Downloads |
WHITE PAPER
OVERVIEW
Multi-VRF Customer Edge (VRF-Lite) enables Multiple VPN routing instances on Customer Edge devices and supports Cisco IOS® IP Multicast. Since Multicast has become an integral part of many networks, it is critical that Cisco IOS Technologies support it.
CONFIGURATION PROCESS
Once the unicast setup is complete, follow these steps to configure Multi-VRF and IP Multicast between the VPN provider and the customer.
Enable IP Multicast over VPN (Service Providers)
1. Enable Multicast on the Provider and Provider Edge routers and interfaces
2. Enable VRFs for Multicast by assigning them default Multicast Diagnostic
Toolset (MDT) groups and optionally data MDT groups
Toolset (MDT) groups and optionally data MDT groups
Configure Multi-VRF to support IP Multicast (Customers)
3. Enable individual VRFs on the Multi-VRF Customer Edges for IP Multicast
4. Configure Rendezvous Points using either static Auto-Rendezvous Point or Boot Strap Router (BSR) within each VRF on the Provider Edge/Multi-VRF Customer Edge routers. When using Auto-Rendezvous Point, make sure all the participating interfaces are sparse-dense.
The Customer Edge portion of the configuration process illustrates that no special configuration is required to enable IP Multicast with Multi VRF. The configuration is VRF-specific.
Figure 1
Multi-VRF Topology
Figure 1 illustrates Multi-VRF deployment for a customer who requires two separate VPNs for its operations: finance (yellow) and engineering (red). This customer also has a VPN service from Provider and two sites connected to both VPNs.
A single physical interface uses sub-interfaces to carry per-VPN traffic between the Customer Edge and Provider Edge. Each VPN could also be assigned its own physical interface between the Customer Edge and Provider Edge; however, this option is more expensive.
The Multi-VRF Customer Edge provides the capability of supporting multiple VRFs on the Customer Edge.
Customer Edge1 and Customer Edge2 each support VPNs, Finance, and Engineering. Also, assume that the Rendezvous Point for Finance is Customer Edge2, and the Rendezvous Point for Engineering is Customer Edge1.
Following are the configurations that enable IP Multicast on Customer Edge1 and Customer Edge2:
Customer Edge1
ip multicast-routing vrf FINANCE
ip multicast-routing vrf ENG
! FINANCE is sub-intf 2
int Ethernet0/0.2
descr Sub-interface to PE for the ENG VPN
ip pim sparse-dense
!
! ENG is sub-intf 3
int Ethernet0/0.3
descr Sub-interface to PE for the FINANCE VPN
ip pim sparse-dense
!
ip pim vrf FINANCE rp-address <x.x.x.x>
ip pim vrf ENG rp-address <x.x.x.x>
CONFIGURATION EXAMPLES
Complete Configuration from the network described above.
In the following configurations, the provider uses a default MDT over Source Specific Multicast (SSM) with a default SSM address. In the Customer Edge VRF the group range 228.0.0.0 is being used by both VRFs independently from each other. Static Rendezvous Points for Protocol Independent Multicast sparse mode (PIM SM) have been used this time; however, any PIM Mode is supported within the VRF.
Customer Edge1
hostname CE1
!
ip cef
ip vrf ENG
rd 200:200
!
ip vrf FINANCE
rd 300:300
!
ip multicast-routing vrf ENG
ip multicast-routing vrf FINANCE
!
interface Loopback1
ip vrf forwarding ENG
ip address 200.10.100.1 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Loopback2
ip vrf forwarding FINANCE
ip address 210.10.100.1 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet0/0
description Link between routers CE1 PE1
no ip address
no ip directed-broadcast
no cdp enable
!
interface Ethernet0/0.2
encapsulation dot1Q 2
ip vrf forwarding ENG
ip address 200.10.10.4 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet0/0.3
encapsulation dot1Q 3
ip vrf forwarding FINANCE
ip address 210.10.10.4 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
router rip
version 2
!
address-family ipv4 vrf FINANCE
version 2
network 210.10.10.0
network 210.10.100.0
no auto-summary
exit-address-family
!
address-family ipv4 vrf ENG
version 2
network 200.10.10.0
network 200.10.100.0
no auto-summary
exit-address-family
!
ip classless
!
ip pim vrf ENG rp-address 200.20.20.5 50
ip pim vrf FINANCE rp-address 210.10.10.4 50
!
access-list 50 permit 228.0.0.0 0.255.255.255
!
end
Provider Edge1
hostname PE1
!
ip cef
ip vrf ENG
rd 200:200
route-target export 200:200
route-target import 200:200
mdt default 232.1.1.1
!
ip vrf FINANCE
rd 300:300
route-target export 300:300
route-target import 300:300
mdt default 232.2.2.2
!
