InterAS Multicast Routing

Problema pe care o analizam mai jos consta in rutarea traficului multicast intre o sursa din AS 100 si o destinatie din AS 200. Mai mult, am analizat o topologie in care Rendezvouz Point-urile (RP) sa nu fie tranzitate de traficul multicast (tot ce am gasit eu sunt scenarii cu RP pe post de bordere, deci traficul tranziteaza RP-urile - cam nerealist din punctul meu de vedere).

Cateva aspecte cheie:
- RP in AS 100 se distribuie automat prin Auto-RP, iar in AS 200 prin BSR
- intre ASBR-uri exista adiacenta PIM, dar ASBR1 filtreaza adresele IP multicast pe care se distribuie mesajele Auto-RP adica 224.0.1.39 (Auto-RP Announce) si 224.0.1.40 (Auto-RP Discovery); ASBR2 filtreaza mesajele BSR (am folosit optiunea BSR-border)
- sesiune eBGP pentru address-family IPv4 multicast intre ASBR-uri, pentru Reverse Path Forwarding (RPF)
- sesiuni iBGP pentru address-family IPv4 multicast intre ASBR-uri si routerele din fiecare AS, tot pentru RPF - aici am configurat ASBR sa fie si Route Reflector pentru AFI/SAFI 1/2 (address-family IPv4 multicast)
- OSPF este protocol IGP in fiecare AS, dar ASBR-urile nu au adiacenta OSPF intre ele, ci doar anunta o ruta implicita
- sesiune MSDP intre RP-uri ca sa isi anunte sursele si astfel sa permita traficul multicast sa porneasca de la o sursa dintr-un AS si sa ajunga la destinatiile multicast din alt AS
- FH (first-hop router) este routerul in care este direct conectat sursa traficului multicast, iar LH (last-hop router) este cel in care se conecteaza direct o destinatie multicast

Topologie

Config routerelor ASBR

ASBR 1 hostname ASBR1 ip multicast-routing interface Loopback0 ip address 1.1.1.1 255.255.255.255 !Ethernet0/0 - leg cu ASBR 2 interface Ethernet0/0 ip address 10.12.12.1 255.255.255.0 ip pim sparse-mode ip multicast boundary 1 !Ethernet0/1.121 - leg cu RP 1 interface Ethernet0/1.121 encapsulation dot1Q 121 ip address 192.168.121.1 255.255.255.0 ip pim sparse-mode !Ethernet0/1.122 - leg cu FH interface Ethernet0/1.122 encapsulation dot1Q 122 ip address 192.168.122.1 255.255.255.0 ip pim sparse-mode router ospf 1 network 1.1.1.1 0.0.0.0 area 1 network 192.168.0.0 0.0.255.255 area 0 default-information originate always router bgp 100 !sesiune eBGP cu ASBR 2 neighbor 10.12.12.2 remote-as 200 !sesiuni iBGP cu RP 1 si FH neighbor 21.21.21.21 remote-as 100 neighbor 21.21.21.21 update-source Loopback0 neighbor 22.22.22.22 remote-as 100 neighbor 22.22.22.22 update-source Loopback0 address-family ipv4 redistribute ospf 1 neighbor 10.12.12.2 activate exit-address-family address-family ipv4 multicast redistribute ospf 1 neighbor 10.12.12.2 activate neighbor 21.21.21.21 activate neighbor 21.21.21.21 route-reflector-client neighbor 22.22.22.22 activate neighbor 22.22.22.22 route-reflector-client exit-address-family access-list 1 deny 224.0.1.39 access-list 1 deny 224.0.1.40 access-list 1 permit any

ASBR 2 hostname ASBR2 ip multicast-routing interface Loopback0 ip address 2.2.2.2 255.255.255.255 !Ethernet0/1 - leg cu ASBR 1 interface Ethernet0/1 ip address 10.12.12.2 255.255.255.0 ip pim bsr-border ip pim sparse-mode !Ethernet0/0.25 - leg cu RP 2 interface Ethernet0/0.25 encapsulation dot1Q 25 ip address 172.16.25.2 255.255.255.0 ip pim sparse-mode !Ethernet0/0.26 - leg cu LH interface Ethernet0/0.26 encapsulation dot1Q 26 ip address 172.16.26.2 255.255.255.0 ip pim sparse-mode router ospf 1 network 2.2.2.2 0.0.0.0 area 2 network 172.16.0.0 0.0.255.255 area 0 default-information originate always router bgp 200 !sesiune eBGP cu ASBR 1 neighbor 10.12.12.1 remote-as 100 !sesiuni iBGP cu RP 2 si LH neighbor 5.5.5.5 remote-as 200 neighbor 5.5.5.5 update-source Loopback0 neighbor 6.6.6.6 remote-as 200 neighbor 6.6.6.6 update-source Loopback0 address-family ipv4 redistribute ospf 1 neighbor 10.12.12.1 activate exit-address-family address-family ipv4 multicast redistribute ospf 1 neighbor 5.5.5.5 activate neighbor 5.5.5.5 route-reflector-client neighbor 6.6.6.6 activate neighbor 6.6.6.6 route-reflector-client neighbor 10.12.12.1 activate exit-address-family

