBack2
ip address 5.5.5.9 255.255.255.255
pim sm
#
interface MTunnel0
ip binding vpn-instance VPN1
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance VPN1
import-route direct
peer 192.168.2.2 as-number 101
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 172.16.1.0 0.0.0.255
network 5.5.5.9 0.0.0.0
#
pim
c-bsr LoopBack2
c-rp LoopBack2
#
return
l Configuration file of ASBR2
#
sysname ASBR2
#
multicast routing-enable
#
ip vpn-instance VPN1
ipv4-family
route-distinguisher 200:2
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
multicast routing-enable
multicast-domain source-interface LoopBack1
multicast-domain share-group 239.1.1.1 binding mtunnel 0
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip binding vpn-instance VPN1
ip address 192.168.2.2 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 192.168.1.1 255.255.255.0
pim sm
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
interface LoopBack2
ip address 6.6.6.9 255.255.255.255
pim sm
#
interface MTunnel0
ip binding vpn-instance VPN1
#
bgp 101
peer 4.4.4.9 as-number 101
peer 4.4.4.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 4.4.4.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.9 enable
#
ipv4-family vpn-instance VPN1
import-route direct
peer 192.168.2.1 as-number 100
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 192.168.1.0 0.0.0.255
network 6.6.6.9 0.0.0.0
#
pim
c-bsr LoopBack2
c-rp LoopBack2
#
return
l Configuration file of CE1
#
sysname CE1
#
multicast routing-enable
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.1 255.255.255.0
pim sm
igmp enable
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.111.5.1 255.255.255.0
pim sm
igmp enable
#
interface LoopBack1
ip address 8.8.8.8 255.255.255.255
pim sm
#
bgp 65001
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
network 8.8.8.8 255.255.255.255
import-route direct
peer 10.1.1.2 enable
#
pim
c-bsr LoopBack1
c-rp LoopBack1
#
return
l Configuration file of CE2
#
sysname CE2
#
multicast routing-enable
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.2.1.1 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.111.8.1 255.255.255.0
pim sm
igmp enable
#
interface LoopBack1
ip address 9.9.9.9 255.255.255.255
pim sm
#
bgp 65002
peer 10.2.1.2 as-number 101
#
ipv4-family unicast
undo synchronization
network 9.9.9.9 255.255.255.255
import-route direct
peer 10.2.1.2 enable
#
return
Networking Requirements
A carrier needs to provide multicast services for downstream Internet Service Providers
(ISPs). Multicast Virtual Private Network (MVPN) is used to ensure network security and
reliability. Inter-AS MVPN Option B is suitable when either of the following conditions is
met:
l Multicast services need to be deployed on a network where inter-AS VPN Option B has
been configured.
l Autonomous system boundary routers (ASBRs) on a network where no inter-AS VPN
mode is configured can manage VPN routes, but there are not enough interfaces for each
inter-AS VPN.
Inter-AS MVPN Option B supports only MDT-SAFI A-D of BGP A-D in the Source-Specific
Multicast (SSM) model. Therefore, after configuring basic MVPN functions, configure MDT-
SAFI A-D of BGP A-D.
On the network shown in Figure 7-25, Source1 is required to provide multicast services for
PC1. Therefore, multicast networks between ASs 65001 and 65002 must interwork to forward
MVPN services.
GE2
GE2 VPN1 VPN1
AS AS
65001 65002
Source1 PC1
Table 7-6 lists the configurations of the interfaces shown in Figure 7-25.
P1 GE1: 192.168.1.2/24 -
GE2: 172.16.2.2/24 -
Loopback 1: 2.2.2.9/32 -
P2 GE1: 172.16.1.2/24 -
GE2: 192.168.2.1/24 -
Loopback 1: 7.7.7.9/32 -
GE2: 10.111.5.1/24 -
Loopback 1: 1.1.1.1/32 -
GE2: 10.111.8.1/24 -
Loopback 1: 2.2.2.2/32 -
NOTE
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure inter-AS BGP/MPLS IP VPN Option B to ensure that the inter-AS VPN
works properly and unicast routes are reachable.
2. Configure basic PIM-SM functions to ensure that multicast runs properly in each AS.
3. Configure the same share-group address, and Multicast Tunnel Interface (MTI) for the
same VPN instance on PE1 and PE2.
4. Enable PE1, PE2, ASBR1, and ASBR2 to exchange routing information with a specified
peer or peer group in the MDT-SAFI address family view so that receivers can receive
multicast data from the multicast source, and configure the MDT-SAFI A-D mode in the
VPN instance IPv4 address family view of PE1 and PE2.
5. Enable the PIM RPF Vector function (with RD information) in the VPN instance PIM
view of PE1 and PE2 so that each P can find the next hop of the path to the multicast
source and an inter-AS MDT can be established on the public network.
Data Preparation
To complete the configuration, you need the following data:
l RD of VPN1 in AS 100 (100:1) and AS 200 (200:1)
l VPN-target (1:1) of VPN1
l Share-group address (232.1.1.1) of VPN1
Procedure
Step 1 Configure inter-AS BGP/MPLS IP VPN Option B to ensure that the inter-AS VPN works
properly and unicast routes are reachable.
Inter-AS VPN Option B has been deployed on the network in this example. For configuration
details, see the section "Example for Configuring Inter-AS VPN Option B" in the BGP/MPLS
IP VPN Configuration in the Huawei
AR120&AR150&AR160&AR200&AR1200&AR2200&AR3200&AR3600 Series Enterprise
Routers Configuration Guide - VPN.
Step 2 Configure basic PIM-SM functions to ensure that multicast runs properly in each AS.
For configuration details, see Example for Configuring Inter-AS MVPN Option A.
Step 3 Configure the same share-group address, and MTI for the same VPN instance on PE1 and
PE2.
For configuration details, see Example for Configuring Inter-AS MVPN Option B.
NOTICE
As inter-AS MVPN Option B is configured to support only MDT-SAFI A-D of BGP A-D in
the SSM model, the share-group address must be within the SSM group address range.
Step 4 Enable route exchange with a specific peer or peer group in the MDT-SAFI address family
view of PE1, PE2, ASBR1, and ASBR2 so that receivers can receive multicast data from the
multicast source, and configure the MDT-SAFI A-D mode in the VPN instance IPv4 address
family view of PE1 and PE2.
# Enable route exchange with a specific peer or peer group in the MDT-SAFI address family
view of PE1 so that receivers can receive multicast data from the multicast source, and
configure the MDT-SAFI A-D mode in the VPN instance IPv4 address family view of PE1.
[PE1] bgp 100
[PE1-bgp] ipv4-family mdt
[PE1-bgp-af-mdt] peer 3.3.3.9 enable
[PE1-bgp-af-mdt] quit
[PE1-bgp] quit
[PE1] ip vpn-instance VPN1
[PE1-vpn-instance-VPN1] ipv4-family
[PE1-vpn-instance-VPN1-af-ipv4] auto-discovery mdt
[PE1-vpn-instance-VPN1-af-ipv4] quit
[PE1-vpn-instance-VPN1] quit
# Enable route exchange with a specific peer or peer group in the MDT-SAFI address family
view of PE2 so that receivers can receive multicast data from the multicast source, and
configure the MDT-SAFI A-D mode in the VPN instance IPv4 address family view of PE2.
[PE2] bgp 200
[PE2-bgp] ipv4-family mdt
[PE2-bgp-af-mdt] peer 5.5.5.9 enable
[PE2-bgp-af-mdt] quit
[PE2-bgp] quit
[PE2] ip vpn-instance VPN1
[PE2-vpn-instance-VPN1] ipv4-family
[PE2-vpn-instance-VPN1-af-ipv4] auto-discovery mdt
[PE2-vpn-instance-VPN1-af-ipv4] quit
[PE2-vpn-instance-VPN1] quit
# Enable route exchange with a specific peer or peer group in the MDT-SAFI address family
view of ASBR1 so that receivers can receive multicast data from the multicast source.
[ASBR1] bgp 100
[ASBR1-bgp] ipv4-family mdt
[ASBR1-bgp-af-mdt] undo policy vpn-target
[ASBR1-bgp-af-mdt] peer 1.1.1.9 enable
[ASBR1-bgp-af-mdt] peer 1.1.1.9 next-hop-local
[ASBR1-bgp-af-mdt] peer 192.168.3.2 enable
[ASBR1-bgp-af-mdt] quit
[ASBR1-bgp] quit
# Enable route exchange with a specific peer or peer group in the MDT-SAFI address family
view of ASBR2 so that receivers can receive multicast data from the multicast source.
[ASBR2] bgp 200
[ASBR2-bgp] ipv4-family mdt
[ASBR2-bgp-af-mdt] undo policy vpn-target
[ASBR2-bgp-af-mdt] peer 8.8.8.9 enable
[ASBR2-bgp-af-mdt] peer 8.8.8.9 next-hop-local
[ASBR2-bgp-af-mdt] peer 192.168.3.1 enable
[ASBR2-bgp-af-mdt] quit
[ASBR2-bgp] quit
Step 5 Enable the PIM RPF Vector function (with RD information) in the VPN instance PIM view of
PE1 and PE2 so that each P can find the next hop of the path to the multicast source based on
Vector and an inter-AS MDT can be established on the public network.
# Enable the PIM RPF Vector function (with RD information) in the VPN instance PIM view
of PE1 so that each P can find the next hop of the path to the multicast source based on Vector
and an inter-AS MDT can be established on the public network.
[PE1] pim vpn-instance VPN1
[PE1-pim-VPN1] rpf-vector rd
[PE1-pim-VPN1] quit
# Enable the PIM RPF Vector function (with RD information) in the VPN instance PIM view
of PE2 so that each P can find the next hop of the path to the multicast source based on Vector
and an inter-AS MDT can be established on the public network.
[PE2] pim vpn-instance VPN1
[PE2-pim-VPN1] rpf-vector rd
[PE2-pim-VPN1] quit
# Run the display pim routing-table command on CE1 to view source/group information.
The command output is as follows:
[CE1] display pim routing-table
VPN-Instance: public net
Total 0 (*, G) entry; 1 (S, G) entries
(1.1.1.1, 226.1.1.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC
UpTime: 00:00:07
Upstream interface: LoopBack1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet1/0/0
Protocol: pim-sm, UpTime: 00:00:07, Expires: 00:03:23
The preceding command output shows that Source1 can receive Join messages from PC1 that
is configured to statically join the multicast group, indicating that inter-AS MVPN has been
configured successfully.
# Run the display pim routing-table rpf-vector command on ASBR1 to view the PIM
routing table. The command output is as follows:
[ASBR1] display pim routing-table rpf-vector
VPN-Instance: public net
Total 2 (S, G) entries
(1.1.1.9, 232.1.1.1)
Protocol: pim-ssm, Flag:
UpTime: 02:44:28
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 172.16.2.2
RPF prime neighbor: 172.16.2.2
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-ssm, UpTime: 02:44:28, Expires: 00:03:02
Total number of vectors: 1
1: vector: 100:1/192.168.3.1, neighbor: 192.168.3.2
(8.8.8.9, 232.1.1.1)
Protocol: pim-ssm, Flag:
UpTime: 02:44:29
Upstream interface: GigabitEthernet2/0/0
The preceding command output shows that a PIM-SSM MDT has been established and
vectors of RPF routes are contained in the routing table.
# Run the display pim vpn-instance VPN1 neighbor interface gigabitethernet1/0/0
command on PE1 to view the neighbors of a specific MTI of VPN1. The command output is
as follows:
[PE1] display pim vpn-instance VPN1 neighbor interface gigabitethernet1/0/0
VPN-Instance: VPN1
The preceding command output shows that the MTI has established neighbor relationships
successfully.
# Run the display multicast rpf-info 1.1.1.9 232.1.1.1 rd command on PE1 to view the RPF
route and RPF vector of the (1.1.1.9, 232.1.1.1) entry. The command output is as follows:
[PE1] display multicast rpf-info 1.1.1.9 232.1.1.1 rd
VPN-Instance: public net
RPF information about source 1.1.1.9 and group 232.1.1.1
RPF interface: InLoopBack0
Referenced route/mask: 1.1.1.9/32
Referenced route type: unicast
Route selection rule: preference-preferred
Load splitting rule: disable
RPF information about source 1.1.1.9 and group 232.1.1.1
RPF interface: InLoopBack0
Referenced route/mask: 1.1.1.9/32
Referenced route type: unicast
Route selection rule: preference-preferred
Load splitting rule: disable
RPF vector: 100:1/127.0.0.1
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
multicast routing-enable
#
ip vpn-instance VPN1
ipv4-family
route-distinguisher 100:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 232.1.1.1 binding mtunnel 0
auto-discovery mdt
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip binding vpn-instance VPN1
ip address 10.1.1.2 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 192.168.1.1 255.255.255.0
pim sm
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
pim sm
#
interface MTunnel0
ip binding vpn-instance VPN1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family mdt
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family vpn-instance VPN1
peer 10.1.1.1 as-number 65001
#
ospf 1
area 0.0.0.0
network 1.1.1.9 0.0.0.0
network 192.168.1.0 0.0.0.255
#
pim vpn-instance VPN1
rpf-vector rd
#
return
l Configuration file of PE2
#
sysname PE2
#
multicast routing-enable
#
ip vpn-instance VPN1
ipv4-family
route-distinguisher 200:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 232.1.1.1 binding mtunnel 0
auto-discovery mdt
#
mpls lsr-id 8.8.8.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.2.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip binding vpn-instance VPN1
ip address 10.2.1.2 255.255.255.0
pim sm
#
interface LoopBack1
ip address 8.8.8.9 255.255.255.255
pim sm
#
interface MTunnel0
ip binding vpn-instance VPN1
ip address 8.8.8.9 255.255.255.255
#
bgp 200
peer 5.5.5.9 as-number 200
peer 5.5.5.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 5.5.5.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 5.5.5.9 enable
#
ipv4-family mdt
policy vpn-target
peer 5.5.5.9 enable
#
ipv4-family vpn-instance VPN1
peer 10.2.1.1 as-number 65002
#
ospf 1
area 0.0.0.0
network 8.8.8.9 0.0.0.0
network 192.168.2.0 0.0.0.255
#
pim vpn-instance VPN1
rpf-vector rd
#
return
l Configuration file of P1
#
sysname P1
#
multicast routing-enable
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.1.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 172.16.2.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 2.2.2.9 0.0.0.0
network 192.168.1.0 0.0.0.255
network 172.16.2.0 0.0.0.255
#
return
l Configuration file of P2
sysname P2
#
multicast routing-enable
#
mpls lsr-id 7.7.7.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 172.16.1.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 192.168.2.1 255.255.255.0
pim sm
mpls
mpls ldp
#
interface LoopBack1
ip address 7.7.7.9 255.255.255.255
#
bgp 200
#
ipv4-family unicast
undo synchronization
#
ospf 1
area 0.0.0.0
network 7.7.7.9 0.0.0.0
network 172.16.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
return
l Configuration file of ASBR1
#
sysname ASBR1
#
multicast routing-enable
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 172.16.2.1 255.255.255.0
pim sm
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 192.168.3.1 255.255.255.0
pim sm
mpls
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
pim sm
#
interface LoopBack2
ip address 4.4.4.9 255.255.255.255
pim sm
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
peer 192.168.3.2 as-number 200
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
peer 192.168.3.2 enable
#
ipv4-family vpnv4
undo policy vpn-target
apply-label per-nexthop
peer 1.1.1.9 enable
peer 1.1.1.9 next-hop-local
peer 192.168.3.2 enable
#
ipv4-family mdt
undo policy vpn-target
peer 1.1.1.9 enable
peer 1.1.1.9 next-hop-local
peer 192.168.3.2 enable
#
ospf 1
area 0.0.0.0
network 3.3.3.9 0.0.0.0
network 4.4.4.9 0.0.0.0
network 172.16.2.0 0.0.0.255
#
return
l Configuration file of ASBR2
#
sysname ASBR2
#
multicast routing-enable
#
mpls lsr-id 5.5.5.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.3.2 255.255.255.0
pim sm
mpls
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 172.16.1.1 255.255.255.0
pim sm
mpls
mpls ldp
#
interface LoopBack1
ip address 5.5.5.9 255.255.255.255
pim sm
#
interface LoopBack2
ip address 6.6.6.9 255.255.255.255
pim sm
#
bgp 200
peer 8.8.8.9 as-number 200
peer 8.8.8.9 connect-interface LoopBack1
peer 192.168.3.1 as-number 100
#
ipv4-family unicast
undo synchronization
peer 8.8.8.9 enable
peer 192.168.3.1 enable
#
ipv4-family vpnv4
undo policy vpn-target
apply-label per-nexthop
peer 8.8.8.9 enable
peer 8.8.8.9 next-hop-local
peer 192.168.3.1 enable
#
ipv4-family mdt
undo policy vpn-target
peer 8.8.8.9 enable
peer 8.8.8.9 next-hop-local
peer 192.168.3.1 enable
#
ospf 1
area 0.0.0.0
network 5.5.5.9 0.0.0.0
network 6.6.6.9 0.0.0.0
network 172.16.1.0 0.0.0.255
#
return
l Configuration file of CE1
#
sysname CE1
#
multicast routing-enable
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.1.1 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.111.5.1 255.255.255.0
pim sm
igmp enable
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
pim sm
#
bgp 65001
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
network 1.1.1.1 255.255.255.255
import-route direct
peer 10.1.1.2 enable
#
return
Networking Requirements
After the BGP A-D mode is adopted, information about the multicast VPN PEs can be
discovered in the following way: A new address family is defined in the Subsequent Address
Family Identifier (SAFI) message advertised by BGP. In this manner, after the multicast VPN
is configured on a PE, the multicast VPN configurations, including the RD and the Share-
Group address, can be advertised to all BGP peers. After a remote PE (a BGP peer) receives
the SAFI message advertised through BGP, the remote PE compares the Share-Group address
carried in the message with its Share-Group address. If the share-group addresses are the
same, it indicates the remote PE is in the same VPN with the local PE. The remote PE then
uses the SAFI message to establish the Protocol Independent Multicast-Source-Specific
Multicast (PIM-SSM) multicast distribution tree (MDT) for transmitting multicast VPN
services.
