Inter-VRF Multicast without unicast Inter-VRF route leaking

-

INTRODUCTION

ON ASR1000, an IOS-XE device we will forward multicast stream coming from a source in VRF 'source' and going towards users in VRF 'receiver' without doing unicast inter-VRF route leaking 


TOPOLOGY




CONFIGURATION

Generating UDP multicast stream on the source. 

Source#

ip sla 1

 udp-echo 239.1.1.1 2000 source-ip 10.1.1.1

ip sla schedule 1 life forever start-time now


Receiver is configured with IGMP and sending IGMP membership report. 


ASR1000 router is doing the inter-vrf multicast traffic forwarding. Loopback 1 in VRF 'source' is the RP for both the VRFs. 

ASR1000#


ip vrf source

 rd 1:1

!

ip vrf receiver

 rd 2:2

!

ip multicast-routing vrf source distributed

ip multicast-routing vrf receiver distributed


ip pim vrf source rp-address 1.1.1.1

ip pim vrf receiver rp-address 1.1.1.1


interface Loopback1

 ip vrf forwarding source

 ip address 1.1.1.1 255.255.255.255

 ip pim sparse-mode


interface GigabitEthernet0/0/0

 ip vrf forwarding source

 ip address 10.1.1.2 255.255.255.0

 ip pim sparse-mode


interface GigabitEthernet0/0/1

 ip vrf forwarding receiver

 ip address 20.1.1.2 255.255.255.0

 ip pim sparse-mode


(S,G) is set with P flag. 


ASR1002-1#show ip mroute vrf source

IP Multicast Routing Table

Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,

       L - Local, P - Pruned, R - RP-bit set, F - Register flag,

       T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,

       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,

       U - URD, I - Received Source Specific Host Report,

       Z - Multicast Tunnel, z - MDT-data group sender,

       Y - Joined MDT-data group, y - Sending to MDT-data group,

       G - Received BGP C-Mroute, g - Sent BGP C-Mroute,

       N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,

       Q - Received BGP S-A Route, q - Sent BGP S-A Route,

       V - RD & Vector, v - Vector, p - PIM Joins on route,

       x - VxLAN group, c - PFP-SA cache created entry,

       * - determined by Assert

Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join

 Timers: Uptime/Expires

 Interface state: Interface, Next-Hop or VCD, State/Mode


(*, 239.1.1.1), 00:05:01/stopped, RP 1.1.1.1, flags: SPF

  Incoming interface: Null, RPF nbr 0.0.0.0

  Outgoing interface list: Null


(10.1.1.1, 239.1.1.1), 00:05:01/00:02:26, flags: PFT

  Incoming interface: GigabitEthernet0/0/0, RPF nbr 0.0.0.0

  Outgoing interface list: Null


(*, 224.0.1.40), 00:07:03/00:02:59, RP 1.1.1.1, flags: SJCL

  Incoming interface: Null, RPF nbr 0.0.0.0

  Outgoing interface list:

    Loopback1, Forward/Sparse, 00:07:01/00:02:59



To fix this, we need to do VRF select so as to pass the RPF check. 

ip access-list standard 1

 permit 239.1.1.1 log

 exit

ip multicast vrf receiver rpf select vrf source group-list 1


After performing the above, the Multicast feed can be seen on the receiver. 

Receiver#show flow monitor test cache format table

  Cache type:                               Normal (Platform cache)

  Cache size:                               200000

  Current entries:                               1

  High Watermark:                                3


  Flows added:                                  50

  Flows aged:                                   49

    - Inactive timeout    (    15 secs)         49


IPV4 SRC ADDR    IPV4 DST ADDR    TRNS SRC PORT  TRNS DST PORT  INTF INPUT            FLOW SAMPLER ID  IP TOS  IP PROT  ip src as  ip dst as  ipv4 next hop addr  ipv4 src mask  ipv4 dst mask  tcp flags  intf output                bytes        pkts    time first     time last

===============  ===============  =============  =============  ====================  ===============  ======  =======  =========  =========  ==================  =============  =============  =========  ====================  ==========  ==========  ============  ============

10.1.1.1         239.1.1.1                57314           1967  Gi0/0/3                             0  0x00         17          0          0  0.0.0.0                        /0             /0  0x00       Null                          80           1  11:09:08.082  11:09:08.082


Packet Capture on the receiver 




Verification on ASR1000

(S,G) entry is formed in the vrf receiver. 