Config routerelor RP

RP 1 hostname RP1 ip multicast-routing interface Loopback0 ip address 21.21.21.21 255.255.255.255 ip pim sparse-mode !Ethernet0/0.121 - leg cu ASBR 1 interface Ethernet0/0.121 encapsulation dot1Q 121 ip address 192.168.121.21 255.255.255.0 ip pim sparse-mode !Ethernet0/0.2122 - leg cu FH interface Ethernet0/0.2122 encapsulation dot1Q 2122 ip address 192.168.0.21 255.255.255.0 ip pim sparse-mode router ospf 1 network 21.21.21.21 0.0.0.0 area 21 network 192.168.0.0 0.0.255.255 area 0 router bgp 100 !iBGP cu ASBR 1 neighbor 1.1.1.1 remote-as 100 neighbor 1.1.1.1 update-source Loopback0 address-family ipv4 multicast neighbor 1.1.1.1 activate exit-address-family !Auto-RP ip pim send-rp-announce Loopback0 scope 3 ip pim send-rp-discovery Loopback0 scope 3 !sesiune MSDP cu RP 2 ip msdp peer 5.5.5.5 connect-source Loopback0 remote-as 200

RP 2 hostname RP2 ip multicast-routing interface Loopback0 ip address 5.5.5.5 255.255.255.255 ip pim sparse-mode !Ethernet0/0.25 - leg cu ASBR 2 interface Ethernet0/0.25 encapsulation dot1Q 25 ip address 172.16.25.5 255.255.255.0 ip pim sparse-mode !Ethernet0/0.56 - leg cu LH interface Ethernet0/0.56 encapsulation dot1Q 56 ip address 172.16.56.5 255.255.255.0 ip pim sparse-mode router ospf 1 network 5.5.5.5 0.0.0.0 area 5 network 172.16.0.0 0.0.255.255 area 0 router bgp 200 !iBGP cu ASBR 2 neighbor 2.2.2.2 remote-as 200 neighbor 2.2.2.2 update-source Loopback0 address-family ipv4 multicast neighbor 2.2.2.2 activate exit-address-family !BSR ip pim bsr-candidate Loopback0 ip pim rp-candidate Loopback0 !sesiune MSDP cu RP 1 ip msdp peer 21.21.21.21 connect-source Loopback0 remote-as 100

Config routerelor FH si LH

FH hostname FH ip multicast-routing interface Loopback0 ip address 22.22.22.22 255.255.255.255 ip pim sparse-mode !Ethernet0/0.22 - LAN cu sursa Mcast interface Ethernet0/0.22 encapsulation dot1Q 22 ip address 192.168.22.22 255.255.255.0 ip pim sparse-mode !Ethernet0/0.122 - leg cu ASBR 1 interface Ethernet0/0.122 encapsulation dot1Q 122 ip address 192.168.122.22 255.255.255.0 ip pim sparse-mode !Ethernet0/0.2122 - leg cu RP 1 interface Ethernet0/0.2122 encapsulation dot1Q 2122 ip address 192.168.0.22 255.255.255.0 ip pim sparse-mode router ospf 1 network 22.22.22.22 0.0.0.0 area 22 network 192.168.0.0 0.0.255.255 area 0 router bgp 100 !iBGP cu ASBR 1 neighbor 1.1.1.1 remote-as 200 neighbor 1.1.1.1 update-source Loopback0 address-family ipv4 multicast neighbor 1.1.1.1 activate exit-address-family