As shown in Figure 7-26, in the single-AS MPLS/BGP VPN, PE1 and PE2 are added to the
VPN instance BLUE, the IP address of the Share-Group is within the SSM group address
range. The MDT-SAFI address family is enabled in the BGP view of each PE, and the MDT-
SAFI A-D mode is enabled for the VPN instance BLUE. The site to which CE1 belongs is
connected to the multicast source Source of the VPN instance BLUE, and CE2 is connected to
VPN users.
Based on the BGP A-D mechanism, every PE obtains and records information about all its
PEs in the VPN instance BLUE, and directly establishes the PIM-SSM MDT on the public
network for transmitting multicast VPN services. In this manner, the multicast data is sent
from the multicast source Source to the receiver.
Figure 7-26 Networking diagram of configuring the single-AS multicast VPN in MDT-SAFI
A-D mode
Source
VPN Receiver
BLUE Loopback1
VPN
GE1/0/0 CE1 BLUE
GE2/0/0
GE2/0/0
Public
GE1/0/0 GE1/0/0
POS2/0/0
PE1 P CE2
Loopback1 POS1/0/0 POS2/0/0 GE2/0/0
POS1/0/0 PE2
Loopback1
Loopback1
GE 2/0/0 10.110.2.1/24
Loopback 1 11.11.11.11/32
Loopback 1 1.1.1.1/32
Loopback 1 2.2.2.2/32
GE 2/0/0 10.110.3.1/24
Loopback 1 3.3.3.3/32
GE 2/0/0 10.110.4.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a VPN instance named BLUE enabled with the IPv4 address family on each
PE, and configure the Share-Group address, the range of the switch-MDT switch-group-
pool, and the MTunnel to be bound for the VPN instance. Then, bind the interface that
connects each PE to the corresponding CE to the VPN instance BLUE.
2. Configure a unicast routing protocol and enable the multicast function on the public
network and the VPN instance, ensuring that multicast routes are reachable on the public
network and in the VPN instance.
3. Configure basic MPLS functions and MPLS LDP, and set up LDP label switched paths
(LSPs) on the public network.
4. Configure the Multiprotocol Internal Border Gateway Protocol (MP-IBGP) peer
relationship between PEs, and configure a unicast routing protocol between each PE and
the corresponding CE, ensuring that routes are reachable between PEs and the
corresponding CEs.
5. Configure the MDT-SAFI A-D mode in the VPN instance IPv4 address family view of
each PE, and enable route exchange with the specific peer (peer group) in the address
family view. In this manner, the receiver can receive the multicast data from the
multicast source.
6. Globally configure the MDT-SAFI address family in the BGP view of each PE.
Data Preparation
To complete the configuration, you need the following data:
l RD of the VPN instance BLUE: 100:1
l RT of the VPN instance BLUE: 100:1
l Share-Group address of the VPN instance BLUE: 232.2.2.0
l Address pool range of the Switch-Group in the VPN instance BLUE: 225.1.1.0
255.255.255.240
Procedure
Step 1 Configure a VPN instance named BLUE enabled with the IPv4 address family on each PE,
and configure the Share-Group address, the range of the switch-MDT switch-group-pool, and
the MTunnel to be bound for the VPN instance. Then, bind the interface that connects each
PE to the corresponding CE to the VPN instance.
# Create a VPN instance named BLUE enabled with the IPv4 address on PE1 and globally
enable the multicast function in the VPN instance; configure the Share-Group address and the
range of the switch-MDT switch-group-pool for the VPN instance; bind the Share-Group
address to MTunnel 0; bind GE 1/0/0 that connects PE1 to CE1 to the VPN instance.
<Huawei> system-view
[Huawei] sysname PE1
[PE1] ip vpn-instance BLUE
[PE1-vpn-instance-BLUE] ipv4-family
[PE1-vpn-instance-BLUE-af-ipv4] route-distinguisher 100:1
[PE1-vpn-instance-BLUE-af-ipv4] vpn-target 100:1 both
[PE1-vpn-instance-BLUE-af-ipv4] multicast routing-enable
[PE1-vpn-instance-BLUE-af-ipv4] multicast-domain share-group 232.2.2.0 binding
mtunnel 0
[PE1-vpn-instance-BLUE-af-ipv4] multicast-domain switch-group-pool 225.1.1.0 28
[PE1-vpn-instance-BLUE-af-ipv4] quit
[PE1-vpn-instance-BLUE] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] ip binding vpn-instance BLUE
[PE1-GigabitEthernet1/0/0] quit
# Create a VPN instance named BLUE enabled with the IPv4 address on PE2 and globally
enable the multicast function in the VPN instance; configure the Share-Group address and the
range of the switch-MDT switch-group-pool for the VPN instance; bind the Share-Group
address to MTunnel 0; bind GE 2/0/0 that connects PE2 to CE2 to the VPN instance.
<Huawei> system-view
[Huawei] sysname PE2
[PE2] ip vpn-instance BLUE
[PE2-vpn-instance-BLUE] ipv4-family
[PE2-vpn-instance-BLUE-af-ipv4] route-distinguisher 100:1
[PE2-vpn-instance-BLUE-af-ipv4] vpn-target 100:1 both
[PE2-vpn-instance-BLUE-af-ipv4] multicast routing-enable
[PE2-vpn-instance-BLUE-af-ipv4] multicast-domain share-group 232.2.2.0 binding
mtunnel 0
[PE2-vpn-instance-BLUE-af-ipv4] multicast-domain switch-group-pool 225.1.1.0 28
[PE2-vpn-instance-BLUE-af-ipv4] quit
[PE2-vpn-instance-BLUE] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] ip binding vpn-instance BLUE
[PE2-GigabitEthernet2/0/0] quit
Step 2 Configure a unicast routing protocol and enable the multicast function on the public network,
ensuring that multicast routes are reachable on the public network.
# Configure OSPF on the public network, ensuring that unicast routes are reachable. Then,
globally enable the multicast function and enable PIM-SM on interfaces, ensuring that the
multicast network runs normally.
# Configure PE1.
[PE1] multicast routing-enable
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] pim sm
[PE1-LoopBack1] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] ip address 192.168.1.1 24
[PE1-Pos2/0/0] pim sm
[PE1-Pos2/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
[Huawei] sysname P
[P] multicast routing-enable
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] pim sm
[P-LoopBack1] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 192.168.1.2 24
[P-Pos1/0/0] pim sm
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] ip address 192.168.2.1 24
[P-Pos2/0/0] pim sm
[P-Pos2/0/0] quit
[PE1] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
[PE2] multicast routing-enable
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] pim sm
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 192.168.2.2 24
[PE2-Pos1/0/0] pim sm
[PE2-Pos1/0/0] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
Step 3 Configure a unicast routing protocol and enable the multicast function for the VPN instance
BLUE, ensuring that multicast routes of the VPN instance are reachable.
# Configure OSPF for the VPN instance BLUE, ensuring that unicast routes are reachable.
Then, globally enable the multicast function and enable PIM-SM on interfaces, ensuring that
the multicast network runs normally.
# Configure CE1.
<Huawei> system-view
[Huawei] sysname CE1
[CE1] multicast routing-enable
[CE1] interface loopback 1
[CE1-LoopBack1] ip address 11.11.11.11 32
[CE1-LoopBack1] pim sm
[CE1-LoopBack1] quit
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] ip address 10.110.1.1 24
[CE1-GigabitEthernet1/0/0] pim sm
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface gigabitethernet 2/0/0
[CE1-GigabitEthernet2/0/0] ip address 10.110.2.1 24
[CE1-GigabitEthernet2/0/0] pim sm
[CE1-GigabitEthernet2/0/0] quit
[CE1] ospf 2
[CE1-ospf-2] area 0
[CE1-ospf-2-area-0.0.0.0] network 11.11.11.11 0.0.0.0
[CE1-ospf-2-area-0.0.0.0] network 10.110.1.0 0.0.0.255
[CE1-ospf-2-area-0.0.0.0] network 10.110.2.0 0.0.0.255
[CE1-ospf-2-area-0.0.0.0] quit
[CE1-ospf-2] quit
# Configure PE1.
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] ip address 10.110.2.2 24
[PE1-GigabitEthernet1/0/0] pim sm
[PE1-GigabitEthernet1/0/0] quit
[PE1] ospf 2 vpn-instance BLUE
[PE1-ospf-2] area 0
[PE1-ospf-2-area-0.0.0.0] network 10.110.2.0 0.0.0.255
[PE1-ospf-2-area-0.0.0.0] quit
[PE1-ospf-2] quit
# Configure PE2.
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] ip address 10.110.3.1 24
[PE2-GigabitEthernet2/0/0] pim sm
[PE2-GigabitEthernet2/0/0] quit
[PE2] ospf 2 vpn-instance BLUE
[PE12-ospf-2] area 0
[PE21-ospf-2-area-0.0.0.0] network 10.110.3.0 0.0.0.255
[PE21-ospf-2-area-0.0.0.0] quit
[PE2-ospf-2] quit
# Configure CE2.
<Huawei> system-view
[Huawei] sysname CE2
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] ip address 10.110.3.2 24
[CE2-GigabitEthernet1/0/0] pim sm
[CE2-GigabitEthernet1/0/0] quit
[CE2] interface gigabitethernet 2/0/0
[CE2-GigabitEthernet2/0/0] ip address 10.110.4.1 24
[CE2-GigabitEthernet2/0/0] pim sm
[CE2-GigabitEthernet2/0/0] quit
[CE2] ospf 2
[CE2-ospf-2] area 0
[CE2-ospf-2-area-0.0.0.0] network 10.110.3.0 0.0.0.255
[CE2-ospf-2-area-0.0.0.0] network 10.110.4.0 0.0.0.255
[CE2-ospf-2-area-0.0.0.0] quit
[CE2-ospf-2] quit
Step 4 Configure basic MPLS functions and MPLS LDP and set up LDP LSPs on the public
network.
Configure the router IDs and MPLS label switching router (LSR) IDs of the PEs and the P
device, and enable MPLS and MPLS LDP globally and in the interface view.
# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 2/0/0
[PE1-POS2/0/0] mpls
[PE1-POS2/0/0] mpls ldp
[PE1-POS2/0/0] quit
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos 1/0/0
[P-POS1/0/0] mpls
[P-POS1/0/0] mpls ldp
[P-POS1/0/0] quit
[P] interface pos 2/0/0
[P-POS2/0/0] mpls
[P-POS2/0/0] mpls ldp
[P-POS2/0/0] quit
# Configure PE2.
[PE2] router id 3.3.3.3
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 1/0/0
[PE2-POS1/0/0] mpls
[PE2-POS1/0/0] mpls ldp
[PE2-POS1/0/0] quit
Step 5 Configure the MP-IBGP peer relationship between PEs, and configure a unicast routing
protocol between each PE and the corresponding CE, ensuring that routes are reachable
between PEs and the corresponding CEs.
# Configure PE1 and PE2 as MP-IBGP peers of each other and configure route exchange
between OSPF multi-instance and BGP, ensuring that routes are reachable between PEs and
CEs.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.3 as-number 100
[PE1-bgp] peer 3.3.3.3 connect-interface LoopBack 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.3 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] ipv4-family vpn-instance BLUE
[PE1-bgp-BLUE] import-route ospf 2
[PE1-bgp-BLUE] import-route direct
[PE1-bgp-BLUE] quit
[PE1-bgp] quit
[PE1] ospf 2 vpn-instance BLUE
[PE1-ospf-2] import-route bgp
[PE1-ospf-2] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.1 as-number 100
[PE2-bgp] peer 1.1.1.1 connect-interface LoopBack 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] ipv4-family vpn-instance BLUE
[PE2-bgp-BLUE] import-route ospf 2
[PE2-bgp-BLUE] import-route direct
[PE2-bgp-BLUE] quit
[PE2-bgp] quit
[PE2] ospf 2 vpn-instance BLUE
[PE2-ospf-2] import-route bgp
[PE2-ospf-2] quit
# Configure PE2.
[PE2] interface mtunnel 0
[PE2-MTunnel0] ip address 3.3.3.3 32
[PE2-MTunnel0] quit
Step 8 Configure the MDT-SAFI A-D mode for the VPN instance BLUE.