ASR1002-1#show ip mroute vrf receiver 239.1.1.1
<>
(*, 239.1.1.1), 00:21:36/stopped, RP 1.1.1.1, flags: SJC
  Incoming interface: Loopback1, RPF nbr 1.1.1.1, using vrf source
  Outgoing interface list:
    GigabitEthernet0/0/1, Forward/Sparse, 00:21:36/00:02:43

(10.1.1.1, 239.1.1.1), 00:03:55/stopped, flags: T
  Incoming interface: GigabitEthernet0/0/0, RPF nbr 0.0.0.0, using vrf source
  Outgoing interface list:
    GigabitEthernet0/0/1, Forward/Sparse, 00:03:55/00:02:43


ASR1002-1#show ip mroute vrf source 239.1.1.1
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group,
       G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
       N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
       Q - Received BGP S-A Route, q - Sent BGP S-A Route,
       V - RD & Vector, v - Vector, p - PIM Joins on route,
       x - VxLAN group, c - PFP-SA cache created entry,
       * - determined by Assert
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 239.1.1.1), 00:22:36/stopped, RP 1.1.1.1, flags: SJCFE
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list: Null

  Extranet receivers in vrf receiver:
(*, 239.1.1.1), 00:21:54/stopped, RP 1.1.1.1, OIF count: 1, flags: SJC

(10.1.1.1, 239.1.1.1), 00:04:14/00:02:55, flags: FTE
  Incoming interface: GigabitEthernet0/0/0, RPF nbr 0.0.0.0
  Outgoing interface list: Null

  Extranet receivers in vrf receiver:
  (10.1.1.1, 239.1.1.1), 00:04:14/stopped, OIF count: 1, flags: T


ASR1002-1#show ip mfib vrf receiver 239.1.1.1
Entry Flags:    C - Directly Connected, S - Signal, IA - Inherit A flag,
                ET - Data Rate Exceeds Threshold, K - Keepalive
                DDE - Data Driven Event, HW - Hardware Installed
                ME - MoFRR ECMP entry, MNE - MoFRR Non-ECMP entry, MP - MFIB
                MoFRR Primary, RP - MRIB MoFRR Primary, P - MoFRR Primary
                MS  - MoFRR  Entry in Sync, MC - MoFRR entry in MoFRR Client.
I/O Item Flags: IC - Internal Copy, NP - Not platform switched,
                NS - Negate Signalling, SP - Signal Present,
                A - Accept, F - Forward, RA - MRIB Accept, RF - MRIB Forward,
                MA - MFIB Accept, A2 - Accept backup,
                RA2 - MRIB Accept backup, MA2 - MFIB Accept backup

Forwarding Counts: Pkt Count/Pkts per second/Avg Pkt Size/Kbits per second
Other counts:      Total/RPF failed/Other drops
I/O Item Counts:   HW Pkt Count/FS Pkt Count/PS Pkt Count   Egress Rate in pps
VRF receiver
 (*,239.1.1.1) Flags: C HW
   SW Forwarding: 0/0/0/0, Other: 0/0/0
   HW Forwarding:   0/0/0/0, Other: 1/1/0
   GigabitEthernet0/0/1 Flags: NS
 (10.1.1.1,239.1.1.1) Flags: HW
   SW Forwarding: 0/0/0/0, Other: 0/0/0
   HW Forwarding:   15/0/94/0, Other: 0/0/0
   GigabitEthernet0/0/1 Flags: NS


Also, there is no unicast entry in the VRF receiver RIB for RP and source IP. 