ip multicast-routing
ip multicast-routing vrf ENG
ip multicast-routing vrf FINANCE
!
interface Loopback0
ip address 205.1.0.1 255.255.255.255
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet0/0
description Link between routers CE1 PE1
no ip address
no ip directed-broadcast
ip pim sparse-dense-mode
no cdp enable
!
interface Ethernet0/0.2
encapsulation dot1Q 2
ip vrf forwarding ENG
ip address 200.10.10.1 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet0/0.3
encapsulation dot1Q 3
ip vrf forwarding FINANCE
ip address 210.10.10.1 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet1/0
description Link between routers PE1 P
ip address 10.10.10.1 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
tag-switching ip
no cdp enable
!
router ospf 200
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
network 205.1.0.1 0.0.0.0 area 0
!
router rip
version 2
!
address-family ipv4 vrf FINANCE
version 2
redistribute bgp 200 metric 10
network 210.10.10.0
no auto-summary
exit-address-family
!
address-family ipv4 vrf ENG
version 2
redistribute bgp 200 metric 10
network 200.10.10.0
no auto-summary
exit-address-family
!
router bgp 200
bgp log-neighbor-changes
neighbor 205.2.0.2 remote-as 200
neighbor 205.2.0.2 update-source Loopback0
!
address-family ipv4
neighbor 205.2.0.2 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 205.2.0.2 activate
neighbor 205.2.0.2 send-community extended
exit-address-family
!
address-family ipv4 vrf FINANCE
redistribute rip metric 50
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf ENG
redistribute rip metric 50
no auto-summary
no synchronization
exit-address-family
!
ip classless
!
ip pim ssm default
ip pim vrf ENG rp-address 200.20.20.5 50
ip pim vrf FINANCE rp-address 210.10.10.4 50
!
access-list 50 permit 228.0.0.0 0.255.255.255
!
end
Provider
hostname P
!
ip cef
ip multicast-routing
!
interface Ethernet1/0
description Link between routers PE1 P
ip address 10.10.10.3 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
tag-switching ip
no cdp enable
!
interface Ethernet2/0
description Link between routers P PE2
ip address 10.10.20.3 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
tag-switching ip
no cdp enable
!
router ospf 200
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
network 10.10.20.0 0.0.0.255 area 0
!
ip classless
!
ip pim ssm default
!
end
Provider Edge2
hostname PE2
!
ip cef
ip vrf ENG
rd 200:200
route-target export 200:200
route-target import 200:200
mdt default 232.1.1.1
!
ip vrf FINANCE
rd 300:300
route-target export 300:300
route-target import 300:300
mdt default 232.2.2.2
!
ip multicast-routing
ip multicast-routing vrf ENG
ip multicast-routing vrf FINANCE
!
interface Loopback0
ip address 205.2.0.2 255.255.255.255
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet2/0
description Link between routers P PE2
ip address 10.10.20.2 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
tag-switching ip
no cdp enable
!
interface Ethernet3/0
description Link between routers PE2 CE2
no ip address
no ip directed-broadcast
no cdp enable
!
interface Ethernet3/0.2
encapsulation dot1Q 2
ip vrf forwarding ENG
ip address 200.20.20.2 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
interface Ethernet3/0.3
encapsulation dot1Q 3
ip vrf forwarding FINANCE
ip address 210.20.20.2 255.255.255.0
no ip directed-broadcast
ip pim sparse-dense-mode
!
router ospf 200
log-adjacency-changes
network 10.10.20.0 0.0.0.255 area 0
network 205.2.0.2 0.0.0.0 area 0
!
router rip
version 2
!
address-family ipv4 vrf FINANCE
version 2
redistribute bgp 200 metric 10
network 210.20.20.0
no auto-summary
exit-address-family
!
address-family ipv4 vrf ENG
version 2
redistribute bgp 200 metric 10
network 200.20.20.0
no auto-summary
exit-address-family
!
router bgp 200
bgp log-neighbor-changes
neighbor 205.1.0.1 remote-as 200
neighbor 205.1.0.1 update-source Loopback0
!
address-family ipv4
neighbor 205.1.0.1 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 205.1.0.1 activate
neighbor 205.1.0.1 send-community extended
exit-address-family
!
address-family ipv4 vrf FINANCE
redistribute rip metric 50
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf ENG
redistribute rip metric 50
no auto-summary
no synchronization
exit-address-family
!
ip classless
!
ip pim ssm default
ip pim vrf ENG rp-address 200.20.20.5 50
ip pim vrf FINANCE rp-address 210.10.10.4 50
!
access-list 50 permit 228.0.0.0 0.255.255.255
!
end
Customer Edge2
hostname CE2
!
ip cef