# Configure the MDT-SAFI address family in the BGP view and configure route exchange
with the specific peer. Then, configure the MDT-SAFI A-D mode in the IPv4 address family
view of the VPN instance BLUE to implement the BGP A-D function.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] ipv4-family mdt
[PE1-bgp-af-mdt] peer 3.3.3.3 enable
[PE1-bgp-af-mdt] quit
[PE1-bgp] quit
[PE1] ip vpn-instance BLUE
[PE1-vpn-instance-BLUE] ipv4-family
[PE1-vpn-instance-BLUE-af-ipv4] auto-discovery mdt
[PE1-vpn-instance-BLUE-af-ipv4] quit
[PE1-vpn-instance-BLUE] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] ipv4-family mdt
[PE2-bgp-af-mdt] peer 1.1.1.1 enable
[PE2-bgp-af-mdt] quit
[PE2-bgp] quit
[PE2] ip vpn-instance BLUE
[PE2-vpn-instance-BLUE] ipv4-family
[PE2-vpn-instance-BLUE-af-ipv4] auto-discovery mdt
[PE2-vpn-instance-BLUE-af-ipv4] quit
[PE2-vpn-instance-BLUE] quit
(1.1.1.1, 232.2.2.0)
Protocol: pim-ssm, Flag: SG_RCVR
UpTime: 00:36:36
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 192.168.2.1
RPF prime neighbor: 192.168.2.1
Downstream interface(s) information:
Total number of downstreams: 1
1: VPN-Instance: BLUE
Protocol: MD, UpTime: 00:36:36, Expires: -
(3.3.3.3, 232.2.2.0)
Protocol: pim-ssm, Flag: LOC
UpTime: 00:36:34
Upstream interface: LoopBack1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface(s) information:
Total number of downstreams: 1
1: Gigabit1/0/0
Protocol: pim-ssm, UpTime: 00:36:34, Expires: 00:02:54
# Run the display pim vpn-instance BLUE routing-table on PE2 to view the PIM routing
table of the VPN instance BLUE. You can find that PIM entries of the VPN instance BLUE
are created on PE2.
<PE2> display pim vpn-instance BLUE routing-table
VPN-Instance: BLUE
Total 1 (*, G) entry; 1 (S, G) entry
(*, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: WC
UpTime: 00:00:54
Upstream interface: MTunnel0
Upstream neighbor: 1.1.1.1
RPF prime neighbor: 1.1.1.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-sm, UpTime: 00:00:54, Expires: 00:02:36
(10.110.1.2, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: SPT
UpTime: 00:05:06
Upstream interface: MTunnel0
Upstream neighbor: 1.1.1.1
RPF prime neighbor: 1.1.1.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-sm, UpTime: 00:00:54, Expires: 00:02:36
# Run the display multicast vpn-instance BLUE routing-table on PE2 to view the multicast
routing table of the VPN instance BLUE. The following command output shows that
multicast data has reached the receiver PE2.
<PE2> display multicast vpn-instance BLUE routing-table
Multicast routing table of VPN-Instance: BLUE
Total 1 entry
# After the preceding configurations, run the display pim routing-table on CE2 to view the
PIM routing table. You can find that the receiver can receive multicast data from the multicast
source.
<CE2> display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry
(*, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: WC
UpTime: 00:03:36
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 10.110.3.1
RPF prime neighbor: 10.110.3.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: igmp, UpTime: 00:03:36, Expires: -
(10.110.1.2, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:10:55
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 10.110.3.1
RPF prime neighbor: 10.110.3.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-sm, UpTime: 00:03:36, Expires: -
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
router id 1.1.1.1
#
multicast routing-enable
#
ip vpn-instance BLUE
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 232.2.2.0 binding mtunnel 0
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
pim sm
#
interface MTunnel0
ip binding vpn-instance BLUE
ip address 3.3.3.3 255.255.255.255
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family mdt
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance BLUE
import-route direct
import-route ospf 2
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 192.168.2.0 0.0.0.255
#
ospf 2 vpn-instance BLUE
import-route bgp
area 0.0.0.0
network 10.110.3.0 0.0.0.255
#
return
#
return
Networking Requirements
After the BGP A-D mode is adopted, information about the multicast VPN PEs can be
discovered in the following way: A new address family is defined in the Subsequent Address
Family Identifier (SAFI) message advertised by BGP. In this manner, after the multicast VPN
is configured on a PE, the multicast VPN configurations, including the RD and the Share-
Group address, can be advertised to all BGP peers. After a remote PE (a BGP peer) receives
the SAFI message advertised through BGP, the remote PE compares the Share-Group address
carried in the message with its Share-Group address. If the share-group addresses are the
same, it indicates the remote PE is in the same VPN with the local PE. The remote PE then
uses the SAFI message to establish the Protocol Independent Multicast-Source-Specific
Multicast (PIM-SSM) multicast distribution tree (MDT) for transmitting multicast VPN
services.
As shown in Figure 7-27, in the single-AS MPLS/BGP VPN, PE1 and PE2 are added to the
VPN instance BLUE, and the IP address of the Share-Group is in the SSM range. The
MCAST-VPN SAFI address family is enabled in the BGP view of each PE, and the MCAST-
VPN SAFI A-D mode is enabled for the VPN instance BLUE. The site to which CE1 belongs
is connected to the multicast source of the VPN instance BLUE, and CE2 is connected to the
VPN users.
Based on the BGP A-D mechanism, every PE obtains and records information about all its
PEs in the VPN instance BLUE, and directly establishes the PIM-SSM MDT on the public
network for transmitting multicast VPN services. In this manner, the multicast data is sent
from the multicast source Source to the Receiver.
Figure 7-27 Networking diagram of configuring the single-AS multicast VPN in MCAST-
VPN SAFI A-D mode
Source
Receiver
VPN
BLUE Loopback1
VPN
GE1/0/0 CE1 BLUE
GE2/0/0
GE2/0/0
Public
GE1/0/0 GE1/0/0
POS2/0/0
PE1 P CE2
Loopback1 POS1/0/0 POS2/0/0 GE2/0/0
POS1/0/0 PE2
Loopback1
Loopback1
GE 2/0/0 10.110.2.1/24
Loopback 1 11.11.11.11/32
Loopback 1 1.1.1.1/32
Loopback 1 2.2.2.2/32
GE 2/0/0 10.110.3.1/24
Loopback 1 3.3.3.3/32
GE 2/0/0 10.110.4.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a VPN instance named BLUE enabled with the IPv4 address family on each
PE, and configure the Share-Group address, the range of the switch-multicast
distribution tree (switch-MDT) switch-group-pool, and the MTunnel to be bound for the
VPN instance. Then, bind the interface that connects each PE to the corresponding CE to
the VPN instance.
2. Configure a unicast routing protocol and enable the multicast function on the public
network and in the VPN instance, ensuring that multicast routes are reachable on the
public network and in the VPN instance.
3. Configure basic MPLS functions and MPLS LDP and set up LDP LSPs on the public
network.
4. Configure the Multiprotocol Internal Border Gateway Protocol (MP-IBGP) peer
relationship between PEs, and configure a unicast routing protocol between each PE and
the corresponding CE, ensuring that routes are reachable between PEs and the
corresponding CEs.
5. Configure the MCAST-VPN SAFI A-D mode in the VPN instance IPv4 address family
view of each PE, and enable route exchange with the specific peer (peer group) in the
address family view. In this manner, the receiver can receive the multicast data from the
multicast source.
6. Globally configure the MCAST-VPN SAFI address family in the BGP view of each PE.
Data Preparation
To complete the configuration, you need the following data:
l RD of the VPN instance BLUE: 100:1
l RT of the VPN instance BLUE: 100:1
l Share-Group address of the VPN instance BLUE: 232.2.2.0
l Address pool range of the Switch-Group in the VPN instance BLUE: 225.1.1.0
255.255.255.240
Procedure
Step 1 Configure a VPN instance named BLUE enabled with the IPv4 address family on each PE,
and configure the Share-Group address, the range of the switch-MDT switch-group-pool, and
the MTunnel to be bound for the VPN instance. Then, bind the interface that connects each
PE to the corresponding CE to the VPN instance BLUE.
# Create a VPN instance named BLUE enabled with the IPv4 address on PE1 and globally
enable the multicast function in the VPN instance; configure the Share-Group address and the
range of the switch-MDT switch-group-pool for the VPN instance; bind the Share-Group
address to MTunnel 0; bind GE 1/0/0 that connects PE1 to CE1 to the VPN instance.
<Huawei> system-view
[Huawei] sysname PE1
[PE1] ip vpn-instance BLUE
[PE1-vpn-instance-BLUE] ipv4-family
[PE1-vpn-instance-BLUE-af-ipv4] route-distinguisher 100:1
[PE1-vpn-instance-BLUE-af-ipv4] vpn-target 100:1 both
[PE1-vpn-instance-BLUE-af-ipv4] multicast routing-enable
[PE1-vpn-instance-BLUE-af-ipv4] multicast-domain share-group 232.2.2.0 binding
mtunnel 0
[PE1-vpn-instance-BLUE-af-ipv4] multicast-domain switch-group-pool 225.1.1.0 28
[PE1-vpn-instance-BLUE-af-ipv4] quit
[PE1-vpn-instance-BLUE] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] ip binding vpn-instance BLUE
[PE1-GigabitEthernet1/0/0] quit
# Create a VPN instance named BLUE enabled with the IPv4 address on PE2 and globally
enable the multicast function in the VPN instance; configure the Share-Group address and the
range of the switch-MDT switch-group-pool for the VPN instance; bind the Share-Group
address to MTunnel 0; bind GE 2/0/0 that connects PE2 to CE2 to the VPN instance.
<Huawei> system-view
[Huawei] sysname PE2
[PE2] ip vpn-instance BLUE
[PE2-vpn-instance-BLUE] ipv4-family
[PE2-vpn-instance-BLUE-af-ipv4] route-distinguisher 100:1
[PE2-vpn-instance-BLUE-af-ipv4] vpn-target 100:1 both
[PE2-vpn-instance-BLUE-af-ipv4] multicast routing-enable
[PE2-vpn-instance-BLUE-af-ipv4] multicast-domain share-group 232.2.2.0 binding
mtunnel 0
[PE2-vpn-instance-BLUE-af-ipv4] multicast-domain switch-group-pool 225.1.1.0 28
[PE2-vpn-instance-BLUE-af-ipv4] quit
[PE2-vpn-instance-BLUE] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] ip binding vpn-instance BLUE
[PE2-GigabitEthernet2/0/0] quit
Step 2 Configure a unicast routing protocol and enable the multicast function on the public network,
ensuring that multicast routes are reachable on the public network.
# Configure OSPF on the public network, ensuring that unicast routes are reachable. Then,
globally enable the multicast function and enable PIM-SM on interfaces, ensuring that the
multicast network runs normally.
# Configure PE1.
[PE1] multicast routing-enable
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] pim sm
[PE1-LoopBack1] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] ip address 192.168.1.1 24
[PE1-Pos2/0/0] pim sm
[PE1-Pos2/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
[PE2] multicast routing-enable
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] pim sm
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 192.168.2.2 24
[PE2-Pos1/0/0] pim sm
[PE2-Pos1/0/0] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
Step 3 Configure a unicast routing protocol and enable the multicast function in the VPN instance
BLUE, ensuring that multicast routes are reachable in the VPN instance.
# Configure OSPF for the VPN instance BLUE, ensuring that unicast routes are reachable.
Then, globally enable the multicast function and enable PIM-SM on interfaces, ensuring that
the multicast network runs normally.
# Configure CE1.
<Huawei> system-view
[Huawei] sysname CE1
[CE1] multicast routing-enable
[CE1] interface loopback 1
[CE1-LoopBack1] ip address 11.11.11.11 32
[CE1-LoopBack1] pim sm
[CE1-LoopBack1] quit
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] ip address 10.110.1.1 24
[CE1-GigabitEthernet1/0/0] pim sm
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface gigabitethernet 2/0/0
[CE1-GigabitEthernet2/0/0] ip address 10.110.2.1 24
[CE1-GigabitEthernet2/0/0] pim sm
[CE1-GigabitEthernet2/0/0] quit
[CE1] ospf 2
[CE1-ospf-2] area 0
[CE1-ospf-2-area-0.0.0.0] network 11.11.11.11 0.0.0.0
[CE1-ospf-2-area-0.0.0.0] network 10.110.1.0 0.0.0.255
[CE1-ospf-2-area-0.0.0.0] network 10.110.2.0 0.0.0.255
[CE1-ospf-2-area-0.0.0.0] quit
[CE1-ospf-2] quit
# Configure PE1.
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] ip address 10.110.2.2 24
[PE1-GigabitEthernet1/0/0] pim sm
[PE1-GigabitEthernet1/0/0] quit
[PE1] ospf 2 vpn-instance BLUE
[PE1-ospf-2] area 0
[PE1-ospf-2-area-0.0.0.0] network 10.110.2.0 0.0.0.255
[PE1-ospf-2-area-0.0.0.0] quit
[PE1-ospf-2] quit
# Configure PE2.
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] ip address 10.110.3.1 24
[PE2-GigabitEthernet2/0/0] pim sm
[PE2-GigabitEthernet2/0/0] quit
[PE2] ospf 2 vpn-instance BLUE
[PE12-ospf-2] area 0
[PE21-ospf-2-area-0.0.0.0] network 10.110.3.0 0.0.0.255
[PE21-ospf-2-area-0.0.0.0] quit
[PE2-ospf-2] quit
# Configure CE2.
<Huawei> system-view
[Huawei] sysname CE2
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] ip address 10.110.3.2 24
[CE2-GigabitEthernet1/0/0] pim sm
[CE2-GigabitEthernet1/0/0] quit
[CE2] interface gigabitethernet 2/0/0
[CE2-GigabitEthernet2/0/0] ip address 10.110.4.1 24
[CE2-GigabitEthernet2/0/0] pim sm
[CE2-GigabitEthernet2/0/0] quit
[CE2] ospf 2
[CE2-ospf-2] area 0
[CE2-ospf-2-area-0.0.0.0] network 10.110.3.0 0.0.0.255
[CE2-ospf-2-area-0.0.0.0] network 10.110.4.0 0.0.0.255
[CE2-ospf-2-area-0.0.0.0] quit
[CE2-ospf-2] quit
Step 4 Configure basic MPLS functions and MPLS LDP and set up LDP LSPs on the public
network.
# Configure the router IDs and MPLS LSR IDs of the PEs and the P device, and enable
MPLS and MPLS LDP globally and in the interface view.