ASR1002-1#show ip route vrf receiver 1.1.1.1
Routing Table: receiver
% Network not in table

ASR1002-1#show ip route vrf receiver 10.1.1.1
Routing Table: receiver
% Network not in table

Thus RPF shows as failed which is expected however, the MC traffic will be forwarded 
ASR1002-1#show ip rpf vrf receiver 1.1.1.1
 failed, no route exists
ASR1002-1#show ip rpf vrf receiver 10.1.1.1
 failed, no route exists


There is another way of achieving this, which is as follows: 

ip mroute vrf receiver 10.1.1.0 255.255.255.0 fallback-lookup vrf source
ip mroute vrf receiver 1.1.1.1 255.255.255.255 fallback-lookup vrf source

With this, RPF check is successful. 

ASR1002-1#show ip rpf vrf receiver 1.1.1.1
RPF information for ? (1.1.1.1)
  RPF interface: Loopback1
  RPF neighbor: ? (1.1.1.1) - directly connected
  RPF route/mask: 1.1.1.1/32
  RPF type: multicast (connected)
  Doing distance-preferred lookups across tables
  Using Extranet RPF Rule: Static Fallback Lookup, RPF VRF: source
  RPF topology: ipv4 multicast base


ASR1002-1#show ip rpf vrf receiver 10.1.1.1
RPF information for ? (10.1.1.1)
  RPF interface: GigabitEthernet0/0/0
  RPF neighbor: ? (10.1.1.1) - directly connected
  RPF route/mask: 10.1.1.0/24
  RPF type: multicast (connected)
  Doing distance-preferred lookups across tables
  Using Extranet RPF Rule: Static Fallback Lookup, RPF VRF: source
  RPF topology: ipv4 multicast base


However, we can use either 'RPF select' or 'fallback lookup' command, both eventually fulfill our purpose. 

Comments

Post a Comment

Popular posts from this blog

L2VPN EVPN VXLAN border leaf handoff with MPLS L3VPN peer

-
Image
TOPOLOGY REQUIREMENT  Reachability between L2VPN EVPN host 172.21.128.31 and L3VPN host 10.141.129.22.  CONFIGURATION ========  9500-2 ======== ip multicast-routing ip multicast-routing vrf EXPERIMENTAL vlan 930  ip pim rp-address 172.21.129.38 vrf definition EXPERIMENTAL  rd 172.21.128.30:111  route-target export 64512:1110  route-target import 64512:1110  !  address-family ipv4   route-target export 64512:1110 stitching   route-target import 64512:1110 stitching interface Loopback0  description device loopback  vrf forwarding EXPERIMENTAL  ip address 172.21.128.30 255.255.255.255 interface Loopback1  ip address 100.1.1.2 255.255.255.255  ip ospf 1 area 0 interface Loopback2  description VTEP Loopback  ip address 172.21.134.1 255.255.255.255  ip pim sparse-mode  ip ospf 10 area 0   l2vpn evpn  replication-type ingress  router-id Loopback2 interface nve1  no ip address  source-interface Loopback2  host-reachability protocol bgp  member vni 100930 vrf EXPERIMENTAL vlan configuration 930
Read more

Open PuTTY to telnet into multiple devices using Python

-
Image
Introduction The article explains and provide python script to open Putty terminal and telnet to multiple devices in a single click.  Prerequisites Basic Knowledge on Python scripting and installing modules.  Lets Start !  1. Install module 'pywinauto'. Module 'pywinauto' is a predefined library to open system applications.  Open python folder: Write CMD in the path and enter:     Install module 'pywinauto' using CMD: C:\Users\pashukl2\AppData\Local\Programs\Python\Python39\Scripts> pip install pywinauto 2. Create an excel file and save it as .csv         3. Python Script:  Import Modules. 'pywinauto.application' module is used for opening an existing application on the system.  'time' module for adding sleep time when pushing data to telnet sessions.  'csv' module for opening and reading CSV files. from pywinauto.application import Application import time import csv   Convert CSV file into Dictionary and storing ne
Read more