LH hostname LH ip multicast-routing interface Loopback0 ip address 6.6.6.6 255.255.255.255 ip pim sparse-mode !Ethernet0/0.6 - LAN cu destinatia Mcast interface Ethernet0/0.6 encapsulation dot1Q 6 ip address 172.16.6.6 255.255.255.0 ip pim sparse-mode ip igmp join-group 226.6.6.6 !Ethernet0/0.26 - leg cu ASBR 2 interface Ethernet0/0.26 encapsulation dot1Q 26 ip address 172.16.26.6 255.255.255.0 ip pim sparse-mode !Ethernet0/0.56 - leg cu RP 2 interface Ethernet0/0.56 encapsulation dot1Q 56 ip address 172.16.56.6 255.255.255.0 ip pim sparse-mode router ospf 1 network 6.6.6.6 0.0.0.0 area 6 network 172.16.0.0 0.0.255.255 area 0 router bgp 200 !iBGP cu ASBR 2 neighbor 2.2.2.2 remote-as 200 neighbor 2.2.2.2 update-source Loopback0 address-family ipv4 multicast neighbor 2.2.2.2 activate exit-address-family

Ca sa testati, din consola routerului FH introduceti comanda ping 226.6.6.6 source eth0/0.22 repeat 11.

Pe cei dornici sa afle mai multe ii astept la cursurile academiei Cisco Netschool.

1 client, 2 provideri, 3 optiuni - InterAS VPN Layer 3 Option C

Si in acest post vom vedea cum doi provideri (ISP 1 - AS 100 si ISP 2 - AS 200) configureaza un NNI (Network to Network Interconnection) pentru a permite interconectarea a doua site-uri diferite (CPE 1 - LAN 7.7.7.7 /32 si CPE 2 - LAN 1.1.1.1 /32) a aceluiasi client. La fel, aceasta legatura poate fi folosita pentru traficul mai multor clienti care beneficiaza de aceasta optiune, singura diferenta majora fata de 'Option B' este ca ASBR-urile nu mai au nevoie de stie toata tabela de rutare VPNv4, caci RR-urile de VPNv4 din fiecare AS au sesiune eBGP intre ele. ASBR-urile au doar sesiune eBGP IPv4 (scenariu absolut normal intre doi ISP-isti) prin care se anunta interfetele de mgmt ale routerelor PE din fiecare ISP, pentru ca tunelul LSP sa se formeze intre routerul PE dintre un ISP si routerul PE din celalalt ISP. Totusi, traficul nu tranziteaza RR-urile, acestea au doar roluri de distribuire a rutelor VPNv4.

Topologie

Config routerelor CPE

CPE 1 !Loopback0 - LAN interface Loopback0 ip address 7.7.7.7 255.255.255.255 !Ethernet0/1 - WAN interface Ethernet0/1 ip address 192.168.78.7 255.255.255.0 !ruta implicita - next hop router-ul PE1 ip route 0.0.0.0 0.0.0.0 192.168.78.8

CPE 2 !Loopback0 - LAN interface Loopback0 ip address 1.1.1.1 255.255.255.255 !Ethernet0/1 - WAN interface Ethernet0/1 ip address 192.168.211.1 255.255.255.0 !ruta implicita - next hop router-ul PE2 ip route 0.0.0.0 0.0.0.0 192.168.211.21

Config routerelor P

P1 interface Loopback0 ip address 23.23.23.23 255.255.255.255 !Ethernet0/0.423 - leg cu ASBR 1 interface Ethernet0/0.423 encapsulation dot1Q 423 ip address 10.4.23.23 255.255.255.0 mpls ip !Ethernet0/0.823 - leg cu PE 1 interface Ethernet0/0.823 encapsulation dot1Q 823 ip address 10.8.23.23 255.255.255.0 mpls ip !Ethernet0/0.236 - leg cu RR 1 interface Ethernet0/0.236 encapsulation dot1Q 236 ip address 10.23.6.23 255.255.255.0 mpls ip router ospf 1 network 10.4.23.23 0.0.0.0 area 0 network 10.8.23.23 0.0.0.0 area 0 network 23.23.23.23 0.0.0.0 area 0 network 10.23.6.23 0.0.0.0 area 0

P2 interface Loopback0 ip address 22.22.22.22 255.255.255.255 !Ethernet0/0.322 - leg cu ASBR 2 interface Ethernet0/0.322 encapsulation dot1Q 322 ip address 10.3.22.22 255.255.255.0 mpls ip !Ethernet0/0.212 - leg cu PE 2 interface Ethernet0/0.212 encapsulation dot1Q 212 ip address 10.21.22.22 255.255.255.0 mpls ip !Ethernet0/0.222 - leg cu RR 2 interface Ethernet0/0.222 encapsulation dot1Q 222 ip address 10.0.222.22 255.255.255.0 mpls ip router ospf 1 network 10.3.22.22 0.0.0.0 area 0 network 10.21.22.22 0.0.0.0 area 0 network 22.22.22.22 0.0.0.0 area 0 network 10.0.222.22 0.0.0.0 area 0