# Configure PE1.
[PE1] router id 1.1.1.1
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 2/0/0
[PE1-POS2/0/0] mpls
[PE1-POS2/0/0] mpls ldp
[PE1-POS2/0/0] quit
# Configure PE2.
[PE2] router id 3.3.3.3
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
Step 5 Configure the MP-IBGP peer relationship between PEs, and configure a unicast routing
protocol between each PE and the corresponding CE, ensuring that routes are reachable
between PEs and the corresponding CEs.
# Configure PE1 and PE2 as MP-IBGP peers of each other and configure route exchange
between OSPF multi-instance and BGP, ensuring that routes are reachable between PEs and
CEs.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.3 as-number 100
[PE1-bgp] peer 3.3.3.3 connect-interface LoopBack 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.3 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] ipv4-family vpn-instance BLUE
[PE1-bgp-BLUE] import-route ospf 2
[PE1-bgp-BLUE] import-route direct
[PE1-bgp-BLUE] quit
[PE1-bgp] quit
[PE1] ospf 2 vpn-instance BLUE
[PE1-ospf-2] import-route bgp
[PE1-ospf-2] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.1 as-number 100
[PE2-bgp] peer 1.1.1.1 connect-interface LoopBack 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] ipv4-family vpn-instance BLUE
[PE2-bgp-BLUE] import-route ospf 2
[PE2-bgp-BLUE] import-route direct
[PE2-bgp-BLUE] quit
[PE2-bgp] quit
[PE2] ospf 2 vpn-instance BLUE
[PE2-ospf-2] import-route bgp
[PE2-ospf-2] quit
# On each PE, configure the IP address of loopback 1 as the IP address of the MTI (in this
manner, the system automatically binds the MTI to the VPN instance BLUE).
# Configure PE1.
[PE1] interface mtunnel 0
[PE1-MTunnel0] ip address 1.1.1.1 32
[PE1-MTunnel0] quit
# Configure PE2.
[PE2] interface mtunnel 0
[PE2-MTunnel0] ip address 3.3.3.3 32
[PE2-MTunnel0] quit
Step 8 Configure the MCAST-VPN SAFI A-D mode for the VPN instance BLUE.
# Configure the MCAST-VPN SAFI address family in the BGP view and configure route
exchange with the specific peer. Then, configure the MCAST-VPN SAFI mode in the IPv4
address family view of the VPN instance BLUE to implement the BGP A-D function.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] ipv4-family mvpn
[PE1-bgp-af-mdt] peer 3.3.3.3 enable
[PE1-bgp-af-mdt] quit
[PE1-bgp] quit
[PE1] ip vpn-instance BLUE
[PE1-vpn-instance-BLUE] ipv4-family
[PE1-vpn-instance-BLUE-af-ipv4] auto-discovery mvpn
[PE1-vpn-instance-BLUE-af-ipv4] quit
[PE1-vpn-instance-BLUE] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] ipv4-family mvpn
[PE2-bgp-af-mdt] peer 1.1.1.1 enable
[PE2-bgp-af-mdt] quit
[PE2-bgp] quit
[PE2] ip vpn-instance BLUE
[PE2-vpn-instance-BLUE] ipv4-family
[PE2-vpn-instance-BLUE-af-ipv4] auto-discovery mvpn
[PE2-vpn-instance-BLUE-af-ipv4] quit
[PE2-vpn-instance-BLUE] quit
(1.1.1.1, 232.2.2.0)
Protocol: pim-ssm, Flag: SG_RCVR
UpTime: 00:36:36
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 192.168.2.1
RPF prime neighbor: 192.168.2.1
Downstream interface(s) information:
Total number of downstreams: 1
1: VPN-Instance: BLUE
Protocol: MD, UpTime: 00:36:36, Expires: -
(3.3.3.3, 232.2.2.0)
Protocol: pim-ssm, Flag: LOC
UpTime: 00:36:34
# Run the display pim vpn-instance BLUE routing-table on PE2 to view the PIM routing
table of the VPN instance BLUE. You can find that PIM entries of the VPN instance BLUE
are created on PE2.
<PE2> display pim vpn-instance BLUE routing-table
VPN-Instance: BLUE
Total 1 (*, G) entry; 1 (S, G) entry
(*, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: WC
UpTime: 00:00:54
Upstream interface: MTunnel0
Upstream neighbor: 1.1.1.1
RPF prime neighbor: 1.1.1.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-sm, UpTime: 00:00:54, Expires: 00:02:36
(10.110.1.2, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: SPT
UpTime: 00:05:06
Upstream interface: MTunnel0
Upstream neighbor: 1.1.1.1
RPF prime neighbor: 1.1.1.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-sm, UpTime: 00:00:54, Expires: 00:02:36
# Run the display multicast vpn-instance BLUE routing-table on PE2 to view the multicast
routing table of the VPN instance BLUE. You can find that multicast data has reached the
receiver PE2.
<PE2> display multicast vpn-instance BLUE routing-table
Multicast routing table of VPN-Instance: BLUE
Total 1 entry
# After the preceding configurations, run the display pim routing-table on CE2 to view the
PIM routing table. You can find that the receiver can receive multicast data from the multicast
source.
<CE2> display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry
(*, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: WC
UpTime: 00:03:36
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 10.110.3.1
RPF prime neighbor: 10.110.3.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: igmp, UpTime: 00:03:36, Expires: -
(10.110.1.2, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:10:55
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 10.110.3.1
RPF prime neighbor: 10.110.3.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-sm, UpTime: 00:03:36, Expires: -
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
router id 1.1.1.1
#
multicast routing-enable
#
ip vpn-instance BLUE
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 232.2.2.0 binding mtunnel 0
multicast-domain switch-group-pool 225.1.1.0 255.255.255.240
auto-discovery mvpn
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip binding vpn-instance BLUE
ip address 10.110.2.2 255.255.255.0
pim sm
#
interface POS2/0/0
link-protocol ppp
undo shutdown
pim sm
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
return
l Configuration file of PE2
#
sysname PE2
#
router id 3.3.3.3
#
multicast routing-enable
#
ip vpn-instance BLUE
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 232.2.2.0 binding mtunnel 0
multicast-domain switch-group-pool 225.1.1.0 255.255.255.240
auto-discovery mvpn
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface POS1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip binding vpn-instance BLUE
ip address 10.110.3.1 255.255.255.0
pim sm
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
pim sm
#
interface MTunnel0
ip binding vpn-instance BLUE
ip address 3.3.3.3 255.255.255.255
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family mvpn
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance BLUE
import-route direct
import-route ospf 2
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 192.168.2.0 0.0.0.255
#
ospf 2 vpn-instance BLUE
import-route bgp
area 0.0.0.0
network 10.110.3.0 0.0.0.255
#
return
l Configuration file of CE1
#
sysname CE1
#
multicast routing-enable
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.110.1.1 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.110.2.1 255.255.255.0
pim sm
#
interface LoopBack1
ip address 11.11.11.11 255.255.255.255
pim sm
#
ospf 2
area 0.0.0.0
network 10.110.1.0 0.0.0.255
network 10.110.2.0 0.0.0.255
network 11.11.11.11 0.0.0.0
#
pim
c-bsr LoopBack1
c-rp LoopBack1
#
return
l Configuration file of CE2
#
sysname CE2
#
multicast routing-enable
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.110.3.2 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.110.4.1 255.255.255.0
pim sm
igmp enable
#
ospf 2
area 0.0.0.0
network 10.110.3.0 0.0.0.255
network 10.110.4.0 0.0.0.255
#
return
Networking Requirements
In current multicast VPN applications, only VPN sites in the same VPN can transmit
multicast traffic between each other. Inter-VPN multicast traffic transmission, however, is not
supported.
In actual situations, it is common that two enterprises in different VPNs need to communicate
or a service provider needs to provide multicast services for multiple customers but the
service provider and the customers are in different VPNs. Therefore, inter-VPN multicast
service transmission becomes necessary so that multicast data from a user in one VPN can
reach users in other VPNs.
On a single-AS MPLS/BGP VPN shown in Figure 7-28, Receiver in VPN RED wants to
receive multicast data from Source in VPN BLUE. To meet such a requirement, you can
configure a multicast routing policy for VPN RED on receiver PE (PE2), setting the upstream
of the Reverse Path Forwarding (RPF) route to VPN BLUE. In this manner, Receiver in VPN
RED can receive multicast data from Source in VPN BLUE.
NOTE
In such a scenario, Source and Receiver are in different VPNs. The source VPN and receiver VPN can
be only PIM-SM/Source-Specific Multicast (SSM) networks.
Figure 7-28 Networking diagram for configuring the source VPN instance on the receiver PE
in the remote-cross scenario of multicast VPN extranet
Source
VPN Receiver
BLUE Loopback1
VPN
GE1/0/0 CE1 RED
GE2/0/0
GE2/0/0
Public
GE1/0/0 GE1/0/0
POS2/0/0
PE1 P CE2
Loopback1 POS1/0/0 POS2/0/0 GE2/0/0
POS1/0/0 PE2
Loopback1
Loopback1
GE 2/0/0 10.110.2.1/24
Loopback1 11.11.11.11/32
Loopback1 1.1.1.1/32
Loopback1 2.2.2.2/32
GE 2/0/0 10.110.3.1/24
Loopback1 3.3.3.3/32
GE 2/0/0 10.110.4.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MPLS functions and MPLS LDP and set up LDP LSPs on the public
network.
2. Configure a unicast routing protocol on the public network and enable the multicast
function, ensuring normal multicast routing on the public network.
3. Create a VPN instance enabled with the IPv4 address family on each PE; set the share-
group address and address pool range of the switch-group for each VPN instance; create
MTunnel interfaces; bind the interface connecting a PE to a CE to a VPN instance.
4. Configure a unicast routing protocol on the public network and enable the multicast
function in each VPN instance enabled with the IPv4 address family, ensuring normal
multicast routing in the VPN instance.
5. Establish a Multiprotocol Internal Border Gateway Protocol (MP-IBGP) peer
relationship between PEs and configure a unicast routing protocol between a PE and a
CE to ensure that the PE and the CE are routable.
6. Configure the VPN instance (VPN BLUE) enabled with the IPv4 address family on PE2
and bind the VPN instance to an MTunnel interface.
7. Configure Rendezvous Points (RPs) to serve the public network and the multicast groups
running the multicast VPN extranet service respectively; configure a multicast routing
policy for VPN RED, specifying VPN BLUE as the upstream of the Reverse Path
Forwarding (RPF) route so that Receiver in VPN RED can receive multicast data from
Source in VPN BLUE.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure basic MPLS functions and MPLS LDP and set up LDP LSPs on the public
network.
Configure router IDs and MPLS LSR IDs for PEs and P; enable MPLS and MPLS LDP in
both the system view and the interface view.
# Configure PE1.
<Huawei> system-view
[Huawei] sysname PE1
[PE1] router id 1.1.1.1
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 2/0/0
[PE1-POS2/0/0] mpls
[PE1-POS2/0/0] mpls ldp
[PE1-POS2/0/0] quit
# Configure P.
<Huawei> system-view
[Huawei] sysname P
[P] router id 2.2.2.2
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos 1/0/0
[P-POS1/0/0] mpls
[P-POS1/0/0] mpls ldp
[P-POS1/0/0] quit
[P] interface pos 2/0/0
[P-POS2/0/0] mpls
[P-POS2/0/0] mpls ldp
[P-POS2/0/0] quit
# Configure PE2.
<Huawei> system-view
[Huawei] sysname PE2
[PE2] router id 3.3.3.3
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 1/0/0
[PE2-POS1/0/0] mpls
[PE2-POS1/0/0] mpls ldp
[PE2-POS1/0/0] quit
Step 2 Configure a unicast routing protocol on the public network and enable the multicast function,
ensuring normal multicast routing on the public network.
# Configure OSPF on the public network to ensure that devices on the public network are
routable. Enable the global multicast function and enable the PIM function in the interface
view, ensuring normal running of the multicast network.
# Configure PE1.
[PE1] multicast routing-enable
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] pim sm
[PE1-LoopBack1] quit
[PE1] interface pos 2/0/0
[PE1-Pos2/0/0] ip address 192.168.1.1 24
[PE1-Pos2/0/0] pim sm
[PE1-Pos2/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
[P] multicast routing-enable
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] pim sm
[P-LoopBack1] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 192.168.1.2 24
[P-Pos1/0/0] pim sm
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
# Configure PE2.
[PE2] multicast routing-enable
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] pim sm
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 192.168.2.2 24
[PE2-Pos1/0/0] pim sm
[PE2-Pos1/0/0] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
Step 3 Create a VPN instance enabled with the IPv4 address family on each PE; set the share-group
address and address pool range of the switch-group for each VPN instance; create MTunnel
interfaces; bind the interface connecting a PE to a CE to a VPN instance.
# On PE1, create VPN BLUE enabled with the IPv4 address family. Enable the global
multicast function in VPN BLUE and set the share-group address and address pool range of
the switch-group for VPN BLUE. Bind the share-group address to MTunnel 0 and bind GE
1/0/0 connecting PE1 to CE1 to VPN BLUE.
[PE1] ip vpn-instance BLUE
[PE1-vpn-instance-BLUE] ipv4-family
[PE1-vpn-instance-BLUE-af-ipv4] route-distinguisher 100:1
[PE1-vpn-instance-BLUE-af-ipv4] vpn-target 100:1 both
[PE1-vpn-instance-BLUE-af-ipv4] multicast routing-enable
[PE1-vpn-instance-BLUE-af-ipv4] multicast-domain share-group 239.0.0.0 binding
mtunnel 0
[PE1-vpn-instance-BLUE-af-ipv4] multicast-domain switch-group-pool 225.1.1.0 28
[PE1-vpn-instance-BLUE-af-ipv4] quit
[PE1-vpn-instance-BLUE] quit
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] ip binding vpn-instance BLUE
[PE1-GigabitEthernet1/0/0] ip address 10.110.2.2 24
[PE1-GigabitEthernet1/0/0] pim sm
[PE1-GigabitEthernet1/0/0] quit
# On PE2, create VPN RED enabled with the IPv4 address family. Enable the global multicast
function in VPN RED and set the share-group address and address pool range of the switch-
group for VPN RED. Bind the share-group address to MTunnel 1 and bind GE 2/0/0
connecting PE2 to CE2 to VPN RED. Import the routes from VPN BLUE into VPN RED.
[PE2] ip vpn-instance RED
[PE2-vpn-instance-RED] ipv4-family
[PE2-vpn-instance-RED-af-ipv4] route-distinguisher 200:1
[PE2-vpn-instance-RED-af-ipv4] vpn-target 200:1 both
[PE2-vpn-instance-RED-af-ipv4] vpn-target 100:1 import-extcommunity
[PE2-vpn-instance-RED-af-ipv4] multicast routing-enable
[PE2-vpn-instance-RED-af-ipv4] multicast-domain share-group 238.0.0.0 binding
mtunnel 1
Step 4 Configure a unicast routing protocol on the public network and enable the multicast function
in VPN BLUE and VPN RED separately, ensuring normal multicast routing in the VPN
instances.
# Configure OSPF in VPN BLUE and VPN RED to ensure that devices in the VPN instances
are routable. Enable the global multicast function and enable the PIM function in the interface
view, ensuring normal running of the multicast networks in the VPN instances.
