Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

Configuring MVPNs

MVPNs are configured on PE routers in an MPLS VPN backbone. In addition, PIM must be enabled on CE and P routers. This section discusses the configuration of CE, PE, and P routers to enable MPVN in the MPLS VPN backbone.

Configuring the CE Router

MVPN supports the configuration of PIM within customer sites. PIM must be enabled on the CE interface connected to the MVPN-enabled PE router.

Example 6-23 shows the configuration of PIM on the PE router connected interface of the CE router.

Example 6-23 Configuration of PIM on CE Router Interfaces

interface Serial0
 ip pim sparse-dense-mode

In this example, the ip pim sparse-dense-mode command is used to enable PIM sparse-dense mode on the interface connected to the PE router (serial 0, in this case).

Configuring the Backbone (P Routers)

PIM must be configured on P routers within the MPLS VPN backbone. PIM configuration can be flexible, but PIM dense mode is not supported.

The service provider backbone may, for example, be configured for PIM Sparse-Mode (PIM-SM) or PIM Source Specific Multicast (PIM-SSM). If PIM-SSM is configured, then a rendezvous point (RP) is not required.

Because PIM can be configured in a variety of ways within the provider backbone, no particular configuration is given here.

Configuring the PE Router

The five basic steps in the configuration of the PE router are as follows:

Step 1

Globally enable multicasting and MVRFs.

Step 2

Configure PIM on the BGP update source interface.

Step 3

Configure default and (optionally) data MDTs.

Step 4

Configure PIM on the core interfaces.

Step 5

Configure PIM on the VRF interface.


The following sections detail each step.

Step 1: Globally Enable Multicasting and MVRFs

Multicasting must be enabled globally and for MVRFs.

Example 6-24 shows the configuration of global multicasting and MVRFs.

Example 6-24 MVRF Configuration

ip multicast-routing [distributed]
ip multicast-routing vrf mjlnet_VPN [distributed]

The command ip multicast-routing [distributed] is used to globally enable multicast on the PE router.

The following command, ip multicast-routing vrf vrf_name [distributed], is then used to enable multicast for a VRF. In this case, multicast is enabled for VRF mjlnet_VPN.

Note that the distributed keyword enables support for Multicast Distributed Switching (MDS). This feature is available on the Cisco 7500 and 12000 series routers.

Step 2: Configure Default and (Optionally) Data MDTs

The next step is to configure the default and data MDTs.

Example 6-25 shows the configuration of default and data MDTs.

Example 6-25 Configuration of the Default and Data MDTs

ip vrf mjlnet_VPN
 mdt default 239.0.0.1
 mdt data 239.0.1.0 0.0.0.7 threshold 50 list 101
!
access-list 101 permit ip any 233.253.233.0 0.0.0.255

The ip vrf vrf_name command is used to begin VRF configuration. The default MDT group is then configured using the mdt default group_address command. In this example, the group address 239.0.0.1 is used.

Note that the group address for the default MDT must be the same on all PE routers for the same VPN. Also, each VPN must have a unique group address for the default MDT.

The command mdt data group_address wildcard_bits [threshold threshold_value] [list access-list] is then used to configure the data MDT groups.

In this case, a pool of eight group address (239.0.1.0 to 239.0.1.7) is configured for data MDTs.

A threshold of 50 kbps is specified for those multicast groups that match access list 101 (233.253.233.0 to 233.253.233.255). This means that a data MDT will be dynamically created whenever multicast traffic matching access list 101 exceeds the 50-kbps threshold. When configuring data MDTs, the threshold and list parameters are optional.

Step 3: Configure PIM on the BGP Update Source Interface

The next step is the configuration of PIM on the BGP update source. Example 6-26 shows the configuration of PIM on the BGP update source interface.

Example 6-26 Configuration of PIM on the BGP Update Source Loopback Interface

interface Loopback0
 ip pim sparse-dense-mode

The ip pim sparse-dense-mode command is used to enable PIM sparse-dense mode on the BGP update source (in this case, interface loopback 0).

Make sure that only one MP-BGP update source is used on each PE router. If more than one is used, this can break MVPN.

Also ensure that ip mroute-cache [distributed] is configured on the loopback interface. Again, the distributed keyword enables support for MDS.

Step 4: Configure PIM on the Core Interfaces

Next, you should configure PIM on core interfaces.

Example 6-27 shows the configuration of PIM on the core interfaces.

Example 6-27 Configure PIM on Core Interfaces

interface FastEthernet1/0
 ip pim sparse-dense-mode

The ip pim sparse-dense-mode command is used to enable PIM sparse-dense mode on the core interface (in this case, interface Fast Ethernet 1/0).

Step 5: Configure PIM on the VRF Interfaces

Finally, you should configure PIM on the VRF interfaces.

Example 6-28 shows the configuration of PIM on the VRF interfaces.

Example 6-28 Configuration of PIM on the VRF Interfaces

interface Serial4/1
 ip pim sparse-dense-mode

The ip pim sparse-dense-mode command is used to enable PIM sparse-dense mode on the VRF interface (in this case, interface serial 4/1).

  • + Share This
  • 🔖 Save To Your Account