# Configure CE1.
<Huawei> system-view
[Huawei] sysname CE1
[CE1] multicast routing-enable
[CE1] interface loopback 1
[CE1-LoopBack1] ip address 11.11.11.11 32
[CE1-LoopBack1] pim sm
[CE1-LoopBack1] quit
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] ip address 10.110.1.1 24
[CE1-GigabitEthernet1/0/0] pim sm
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface gigabitethernet 2/0/0
[CE1-GigabitEthernet2/0/0] ip address 10.110.2.1 24
[CE1-GigabitEthernet2/0/0] pim sm
[CE1-GigabitEthernet2/0/0] quit
[CE1] ospf 2
[CE1-ospf-2] area 0
[CE1-ospf-2-area-0.0.0.0] network 11.11.11.11 0.0.0.0
[CE1-ospf-2-area-0.0.0.0] network 10.110.1.0 0.0.0.255
[CE1-ospf-2-area-0.0.0.0] network 10.110.2.0 0.0.0.255
[CE1-ospf-2-area-0.0.0.0] quit
[CE1-ospf-2] quit
# Configure CE2.
<Huawei> system-view
[Huawei] sysname CE2
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] ip address 10.110.3.2 24
[CE2-GigabitEthernet1/0/0] pim sm
[CE2-GigabitEthernet1/0/0] quit
[CE2] interface gigabitethernet 2/0/0
[CE2-GigabitEthernet2/0/0] ip address 10.110.4.1 24
[CE2-GigabitEthernet2/0/0] pim sm
[CE2-GigabitEthernet2/0/0] quit
[CE2] ospf 2
[CE2-ospf-2] area 0
[CE2-ospf-2-area-0.0.0.0] network 10.110.3.0 0.0.0.255
[CE2-ospf-2-area-0.0.0.0] network 10.110.4.0 0.0.0.255
[CE2-ospf-2-area-0.0.0.0] quit
[CE2-ospf-2] quit
Step 5 Configure VPN BLUE enabled with the IPv4 address family on PE2 and bind VPN BLUE to
MTunnel 0.
# Configure VPN BLUE enabled with the IPv4 address family on PE2, set the share-group
address and address pool range of the switch-group for VPN BLUE, and bind the share-group
address to MTunnel 0.
Step 6 Establish an MP-IBGP peer relationship between PEs and configure a unicast routing protocol
between a PE and a CE to ensure that the PE and the CE are routable.
# Establish an MP-IBGP peer relationship between PE1 and PE2 and configure OSPF
between CE1 and PE1 and between CE2 and PE2 to ensure that PEs and CEs are routable.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.3 as-number 100
[PE1-bgp] peer 3.3.3.3 connect-interface LoopBack 1
[PE1-bgp] ipv4-family vpn-instance BLUE
[PE1-bgp-BLUE] import-route ospf 2
[PE1-bgp-BLUE] import-route direct
[PE1-bgp-BLUE] quit
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.3 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
[PE1] ospf 2 vpn-instance BLUE
[PE1-ospf-2] import-route bgp
[PE1-ospf-2] area 0
[PE1-ospf-2-area-0.0.0.0] network 10.110.2.0 0.0.0.255
[PE1-ospf-2-area-0.0.0.0] quit
[PE1-ospf-2] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.1 as-number 100
[PE2-bgp] peer 1.1.1.1 connect-interface LoopBack 1
[PE2-bgp] ipv4-family vpn-instance BLUE
[PE2-bgp-BLUE] import-route ospf 2
[PE2-bgp-BLUE] import-route direct
[PE2-bgp-BLUE] quit
[PE2-bgp] ipv4-family vpn-instance RED
[PE2-bgp-RED] import-route ospf 2
[PE2-bgp-RED] import-route direct
[PE2-bgp-RED] quit
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] quit
[PE2] ospf 2 vpn-instance RED
[PE2-ospf-3] import-route bgp
[PE2-ospf-2] area 0
[PE2-ospf-2-area-0.0.0.0] network 10.110.3.0 0.0.0.255
[PE2-ospf-2-area-0.0.0.0] quit
[PE2-ospf-2] quit
# Configure PE2.
[PE2] interface mtunnel 0
[PE2-MTunnel0] ip address 3.3.3.3 32
[PE2-MTunnel0] quit
[PE2] interface mtunnel 1
[PE2-MTunnel1] ip address 3.3.3.3 32
[PE2-MTunnel1] quit
Step 9 Configure an RP to serve the multicast groups running the multicast VPN extranet service.
# In the PIM view of CE1 and CE2, view of VPN BLUE on PE1 and PE2, and view of VPN
RED on PE2, configure loopback 1 of CE1 as a static RP to serve the multicast groups
running the multicast VPN extranet service.
NOTE
Source VPN instances and receiver VPN instances support only static RPs. In addition, static RPs can be
deployed only in source VPN instances.
# Configure CE1.
[CE1] pim
[CE1-pim] static-rp 11.11.11.11
[CE1-pim] quit
# Configure PE1.
[PE1] pim vpn-instance BLUE
[PE1-pim-BLUE] static-rp 11.11.11.11
[PE1-pim-BLUE] quit
# Configure PE2.
[PE2] pim vpn-instance BLUE
[PE2-pim-BLUE] static-rp 11.11.11.11
[PE2-pim-BLUE] quit
[PE2] pim vpn-instance RED
[PE2-pim-RED] static-rp 11.11.11.11
[PE2-pim-RED] quit
# Configure CE2.
[CE2] pim
[CE2-pim] static-rp 11.11.11.11
[CE2-pim] quit
# Configure a multicast routing policy for VPN RED, specifying VPN BLUE as the upstream
of the RPF route selected by the PIM entry corresponding to group 228.0.0.0/24 so that
Receiver in VPN RED can receive multicast data from Source in VPN BLUE.
NOTE
The address range of the multicast groups running the multicast VPN extranet service cannot overlap the
multicast group address range internally used by the local VPN; the address range of the multicast
groups running the multicast VPN extranet service set in the newly configured multicast routing policy
cannot overlap the address range set in the previously configured multicast routing policy.
The SSM group address range must be set consistently for both the source VPN and the receiver VPN
for providing the multicast VPN extranet service.
[PE2] ip vpn-instance RED
[PE2-vpn-instance-RED] multicast extranet select-rpf vpn-instance BLUE group
228.1.1.0 24
[PE2-vpn-instance-RED] quit
By checking the configuration result, you can view that Receiver in VPN RED can receive
multicast data from Source in VPN BLUE.
# Run the display pim routing-table command on PE2 to check information about the PIM
routing table. The following command output shows that the upstream of the RPF route
selected by the PIM entry corresponding to group 228.0.0.1 is VPN BLUE.
<PE2> display pim vpn-instance RED routing-table extranet source-vpn-instance BLUE
VPN-Instance: RED
Total 1 (*, G) entry; 1 (S, G) entry
(*, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: WC
UpTime: 00:01:28
Upstream interface: MCAST_Extranet(BLUE)
Upstream neighbor: 1.1.1.1
RPF prime neighbor: 1.1.1.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-sm, UpTime: 00:01:28, Expires: 00:03:01
(10.110.1.2, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:01:28
Upstream interface: MCAST_Extranet(BLUE)
Upstream neighbor: 1.1.1.1
RPF prime neighbor: 1.1.1.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-sm, UpTime: 00:01:28, Expires: 00:03:07
# Run the display multicast routing-table command on PE2 to check information about the
multicast routing table. The following command output shows that the upstream of the RPF
route selected by the multicast routing entry corresponding to group 228.0.0.1 is VPN BLUE.
<PE2> display multicast vpn-instance RED routing-table extranet source-vpn-
instance BLUE
Multicast routing table of VPN-Instance: RED
Total 1 entry ,1 matched
# Run the display multicast rpf-info command on PE2 to check the RPF routing information
of source 10.110.1.2. The following command output shows that the upstream of the RPF
route selected by the multicast routing entry corresponding to group 228.0.0.1 is VPN BLUE.
<PE2> display multicast vpn-instance RED rpf-info 10.110.1.2 228.0.0.1
VPN-Instance: RED
RPF information about source 10.110.1.2 and group 228.0.0.1
RPF interface: MCAST_Extranet
RPF Source VPN-Instance: BLUE
Referenced route/mask: 10.110.1.0/24
Referenced route type: unicast
Route selection rule: preference-preferred
Load splitting rule: disabled
# After the preceding configurations, Receiver can receive multicast data from Source. Run
the display pim routing-table command on CE2 to check information about the PIM routing
table. The following command output shows that multicast data has reached CE2 and
forwarded to Receiver.
<CE2> display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry
(*, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: WC
UpTime: 00:01:31
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 10.110.3.1
RPF prime neighbor: 10.110.3.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: igmp, UpTime: 00:01:31, Expires: -
(10.110.1.2, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:00:08
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 10.110.3.1
RPF prime neighbor: 10.110.3.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-sm, UpTime: 00:00:08, Expires: -
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
router id 1.1.1.1
#
multicast routing-enable
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
ip vpn-instance BLUE
ipv4-family
route-distinguisher 100:1
mpls
#
mpls ldp
#
interface POS1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface POS2/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.1 255.255.255.0
pim sm
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
pim
c-bsr LoopBack1
c-rp LoopBack1
#
return
l Configuration file of PE2
#
sysname PE2
#
router id 3.3.3.3
#
multicast routing-enable
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
ip vpn-instance BLUE
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 239.0.0.0 binding mtunnel 0
multicast-domain switch-group-pool 225.1.1.0 255.255.255.240
ip vpn-instance RED
ipv4-family
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
vpn-target 200:1 100:1 import-extcommunity
multicast routing-enable
multicast extranet select-rpf vpn-instance BLUE group 228.0.0.0
255.255.255.0
multicast-domain share-group 238.0.0.0 binding mtunnel 1
multicast-domain switch-group-pool 226.1.1.0 255.255.255.240
#
interface POS1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip binding vpn-instance RED
ip address 10.110.3.1 255.255.255.0
pim sm
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
pim sm
#
interface MTunnel0
ip binding vpn-instance BLUE
ip address 3.3.3.3 255.255.255.255
#
interface MTunnel1
ip binding vpn-instance RED
ip address 3.3.3.3 255.255.255.255
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance BLUE
import-route direct
import-route ospf 2
#
ipv4-family vpn-instance RED
import-route direct
import-route ospf 2
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 3.3.3.3 0.0.0.0
#
ospf 2 vpn-instance RED
import-route bgp
area 0.0.0.0
network 10.110.3.0 0.0.0.255
#
pim
#
pim vpn-instance BLUE
static-rp 11.11.11.11
#
pim vpn-instance RED
static-rp 11.11.11.11
#
return
l Configuration file of CE1
#
sysname CE1
#
multicast routing-enable
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.110.1.1 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.110.2.1 255.255.255.0
pim sm
#
interface LoopBack1
ip address 11.11.11.11 255.255.255.255
pim sm
#
ospf 2
area 0.0.0.0
network 10.110.1.0 0.0.0.255
network 10.110.2.0 0.0.0.255
network 11.11.11.11 0.0.0.0
#
pim
static-rp 11.11.11.11
#
return
Networking Requirements
In current multicast VPN applications, only VPN sites in the same VPN can transmit
multicast traffic between each other. Inter-VPN multicast traffic transmission, however, is not
supported.
In actual situations, it is common that two enterprises in different VPNs need to communicate
or a service provider needs to provide multicast services for multiple customers but the
service provider and the customers are in different VPNs. Therefore, inter-VPN multicast
service transmission is required so that multicast data from a user in one VPN can reach users
in other VPNs.
On a single-AS MPLS/BGP VPN shown in Figure 7-29, Receiver in VPN RED wants to
receive multicast data from Source in VPN BLUE. Because the receiver PE is a non-Huawei
device, configuring the source VPN instance on the receiver VPN is not allowed. To solve this
problem, you can configure VPN RED on the source PE (PE1) to implement inter-VPN
multicast data transmission. In this manner, Receiver in VPN RED can receive multicast data
from Source in VPN BLUE.
NOTE
In such a scenario, Source and Receiver are in different VPNs. The source VPN and receiver VPN can
be only PIM-SM/Source-Specific Multicast (SSM) networks.
Figure 7-29 Networking for configuring the receiver VPN instance on the source PE in the
remote-cross scenario of multicast VPN extranet
Source
Receiver
VPN
BLUE Loopback1
VPN
GE1/0/0 CE1 RED
GE2/0/0
GE2/0/0
Public
GE1/0/0 GE1/0/0
POS2/0/0
PE1 P CE2
Loopback1 POS1/0/0 POS2/0/0 GE2/0/0
POS1/0/0 PE2
Loopback1
Loopback1
GE 2/0/0 10.110.2.1/24
Loopback1 11.11.11.11/32
Loopback1 1.1.1.1/32
Loopback1 2.2.2.2/32
GE 2/0/0 10.110.3.1/24
Loopback1 3.3.3.3/32
GE 2/0/0 10.110.4.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MPLS functions and MPLS LDP and set up LDP LSPs on the public
network.
2. Configure a unicast routing protocol on the public network and enable the multicast
function, ensuring normal multicast routing on the public network.
3. Configure a VPN instance enabled with the IPv4 address family on each PE; set the
share-group address and address pool range of the switch-group for each VPN instance;
create MTunnel interfaces; bind the interface connecting a PE to a CE to a VPN instance.
4. Configure a unicast routing protocol on the public network and enable the multicast
function in each VPN instance, ensuring normal multicast routing in the VPN instance.
5. Establish a Multiprotocol Internal Border Gateway Protocol (MP-IBGP) peer
relationship between PEs and configure a unicast routing protocol between a PE and a
CE to ensure that the PE and the CE are routable.
6. Configure the VPN instance (VPN RED) enabled with the IPv4 address family on PE1
and bind the VPN instance to an MTunnel interface.
7. Configure Rendezvous Points (RPs) to serve the public network and the multicast groups
running the multicast VPN extranet service separately so that Receiver in VPN RED can
receive multicast data from Source in VPN BLUE.
Data Preparation
To complete the configuration, you need the following data:
l Route Distinguisher (RD) and Router-Target (RT) of VPN BLUE: 100:1
l RD and RT of VPN RED: 200:1
l Share-group address of VPN BLUE: 239.0.0.0
l Address pool range of the switch-group in VPN BLUE: 225.1.1.0 255.255.255.240
l Share-group address of VPN RED: 238.0.0.0
Procedure
Step 1 Configure basic MPLS functions and MPLS LDP and set up LDP LSPs on the public
network.
Configure router IDs and MPLS LSR IDs for PEs and P and enable MPLS and MPLS LDP in
both the system view and the interface view.
# Configure PE1.
<Huawei> system-view
[Huawei] sysname PE1
[PE1] router id 1.1.1.1
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 2/0/0
[PE1-POS2/0/0] mpls
[PE1-POS2/0/0] mpls ldp
[PE1-POS2/0/0] quit
# Configure P.
<Huawei> system-view
[Huawei] sysname P
[P] router id 2.2.2.2
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos 1/0/0
[P-POS1/0/0] mpls
[P-POS1/0/0] mpls ldp
[P-POS1/0/0] quit
[P] interface pos 2/0/0
[P-POS2/0/0] mpls
[P-POS2/0/0] mpls ldp
[P-POS2/0/0] quit
# Configure PE2.
<Huawei> system-view
[Huawei] sysname PE2
[PE2] router id 3.3.3.3
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 1/0/0
[PE2-POS1/0/0] mpls
[PE2-POS1/0/0] mpls ldp
[PE2-POS1/0/0] quit
Step 2 Configure a unicast routing protocol on the public network and enable the multicast function,
ensuring normal multicast routing on the public network.
# Configure OSPF on the public network to ensure that devices on the public network are
routable. Enable the global multicast function and enable the PIM function in the interface
view, ensuring normal running of the public network.
# Configure PE1.
# Configure P.
[P] multicast routing-enable
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] pim sm
[P-LoopBack1] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 192.168.1.2 24
[P-Pos1/0/0] pim sm
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] ip address 192.168.2.1 24
[P-Pos2/0/0] pim sm
[P-Pos2/0/0] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
[PE2] multicast routing-enable
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] pim sm
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 192.168.2.2 24
[PE2-Pos1/0/0] pim sm
[PE2-Pos1/0/0] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
Step 3 Configure a VPN instance enabled with the IPv4 address family on each PE; set the share-
group address and address pool range of the switch-group for each VPN instance; create
MTunnel interfaces; bind the interface connecting a PE to a CE to a VPN instance.
# On PE1, create VPN BLUE enabled with the IPv4 address family. Enable the global
multicast function in VPN BLUE and set the share-group address and address pool range of
the switch-group for VPN BLUE. Bind the share-group address to MTunnel 0 and bind GE
1/0/0 connecting PE1 to CE1 to VPN BLUE.
[PE1] ip vpn-instance BLUE
[PE1-vpn-instance-BLUE] ipv4-family
# On PE2, create VPN RED enabled with the IPv4 address family. Enable the global multicast
function in VPN RED and set the share-group address and address pool range of the switch-
group for VPN RED. Bind the share-group address to MTunnel 1 and bind GE 2/0/0
connecting PE2 to CE2 to VPN RED. Import the routes from VPN BLUE into VPN RED.
[PE2] ip vpn-instance RED
[PE2] ip vpn-instance RED
[PE2-vpn-instance-RED] ipv4-family
[PE2-vpn-instance-RED-af-ipv4] route-distinguisher 200:1
[PE2-vpn-instance-RED-af-ipv4] vpn-target 200:1 both
[PE2-vpn-instance-RED-af-ipv4] vpn-target 100:1 import-extcommunity
[PE2-vpn-instance-RED-af-ipv4] multicast routing-enable
[PE2-vpn-instance-RED-af-ipv4] multicast-domain share-group 238.0.0.0 binding
mtunnel 1
[PE2-vpn-instance-RED-af-ipv4] multicast-domain switch-group-pool 226.1.1.0 28
[PE2-vpn-instance-RED-af-ipv4] quit
[PE2-vpn-instance-RED] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] ip binding vpn-instance RED
[PE2-GigabitEthernet2/0/0] ip address 10.110.3.1 24
[PE2-GigabitEthernet2/0/0] quit
Step 4 Configure a unicast routing protocol on the public network and enable the multicast function
in VPN BLUE and VPN RED separately, ensuring normal multicast routing in the VPN
instances.
# Configure OSPF in VPN BLUE to ensure that devices in VPN BLUE are routable. Enable
the global multicast function and enable the PIM function in the interface view, ensuring
normal running of the multicast network in the VPN instances.
# Configure CE1.
<Huawei> system-view
[Huawei] sysname CE1
[CE1] multicast routing-enable
[CE1] interface loopback 1
[CE1-LoopBack1] ip address 11.11.11.11 32
[CE1-LoopBack1] pim sm
[CE1-LoopBack1] quit
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] ip address 10.110.1.1 24
[CE1-GigabitEthernet1/0/0] pim sm
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface gigabitethernet 2/0/0
[CE1-GigabitEthernet2/0/0] ip address 10.110.2.1 24
[CE1-GigabitEthernet2/0/0] pim sm
[CE1-GigabitEthernet2/0/0] quit
[CE1] ospf 2
[CE1-ospf-2] area 0
[CE1-ospf-2-area-0.0.0.0] network 11.11.11.11 0.0.0.0
[CE1-ospf-2-area-0.0.0.0] network 10.110.1.0 0.0.0.255
[CE1-ospf-2-area-0.0.0.0] network 10.110.2.0 0.0.0.255
[CE1-ospf-2-area-0.0.0.0] quit
[CE1-ospf-2] quit
# Configure CE2.
<Huawei> system-view
[Huawei] sysname CE2
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] ip address 10.110.3.2 24
[CE2-GigabitEthernet1/0/0] pim sm
[CE2-GigabitEthernet1/0/0] quit
[CE2] interface gigabitethernet 2/0/0
[CE2-GigabitEthernet2/0/0] ip address 10.110.4.1 24
[CE2-GigabitEthernet2/0/0] pim sm
[CE2-GigabitEthernet2/0/0] quit
[CE2] ospf 2
[CE2-ospf-2] area 0
[CE2-ospf-2-area-0.0.0.0] network 10.110.3.0 0.0.0.255
[CE2-ospf-2-area-0.0.0.0] network 10.110.4.0 0.0.0.255
[CE2-ospf-2-area-0.0.0.0] quit
[CE2-ospf-2] quit
Step 5 Configure VPN RED enabled with the IPv4 address family on PE1 and bind VPN RED to
MTunnel 1.
# Configure VPN RED enabled with the IPv4 address family on PE1, set the share-group
address and address pool range of the switch-group for VPN RED, and bind the share-group
address to MTunnel 1. Import the routes from VPN BLUE into VPN RED.
[PE1] ip vpn-instance RED
[PE1-vpn-instance-RED] ipv4-family
[PE1-vpn-instance-RED-af-ipv4] route-distinguisher 200:1
[PE1-vpn-instance-RED-af-ipv4] vpn-target 200:1 both
[PE1-vpn-instance-RED-af-ipv4] vpn-target 100:1 import-extcommunity
[PE1-vpn-instance-RED-af-ipv4] multicast routing-enable
[PE1-vpn-instance-RED-af-ipv4] multicast-domain share-group 238.0.0.0 binding
mtunnel 1
[PE1-vpn-instance-RED-af-ipv4] multicast-domain switch-group-pool 226.1.1.0 28
[PE1-vpn-instance-RED-af-ipv4] quit
[PE1-vpn-instance-RED] quit
Step 6 Establish an MP-IBGP peer relationship between PEs; configure a unicast routing protocol
between a PE and a CE to ensure that the PE and the CE are routable.
# Establish an MP-IBGP peer relationship between PE1 and PE2 and configure OSPF
between CE1 and PE1 and between CE2 and PE2 to ensure that PEs and CEs are routable.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.3 as-number 100
[PE1-bgp] peer 3.3.3.3 connect-interface LoopBack 1
[PE1-bgp] ipv4-family vpn-instance BLUE
[PE1-bgp-BLUE] import-route ospf 2
[PE1-bgp-BLUE] import-route direct
[PE1-bgp-BLUE] quit
[PE1-bgp] ipv4-family vpn-instance RED
[PE1-bgp-RED] import-route ospf 2
[PE1-bgp-RED] import-route direct
[PE1-bgp-RED] quit
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.3 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
[PE1] ospf 2 vpn-instance BLUE
[PE1-ospf-2] import-route bgp
[PE1-ospf-2] area 0
[PE1-ospf-2-area-0.0.0.0] network 10.110.2.0 0.0.0.255
[PE1-ospf-2-area-0.0.0.0] quit
[PE1-ospf-2] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.1 as-number 100
[PE2-bgp] peer 1.1.1.1 connect-interface LoopBack 1
[PE2-bgp] ipv4-family vpn-instance RED
[PE2-bgp-RED] import-route ospf 2
[PE2-bgp-RED] import-route direct
[PE2-bgp-RED] quit
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] quit
[PE2] ospf 2 vpn-instance RED
[PE2-ospf-3] import-route bgp
[PE2-ospf-2] area 0
[PE2-ospf-2-area-0.0.0.0] network 10.110.3.0 0.0.0.255
[PE2-ospf-2-area-0.0.0.0] quit
[PE2-ospf-2] quit
# Configure PE2.
[PE2] interface mtunnel 1
[PE2-MTunnel1] ip address 3.3.3.3 32
[PE2-MTunnel1] quit
Step 9 Configure an RP to serve the multicast groups running the multicast VPN extranet service.
# In the PIM view of CE1 and CE2, view of VPN BLUE on PE1, and view of VPN RED on
PE1 and PE2, configure loopback 1 of CE1 as a static RP to serve the multicast groups
running the multicast VPN extranet service.
NOTE
Source VPN instances and receiver VPN instances support only static RPs. In addition, static RPs must
be deployed only in source VPN instances.
# Configure CE1.
[CE1] pim
[CE1-pim] static-rp 11.11.11.11
[CE1-pim] quit
# Configure PE1.
# Configure PE2.
[PE2] pim vpn-instance RED
[PE2-pim-RED] static-rp 11.11.11.11
[PE2-pim-RED] quit
# Configure CE2.
[CE2] pim
[CE2-pim] static-rp 11.11.11.11
[CE2-pim] quit
(*, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: WC
UpTime: 00:01:28
Upstream interface: MCAST_Extranet(BLUE)
Upstream neighbor: 10.110.2.1
RPF prime neighbor: 10.110.2.1
Downstream interface(s) information:
Total number of downstreams: 1
1: MTunnel1
Protocol: pim-sm, UpTime: 00:01:28, Expires: 00:03:01
(10.110.1.2, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:01:28
Upstream interface: MCAST_Extranet(BLUE)
Upstream neighbor: 10.110.2.1
RPF prime neighbor: 10.110.2.1
Downstream interface(s) information:
Total number of downstreams: 1
1: MTunnel1
Protocol: pim-sm, UpTime: 00:01:28, Expires: 00:03:07
# Run the display multicast routing-table command on PE1 to check information about the
multicast routing table. The following command output shows that the upstream of the RPF
route selected by the multicast routing entry corresponding to group 228.0.0.1 is VPN BLUE.
<PE1> display multicast vpn-instance RED routing-table extranet source-vpn-
instance BLUE
Multicast routing table of VPN-Instance: RED
Total 1 entry ,1 matched
# Run the display multicast rpf-info command on PE1 to check the RPF routing information
of source 10.110.1.2. The following command output shows that the upstream of the RPF
route selected by the multicast routing entry corresponding to group 228.0.0.1 is VPN BLUE.
<PE1> display multicast vpn-instance RED rpf-info 10.110.1.2 228.0.0.1
VPN-Instance: RED
RPF information about source 10.110.1.2 and group 228.0.0.1
RPF interface: MCAST_Extranet
RPF Source VPN-Instance: BLUE
Referenced route/mask: 10.110.1.0/24
Referenced route type: unicast
Route selection rule: preference-preferred
Load splitting rule: disabled
# After the preceding configurations, Receiver can receive multicast data from Source. Run
the display pim routing-table command on CE2 to check information about the PIM routing
table. The following command output shows that multicast data has reached CE2 and
forwarded to Receiver.
<CE2> display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry
(*, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: WC
UpTime: 00:01:31
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 10.110.3.1
RPF prime neighbor: 10.110.3.1
Downstream interface(s) information:
Total number of downstreams: 1
1: Serial0/0/1
Protocol: igmp, UpTime: 00:01:31, Expires: -
(10.110.1.2, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:00:08
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 10.110.3.1
RPF prime neighbor: 10.110.3.1
Downstream interface(s) information:
Total number of downstreams: 1
1: Serial0/0/1
Protocol: pim-sm, UpTime: 00:00:08, Expires: -
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
router id 1.1.1.1
#
multicast routing-enable
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
ip vpn-instance BLUE
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 239.0.0.0 binding mtunnel 0
multicast-domain switch-group-pool 225.1.1.0 255.255.255.240
ip vpn-instance RED
ipv4-family
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
vpn-target 200:1 100:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 238.0.0.0 binding mtunnel 1
multicast-domain switch-group-pool 226.1.1.0 255.255.255.240
#
interface GigabitEthernet1/0/0
undo shutdown
ip binding vpn-instance BLUE
ip address 10.110.2.2 255.255.255.0
pim sm
#
interface POS2/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.1 255.255.255.0
pim sm
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
pim sm
#
interface MTunnel0
ip binding vpn-instance BLUE
ip address 1.1.1.1 255.255.255.255
#
interface MTunnel1
ip binding vpn-instance RED
ip address 1.1.1.1 255.255.255.255
#
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
#
ipv4-family vpn-instance BLUE
import-route direct
import-route ospf 2
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 1.1.1.1 0.0.0.0
#
ospf 2 vpn-instance BLUE
import-route bgp
area 0.0.0.0
network 10.110.2.0 0.0.0.255
#
pim
#
pim vpn-instance BLUE
static-rp 11.11.11.11
#
pim vpn-instance RED
static-rp 11.11.11.11
#
return
l Configuration file of P
#
sysname P
#
router id 2.2.2.2
#
multicast routing-enable
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface POS1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface POS2/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.1 255.255.255.0
pim sm
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
pim
c-bsr LoopBack1
c-rp LoopBack1
#
return
l Configuration file of PE2
#
sysname PE2
#
router id 3.3.3.3
#
multicast routing-enable
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
ip vpn-instance RED
ipv4-family
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
vpn-target 200:1 100:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 238.0.0.0 binding mtunnel 1
multicast-domain switch-group-pool 226.1.1.0 255.255.255.240
#
interface POS1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip binding vpn-instance RED
ip address 10.110.3.1 255.255.255.0
pim sm
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
pim sm
#
interface MTunnel1
ip binding vpn-instance RED
ip address 3.3.3.3 255.255.255.255
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance RED
import-route direct
import-route ospf 2
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 3.3.3.3 0.0.0.0
#
ospf 2 vpn-instance RED
import-route bgp
area 0.0.0.0
network 10.110.3.0 0.0.0.255
#
pim
#
pim vpn-instance RED
static-rp 11.11.11.11
#
return
l Configuration file of CE1
#
sysname CE1
#
multicast routing-enable
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.110.1.1 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 10.110.2.1 255.255.255.0
pim sm
#
interface LoopBack1
ip address 11.11.11.11 255.255.255.255
pim sm
#
ospf 2
area 0.0.0.0
network 10.110.1.0 0.0.0.255
network 10.110.2.0 0.0.0.255
network 11.11.11.11 0.0.0.0
#
pim
static-rp 11.11.11.11
#
return
Networking Requirements
In current multicast VPN applications, only VPN sites in the same VPN can transmit
multicast traffic between each other. Inter-VPN multicast traffic transmission, however, is not
supported.
In actual situations, it is common that two enterprises in different VPNs need to communicate
or a service provider needs to provide multicast services for multiple customers but the
service provider and the customers are in different VPNs. Therefore, inter-VPN multicast
service transmission becomes necessary so that multicast data from a user in one VPN can
reach users in other VPNs.
On a single-AS MPLS/BGP VPN shown in Figure 7-30, Receiver in VPN RED wants to
receive multicast data from Source in VPN BLUE. To meet such a requirement, you can
configure multicast VPN extranet to implement inter-VPN multicast data transmission. In this
manner, Receiver in VPN RED can receive multicast data from Source in VPN BLUE.
NOTE
In such a scenario, Source and Receiver are in different VPNs. The source VPN and receiver VPN can
be only PIM-SM/Source-Specific Multicast (SSM) networks.
Figure 7-30 Networking diagram for configuring multicast VPN extranet in the local-cross
scenario
Source
Loopback1
VPN
BLUE
Loopback1 GE2/0/0
PE1 Public
GE1/0/0
POS1/0/0
P CE1
Loopback1 GE2/0/0
POS1/0/0 POS2/0/0
POS1/0/0 PE2
GE3/0/0
Loopback1
GE1/0/0
CE2
GE2/0/0
VPN
RED
Receiver
Loopback1 1.1.1.1/32
Loopback1 2.2.2.2/32
GE 2/0/0 10.110.2.2/24
GE 3/0/0 10.110.3.1/24
Loopback1 3.3.3.3/32
GE 2/0/0 10.110.1.1/24
Loopback1 11.11.11.11/32
GE 2/0/0 10.110.4.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure basic MPLS functions and MPLS LDP and set up LDP LSPs on the public
network.
2. Configure a unicast routing protocol on the public network and enable the multicast
function, ensuring normal multicast routing on the public network.
3. Create VPN instances enabled with the IPv4 address family on PE2; set the share-group
address and address pool range of the switch-groups for each VPN instance; create
MTunnel interfaces; bind the interface connecting a PE to a CE to a VPN instance.
4. Configure a unicast routing protocol on the public network and enable the multicast
function in each VPN instance, ensuring normal multicast routing in the VPN instance.
5. Establish a Multiprotocol Internal Border Gateway Protocol (MP-IBGP) peer
relationship between PEs and configure a unicast routing protocol between a PE and a
CE to ensure that the PE and the CE are routable.
6. On PE2, bind VPN instances to MTunnel interfaces.
7. Configure Rendezvous Points (RPs) to serve the public network and the multicast groups
running the multicast VPN extranet service separately so that Receiver in VPN RED can
receive multicast data from Source in VPN BLUE.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure basic MPLS functions and MPLS LDP and set up LDP LSPs on the public
network.
Configure router IDs and MPLS LSR IDs for PEs and P and enable MPLS and MPLS LDP in
both the system view and the interface view.
# Configure PE1.
<Huawei> system-view
[Huawei] sysname PE1
[PE1] router id 1.1.1.1
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface pos 1/0/0
[PE1-POS1/0/0] mpls
[PE1-POS1/0/0] mpls ldp
[PE1-POS1/0/0] quit
# Configure P.
<Huawei> system-view
[Huawei] sysname P
[P] router id 2.2.2.2
[P] mpls lsr-id 2.2.2.2
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface pos 1/0/0
[P-POS1/0/0] mpls
[P-POS1/0/0] mpls ldp
[P-POS1/0/0] quit
[P] interface pos 2/0/0
[P-POS2/0/0] mpls
[P-POS2/0/0] mpls ldp
[P-POS2/0/0] quit
# Configure PE2.
<Huawei> system-view
[Huawei] sysname PE2
[PE2] router id 3.3.3.3
[PE2] mpls lsr-id 3.3.3.3
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface pos 1/0/0
[PE2-POS1/0/0] mpls
[PE2-POS1/0/0] mpls ldp
[PE2-POS1/0/0] quit
Step 2 Configure a unicast routing protocol on the public network and enable the multicast function,
ensuring normal multicast routing on the public network.
# Configure OSPF on the public network to ensure that devices on the public network are
routable. Enable the global multicast function and enable the PIM function in the interface
view, ensuring normal running of the public network.
# Configure PE1.
[PE1] multicast routing-enable
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] pim sm
[PE1-LoopBack1] quit
[PE1] interface pos 1/0/0
[PE1-Pos2/0/0] ip address 192.168.1.1 24
[PE1-Pos2/0/0] pim sm
[PE1-Pos2/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
[P] multicast routing-enable
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.2 32
[P-LoopBack1] pim sm
[P-LoopBack1] quit
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 192.168.1.2 24
[P-Pos1/0/0] pim sm
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] ip address 192.168.2.1 24
[P-Pos2/0/0] pim sm
[P-Pos2/0/0] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
[PE2] multicast routing-enable
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] pim sm
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 192.168.2.2 24
[PE2-Pos1/0/0] pim sm
[PE2-Pos1/0/0] quit
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
Step 3 Create VPN instances enabled with the IPv4 address family on PE2; set the share-group
address and address pool range of the switch-groups for each VPN instance; create MTunnel
interfaces; bind the interface connecting a PE to a CE to a VPN instance.
# Create VPN BLUE enabled with the IPv4 address family on PE2. Enable the global
multicast function in VPN BLUE and set the share-group address and address pool range of
the switch-group for VPN BLUE. Bind the share-group address to MTunnel 0 and bind GE
2/0/0 connecting PE2 to CE1 to VPN BLUE.
[PE2] ip vpn-instance BLUE
[PE2-vpn-instance-BLUE] ipv4-family
[PE2-vpn-instance-BLUE-af-ipv4] route-distinguisher 100:1
[PE2-vpn-instance-BLUE-af-ipv4] vpn-target 100:1 both
[PE2-vpn-instance-BLUE-af-ipv4] multicast routing-enable
[PE2-vpn-instance-BLUE-af-ipv4] multicast-domain share-group 239.0.0.0 binding
mtunnel 0
[PE2-vpn-instance-BLUE-af-ipv4] multicast-domain switch-group-pool 225.1.1.0 28
[PE2-vpn-instance-BLUE-af-ipv4] quit
[PE2-vpn-instance-BLUE] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] ip binding vpn-instance BLUE
[PE2-GigabitEthernet2/0/0] ip address 10.110.2.2 24
[PE2-GigabitEthernet2/0/0] pim sm
[PE2-GigabitEthernet2/0/0] quit
# Create VPN RED enabled with the IPv4 address family on PE2. Enable the global multicast
function in VPN RED and set the share-group address and address pool range of the switch-
group for VPN RED. Bind the share-group address to MTunnel 0 and bind GE 3/0/0
connecting PE2 to CE2 to VPN RED. Import the routes from VPN BLUE into VPN RED.
[PE2] ip vpn-instance RED
[PE2-vpn-instance-RED] ipv4-family
[PE2-vpn-instance-RED-af-ipv4] route-distinguisher 200:1
[PE2-vpn-instance-RED-af-ipv4] vpn-target 200:1 both
[PE2-vpn-instance-RED-af-ipv4] vpn-target 100:1 import-extcommunity
[PE2-vpn-instance-RED-af-ipv4] multicast routing-enable
[PE2-vpn-instance-RED-af-ipv4] multicast-domain share-group 238.0.0.0 binding
mtunnel 1
[PE2-vpn-instance-RED-af-ipv4] multicast-domain switch-group-pool 226.1.1.0 28
[PE2-vpn-instance-RED-af-ipv4] quit
[PE2-vpn-instance-RED] quit
[PE2] interface gigabitethernet 3/0/0
[PE2-GigabitEthernet3/0/0] ip binding vpn-instance RED
[PE2-GigabitEthernet3/0/0] ip address 10.110.3.1 24
[PE2-GigabitEthernet3/0/0] pim sm
[PE2-GigabitEthernet3/0/0] quit
Step 4 Configure a unicast routing protocol on the public network and enable the multicast function
in VPN BLUE and VPN RED separately, ensuring normal multicast routing in the VPN
instances.
# Configure OSPF in VPN BLUE to ensure that devices in VPN BLUE are routable. Enable
the global multicast function and enable the PIM function in the interface view, ensuring
normal running of the multicast network in VPN BLUE.
# Configure CE1.
<Huawei> system-view
[Huawei] sysname CE1
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] ip address 10.110.2.1 24
[CE1-GigabitEthernet1/0/0] pim sm
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface gigabitethernet 2/0/0
[CE1-GigabitEthernet2/0/0] ip address 10.110.1.1 24
[CE1-GigabitEthernet2/0/0] pim sm
[CE1-GigabitEthernet2/0/0] quit
[CE1] interface loopback 1
[CE1-LoppBack1] ip address 11.11.11.11 32
[CE1-LoppBack1] pim sm
[CE1-LoppBack1] quit
[CE1] ospf 2
[CE1-ospf-2] area 0
[CE1-ospf-2-area-0.0.0.0] network 10.110.1.0 0.0.0.255
[CE1-ospf-2-area-0.0.0.0] network 10.110.2.0 0.0.0.255
[CE1-ospf-2-area-0.0.0.0] network 11.11.11.11 0.0.0.0
[CE1-ospf-2-area-0.0.0.0] quit
[CE1-ospf-2] quit
# Configure CE2.
<Huawei> system-view
[Huawei] sysname CE2
[CE2] interface gigabitethernet 1/0/0
[CE2-GigabitEthernet1/0/0] ip address 10.110.3.2 24
[CE2-GigabitEthernet1/0/0] pim sm
[CE2-GigabitEthernet1/0/0] quit
[CE2] interface gigabitethernet 2/0/0
[CE2-GigabitEthernet2/0/0] ip address 10.110.4.1 24
[CE2-GigabitEthernet2/0/0] pim sm
[CE2-GigabitEthernet2/0/0] quit
[CE2] ospf 3
[CE2-ospf-3] area 0
[CE2-ospf-3-area-0.0.0.0] network 10.110.3.0 0.0.0.255
[CE2-ospf-3-area-0.0.0.0] network 10.110.4.0 0.0.0.255
[CE2-ospf-3-area-0.0.0.0] quit
[CE2-ospf-3] quit
Step 5 Establish an MP-IBGP peer relationship between PEs; configure a unicast routing protocol
between a PE and a CE to ensure that the PE and the CE are routable.
# Establish an MP-IBGP peer relationship between PE1 and PE2 and configure OSPF
between CE1 and PE1 and between CE2 and PE2 to ensure that PEs and CEs are routable.
# Configure PE1.
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.3 as-number 100
[PE1-bgp] peer 3.3.3.3 connect-interface LoopBack 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.3 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.1 as-number 100
[PE2-bgp] peer 1.1.1.1 connect-interface LoopBack 1
[PE2-bgp] ipv4-family vpn-instance BLUE
[PE2-bgp-BLUE] import-route ospf 2
[PE2-bgp-BLUE] import-route direct
[PE2-bgp-BLUE] quit
[PE2-bgp] ipv4-family vpn-instance RED
[PE2-bgp-RED] import-route ospf 3
[PE2-bgp-RED] import-route direct
[PE2-bgp-RED] quit
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.1 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] quit
[PE2] ospf 2 vpn-instance RED
[PE2-ospf-2] import-route bgp
[PE2-ospf-2] area 0.0.0.0
[PE2-ospf-2-area-0.0.0.0] network 10.110.3.0 0.0.0.255
[PE2-ospf-2-area-0.0.0.0] quit
[PE2-ospf-2] quit
[PE2] ospf 3 vpn-instance BLUE
[PE2-ospf-3] import-route bgp
[PE2-ospf-3] area 0.0.0.0
[PE2-ospf-3-area-0.0.0.0] network 10.110.2.0 0.0.0.255
[PE2-ospf-3-area-0.0.0.0] quit
[PE2-ospf-3] quit
# Configure PE2.
[PE2] interface mtunnel 0
[PE2-MTunnel0] ip address 3.3.3.3 32
[PE2-MTunnel0] quit
[PE2] interface mtunnel 1
[PE2-MTunnel1] ip address 3.3.3.3 32
[PE2-MTunnel1] quit
Step 8 Configure an RP to serve the multicast groups running the multicast VPN extranet service.
# In the PIM view of CE1 and CE2 and views of VPN BLUE and VPN RED on PE2,
configure loopback 1 of CE1 as a static RP to serve the multicast groups running the multicast
VPN extranet service.
NOTE
Source VPN instances and receiver VPN instances support only static RPs. In addition, static RPs can be
deployed only in source VPN instances.
# Configure CE1.
[CE1] pim
[CE1-pim] static-rp 11.11.11.11
[CE1-pim] quit
# Configure PE2.
[PE2] pim vpn-instance BLUE
[PE2-pim-BLUE] static-rp 11.11.11.11
[PE2-pim-BLUE] quit
[PE2] pim vpn-instance RED
[PE2-pim-RED] static-rp 11.11.11.11
[PE2-pim-RED] quit
# Configure CE2.
[CE2] pim
[CE2-pim] static-rp 11.11.11.11
[CE2-pim] quit
(*, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: WC
UpTime: 00:00:06
Upstream interface: MCAST_Extranet(BLUE)
Upstream neighbor: 10.110.2.1
RPF prime neighbor: 10.110.2.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet3/0/0
Protocol: pim-sm, UpTime: 00:00:06, Expires: 00:03:24
(10.110.1.2, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: SPT
UpTime: 00:00:06
Upstream interface: MCAST_Extranet(BLUE)
Upstream neighbor: 10.110.2.1
RPF prime neighbor: 10.110.2.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet3/0/0
Protocol: pim-sm, UpTime: 00:00:06, Expires: 00:03:24
# Run the display multicast routing-table command on PE2 to check information about the
multicast routing table. The following command output shows that the upstream of the RPF
route selected by the multicast routing entry corresponding to group 228.0.0.1 is VPN BLUE.
<PE2> display multicast vpn-instance RED routing-table extranet source-vpn-
instance BLUE
Multicast routing table of VPN-Instance: RED
Total 1 entry ,1 matched
# Run the display multicast rpf-info command on PE2 to check the RPF routing information
of source 10.110.1.2. The following command output shows that the upstream of the RPF
route selected by the multicast routing entry corresponding to group 228.0.0.1 is VPN BLUE.
<PE2> display multicast vpn-instance RED rpf-info 10.110.1.2 228.0.0.1
VPN-Instance: RED
RPF information about source 10.110.1.2 and group 228.0.0.1
RPF interface: MCAST_Extranet
RPF Source VPN-Instance: BLUE
Referenced route/mask: 10.110.1.0/24
Referenced route type: unicast
Route selection rule: preference-preferred
Load splitting rule: disabled
# After the preceding configurations, Receiver can receive multicast data from Source. Run
the display pim routing-table command on CE2 to check information about the PIM routing
table. The following command output shows that multicast data has reached CE2 and
forwarded to Receiver.
<CE2> display pim routing-table
VPN-Instance: public net
Total 1 (*, G) entry; 1 (S, G) entry
(*, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: WC
UpTime: 00:00:05
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 10.110.3.1
(10.110.1.2, 228.0.0.1)
RP: 11.11.11.11
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:06:16
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 10.110.3.1
RPF prime neighbor: 10.110.3.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-sm, UpTime: 00:00:05, Expires: -
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
router id 1.1.1.1
#
multicast routing-enable
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 192.168.1.1 255.255.255.0
pim sm
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
pim sm
#
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 1.1.1.1 0.0.0.0
#
pim
#
return
l Configuration file of P
#
sysname P
#
router id 2.2.2.2
#
multicast routing-enable
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface POS1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface POS2/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.1 255.255.255.0
pim sm
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
pim
c-bsr LoopBack1
c-rp LoopBack1
#
return
l Configuration file of PE2
#
sysname PE2
#
router id 3.3.3.3
#
multicast routing-enable
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
ip vpn-instance BLUE
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 239.0.0.0 binding mtunnel 0
multicast-domain switch-group-pool 225.1.1.0 255.255.255.240
ip vpn-instance RED
ipv4-family
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
vpn-target 200:1 100:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 238.1.1.0 binding mtunnel 1
multicast-domain switch-group-pool 226.1.1.0 255.255.255.0
#
interface POS1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.2 255.255.255.0
pim sm
mpls
mpls ldp
#
interface GigabitEthernet2/0/0
undo shutdown
ip binding vpn-instance BLUE
ip address 10.110.2.2 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip binding vpn-instance RED
ip address 10.110.3.1 255.255.255.0
pim sm
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
pim sm
#
interface MTunnel0
ip binding vpn-instance BLUE
ip address 3.3.3.3 255.255.255.255
#
interface MTunnel1
ip binding vpn-instance RED
ip address 3.3.3.3 255.255.255.255
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance BLUE
import-route direct
import-route ospf 3
#
ipv4-family vpn-instance RED
import-route direct
import-route ospf 2
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 3.3.3.3 0.0.0.0
#
ospf 2 vpn-instance RED
import-route bgp
area 0.0.0.0
network 10.110.3.0 0.0.0.255
#
ospf 3 vpn-instance BLUE
import-route bgp
area 0.0.0.0
Networking Requirements
In current multicast VPN applications, only VPN sites in the same VPN can transmit
multicast traffic between each other. Inter-VPN multicast traffic transmission, however, is not
supported.
In actual situations, it is common that two enterprises in different VPNs need to communicate
or a service provider needs to provide multicast services for multiple customers but the
service provider and the customers are in different VPNs. Therefore, inter-VPN multicast
service transmission becomes necessary so that multicast data from a user in one VPN can
reach users in other VPNs.
In a multicast network shown in Figure 7-31, Receiver in VPN RED wants to receive
multicast data from Source on the public network. To meet such a requirement, you can
deploy a multicast routing policy on the network so that Receiver in VPN RED can receive
multicast data from Source in the public network.
NOTE
In such a scenario, Source is on the public network whereas Receiver is in a VPN. The public network
and receiver VPN can be only PIM-SM/Source-Specific Multicast (SSM) networks.
Figure 7-31 Networking diagram for configuring multicast VPN extranet in the scenario
where the multicast source is on the public network
Loopback1
PE1 GE2/0/0 Public
POS1/0/0
P
Loopback1
POS1/0/0 POS2/0/0
POS1/0/0 GE2/0/0
PE2
CE1
GE1/0/0
GE2/0/0
VPN
RED
Receiver
GE 2/0/0 192.168.3.1/24
Loopback1 1.1.1.1/32
GE2/0/0 10.110.3.1/24
Loopback1 3.3.3.3/32
GE 2/0/0 10.110.4.1/24
Configuration Roadmap
The configuration roadmap is as follows:
1. Configure a unicast routing protocol on the public network and enable the multicast
function, ensuring normal multicast routing on the public network.
2. Configure a VPN instance (VPN RED) enabled with the IPv4 address family on PE2; set
the share-group address and address pool range of the switch-group for the VPN
instance; create an MTunnel interface; bind the interface connecting PE2 to a CE1 to the
VPN instance.
3. Configure a unicast routing protocol on the public network and enable the multicast
function in the VPN instance, ensuring normal multicast routing in the VPN instance.
4. Configure a unicast routing protocol between a PE and a CE to ensure that the PE and
the CE are routable.
5. On PE2, bind the VPN instance to an MTunnel interface.
6. Configure a Rendezvous Point (RP) to serve the multicast groups running the multicast
VPN extranet service so that Receiver in VPN RED can receive multicast data from
Source on the public network.
7. Configure static routes between the VPN instance and Source and between the VPN
instance and RP on the public network.
Data Preparation
To complete the configuration, you need the following data:
Procedure
Step 1 Configure a unicast routing protocol on the public network and enable the multicast function,
ensuring normal multicast routing on the public network.
# Configure OSPF on the public network to ensure that devices on the public network are
routable. Enable the global multicast function and enable the PIM function in the interface
view, ensuring normal running of the public network.
# Configure PE1.
[PE1] multicast routing-enable
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] pim sm
[PE1-LoopBack1] quit
[PE1] interface pos 1/0/0
[PE1-Pos1/0/0] ip address 192.168.1.1 24
[PE1-Pos1/0/0] pim sm
[PE1-Pos1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] ip address 192.168.3.1 24
[PE1-GigabitEthernet2/0/0] pim sm
[PE1-GigabitEthernet2/0/0] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 192.168.3.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# Configure P.
[P] multicast routing-enable
[P] interface pos 1/0/0
[P-Pos1/0/0] ip address 192.168.1.2 24
[P-Pos1/0/0] pim sm
[P-Pos1/0/0] quit
[P] interface pos 2/0/0
[P-Pos2/0/0] ip address 192.168.2.1 24
[P-Pos2/0/0] pim sm
[P-Pos2/0/0] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# Configure PE2.
[PE2] multicast routing-enable
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.3 32
[PE2-LoopBack1] pim sm
[PE2-LoopBack1] quit
[PE2] interface pos 1/0/0
[PE2-Pos1/0/0] ip address 192.168.2.2 24
[PE2-Pos1/0/0] pim sm
[PE2-Pos1/0/0] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
Step 2 Configure a VPN instance enabled with the IPv4 address family on PE2; set the share-group
address and address pool range of the switch-group for the VPN instance; create an MTunnel
interface; bind the interface connecting PE2 to the CE1 to the VPN instance.
# Create VPN RED enabled with the IPv4 address family on PE2. Enable the global multicast
function in VPN RED and set the share-group address and address pool range of the switch-
group for VPN RED. Bind the share-group address to MTunnel 0 and bind GE 2/0/0
connecting PE2 to CE1 to VPN RED.
[PE2] ip vpn-instance RED
[PE2-vpn-instance-RED] ipv4-family
[PE2-vpn-instance-RED-af-ipv4] route-distinguisher 200:1
[PE2-vpn-instance-RED-af-ipv4] vpn-target 200:1 both
[PE2-vpn-instance-RED-af-ipv4] multicast routing-enable
[PE2-vpn-instance-RED-af-ipv4] multicast-domain share-group 238.0.0.0 binding
mtunnel 1
[PE2-vpn-instance-RED-af-ipv4] multicast-domain switch-group-pool 226.1.1.0 28
[PE2-vpn-instance-RED-af-ipv4] quit
[PE2-vpn-instance-RED] quit
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] ip binding vpn-instance RED
[PE2-GigabitEthernet2/0/0] ip address 10.110.3.1 24
[PE2-GigabitEthernet2/0/0] pim sm
[PE2-GigabitEthernet2/0/0] quit
Step 3 Configure a unicast routing protocol on the public network and enable the multicast function
in VPN RED, ensuring normal multicast routing.
# Configure OSPF in VPN RED to ensure that devices in VPN RED are routable. Enable the
global multicast function and enable the PIM function in the interface view, ensuring normal
running of the multicast network in VPN RED.
# Configure PE2.
[PE2] ospf 2 vpn-instance RED
[PE2-ospf-2] import-route direct
[PE2-ospf-2] import-route static
[PE2-ospf-2] area 0
[PE2-ospf-2-area-0.0.0.0] network 10.110.3.0 0.0.0.255
[PE2-ospf-2-area-0.0.0.0] quit
[PE2-ospf-2] quit
# Configure CE1.
<Huawei> system-view
[Huawei] sysname CE1
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] ip address 10.110.3.2 24
[CE1-GigabitEthernet1/0/0] pim sm
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface gigabitethernet 2/0/0
[CE1-GigabitEthernet2/0/0] ip address 10.110.4.1 24
[CE1-GigabitEthernet2/0/0] pim sm
[CE1-GigabitEthernet2/0/0] quit
[CE1] ospf 2
[CE1-ospf-2] area 0
[CE1-ospf-2-area-0.0.0.0] network 10.110.3.0 0.0.0.255
[CE1-ospf-2-area-0.0.0.0] network 10.110.4.0 0.0.0.255
[CE1-ospf-2-area-0.0.0.0] quit
[CE1-ospf-2] quit
Step 5 Configure an RP to serve the multicast groups running the multicast VPN extranet service.
In the PIM view of PE1, P, PE2, and CE2 and the view of VPN RED on PE2, configure
loopback 1 of PE1 as a static RP to serve the multicast groups running the multicast VPN
extranet service.
NOTE
Source VPN instances and receiver VPN instances support only static RPs. In addition, static RPs can be
deployed only in source VPN instances.
# Configure PE1.
[PE1] pim
[PE1-pim] static-rp 1.1.1.1
[PE1-pim] quit
# Configure P.
[P] pim
[P-pim] static-rp 1.1.1.1
[P-pim] quit
# Configure PE2.
[PE2] pim
[PE2-pim] static-rp 1.1.1.1
[PE2-pim] quit
[PE2] pim vpn-instance RED
[PE2-pim-RED] static-rp 1.1.1.1
[PE2-pim-RED] quit
# Configure CE1.
[CE1] pim
[CE1-pim] static-rp 1.1.1.1
[CE1-pim] quit
Step 6 Configure static routes between VPN RED and Source and between VPN RED and the RP on
the public network.
On PE2 and CE1, configure static routes between Source and the RP on the public network.
# Configure PE2.
[PE2] ip route-static vpn-instance RED 192.168.3.2 24 192.168.2.1 public
[PE2] ip route-static vpn-instance RED 1.1.1.1 32 192.168.2.1 public
# Configure CE1.
[CE1] ip route-static 192.168.3.2 24 gigabitethernet1/0/0
[CE1] ip route-static 1.1.1.1 255.255.255.255 gigabitethernet1/0/0 10.110.3.1
(*, 228.0.0.1)
RP: 1.1.1.1
Protocol: pim-sm, Flag: WC
UpTime: 00:01:00
Upstream interface: MCAST_Extranet(public net)
Upstream neighbor: 192.168.2.1
RPF prime neighbor: 192.168.2.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-sm, UpTime: 00:01:00, Expires: 00:03:30
(192.168.3.2, 228.0.0.1)
RP: 1.1.1.1
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:00:26
Upstream interface: MCAST_Extranet(public net)
Upstream neighbor: 192.168.2.1
RPF prime neighbor: 192.168.2.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-sm, UpTime: 00:00:26, Expires: 00:03:05
# Run the display multicast routing-table command on PE2 to check information about the
multicast routing table. The following command output shows that the upstream of the RPF
route selected by the multicast routing entry corresponding to group 228.0.0.1 is the public
network instance.
<PE2> display multicast vpn-instance RED routing-table extranet source-vpn-
instance public
Multicast routing table of VPN-Instance: RED
Total 1 entry ,1 matched
# Run the display multicast rpf-info command on PE2 to check the RPF routing information
of source 192.168.3.2. The following command output shows that the upstream of the RPF
route selected by the multicast routing entry corresponding to group 228.0.0.1 is the public
network instance.
<PE2> display multicast vpn-instance RED rpf-info 192.168.3.2 228.0.0.1
VPN-Instance: RED
RPF information about source 192.168.3.2 and group 228.0.0.1
RPF interface: MCAST_Extranet
RPF Source VPN-Instance: public net
Referenced route/mask: 192.168.3.0/24
Referenced route type: unicast
Route selection rule: preference-preferred
Load splitting rule: disabled
# After the preceding configurations, Receiver can receive multicast data from Source. Run
the display pim routing-table command on CE1 to check information about the PIM routing
table. The following command output shows that multicast data has reached CE1 and
forwarded to Receiver.
<CE1> display pim routing-table
(*, 228.0.0.1)
RP: 1.1.1.1
Protocol: pim-sm, Flag: WC
UpTime: 00:00:06
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 10.110.3.1
RPF prime neighbor: 10.110.3.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: igmp, UpTime: 00:00:06, Expires: -
(192.168.3.2, 228.0.0.1)
RP: 1.1.1.1
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:07:51
Upstream interface: GigabitEthernet1/0/0
Upstream neighbor: 10.110.3.1
RPF prime neighbor: 10.110.3.1
Downstream interface(s) information:
Total number of downstreams: 1
1: GigabitEthernet2/0/0
Protocol: pim-sm, UpTime: 00:00:06, Expires: -
----End
Configuration Files
l Configuration file of PE1
#
sysname PE1
#
multicast routing-enable
#
interface POS1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.1 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip address 192.168.3.1 255.255.255.0
pim sm
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
pim sm
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.3.0 0.0.0.255
network 1.1.1.1 0.0.0.0
#
pim
static-rp 1.1.1.1
#
return
l Configuration file of P
#
sysname P
#
multicast routing-enable
#
interface POS1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.1.2 255.255.255.0
pim sm
#
interface POS2/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.1 255.255.255.0
pim sm
#
ospf 1
area 0.0.0.0
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
pim
static-rp 1.1.1.1
#
return
l Configuration file of PE2
#
sysname PE2
#
multicast routing-enable
#
ip vpn-instance RED
ipv4-family
route-distinguisher 300:1
vpn-target 300:1 export-extcommunity
vpn-target 300:1 import-extcommunity
multicast routing-enable
multicast-domain share-group 238.0.0.0 binding mtunnel 1
multicast-domain switch-group-pool 226.1.1.0 255.255.255.240
#
interface POS1/0/0
link-protocol ppp
undo shutdown
ip address 192.168.2.2 255.255.255.0
pim sm
#
interface GigabitEthernet2/0/0
undo shutdown
ip binding vpn-instance RED
ip address 10.110.3.1 255.255.255.0
pim sm
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
pim sm
#
interface MTunnel1
ip binding vpn-instance RED
ip address 3.3.3.3 255.255.255.0
#
ospf 1
area 0.0.0.0
network 192.168.2.0 0.0.0.255
network 3.3.3.3 0.0.0.0
#
ospf 2 vpn-instance RED
import-route direct
import-route static
area 0.0.0.0
network 10.110.3.0 0.0.0.255
#
pim
static-rp 1.1.1.1
#
pim vpn-instance RED
static-rp 1.1.1.1
#
ip route-static vpn-instance RED 1.1.1.1 255.255.255.255 192.168.2.1 public
ip route-static vpn-instance RED 192.168.3.0 255.255.255.0 192.168.2.1 public
#
return