Config routerelor ASBR

Aici am folosit filtrari pentru a anunta numai interfetele de mgmt ale routerelor PE si RR. Am folosit acelasi prefix-list, dar se mai poate rafina astfel incat sa aibe un numar mai mic de linii. Comanda 'neighbor send-label' este folosita pentru ca pe langa prefixe, BGP sa anunte si etictehele MPLS asociate.
Routerele ASBR nu au nevoie nici macar de sesiune iBGP cu RR-ul AS-ului din care face parte, el fac doar label-swapping ca si routerele P.

ASBR 1 interface Loopback0 ip address 4.4.4.4 255.255.255.255 interface Ethernet0/0 no shutdown !Ethernet0/0.43 - leg cu ASBR2 interface Ethernet0/0.43 encapsulation dot1Q 43 ip address 10.0.43.4 255.255.255.0 mpls bgp forwarding !Ethernet0/0.423 - leg cu P1 interface Ethernet0/0.423 encapsulation dot1Q 423 ip address 10.4.23.4 255.255.255.0 mpls ip router ospf 1 redistribute bgp 100 subnets route-map bgp-ospf network 4.4.4.4 0.0.0.0 area 0 network 10.4.23.4 0.0.0.0 area 0 router bgp 100 !sesiune eBGP cu ASBR1 neighbor 10.0.43.3 remote-as 200 address-family ipv4 redistribute ospf 1 neighbor 10.0.43.3 activate neighbor 10.0.43.3 send-label exit-address-family ip prefix-list Loopback seq 5 permit 2.2.2.2/32 ip prefix-list Loopback seq 10 permit 3.3.3.3/32 ip prefix-list Loopback seq 15 permit 4.4.4.4/32 ip prefix-list Loopback seq 20 permit 6.6.6.6/32 ip prefix-list Loopback seq 25 permit 8.8.8.8/32 ip prefix-list Loopback seq 30 permit 22.22.22.22/32 ip prefix-list Loopback seq 35 permit 21.21.21.21/32 route-map bgp-ospf permit 10 match ip address prefix-list Loopback

ASBR 2 interface Loopback0 ip address 3.3.3.3 255.255.255.255 interface Ethernet0/0 no shutdown !Ethernet0/0.43 - leg cu ASBR1 interface Ethernet0/0.43 encapsulation dot1Q 43 ip address 10.0.43.3 255.255.255.0 mpls bgp forwarding !Ethernet0/0.322 - leg cu P2 interface Ethernet0/0.322 encapsulation dot1Q 322 ip address 10.3.22.3 255.255.255.0 mpls ip router ospf 1 redistribute bgp 200 subnets route-map bgp-ospf network 3.3.3.3 0.0.0.0 area 0 network 10.3.22.3 0.0.0.0 area 0 router bgp 200 ! sesiune eBGP cu ASBR2 neighbor 10.0.43.4 remote-as 100 address-family ipv4 redistribute ospf 1 neighbor 10.0.43.4 activate neighbor 10.0.43.4 send-label exit-address-family ip prefix-list Loopback seq 5 permit 2.2.2.2/32 ip prefix-list Loopback seq 10 permit 3.3.3.3/32 ip prefix-list Loopback seq 15 permit 4.4.4.4/32 ip prefix-list Loopback seq 20 permit 6.6.6.6/32 ip prefix-list Loopback seq 25 permit 8.8.8.8/32 ip prefix-list Loopback seq 30 permit 22.22.22.22/32 ip prefix-list Loopback seq 35 permit 21.21.21.21/32 route-map bgp-ospf permit 10 match ip address prefix-list Loopback

Config routerelor RR

Aici, pe langa sesiunea eBGP VPNv4 multihop, este importanta si optiunea neighbor next-hop-unchanged, altfel prefixele din celalalt AS au next-hop RR-ul din celalalt AS si mesajele il vor tranzita in mod inutil.

RR 1 interface Loopback0 ip address 6.6.6.6 255.255.255.255 !Ethernet0/0 - leg cu P1 interface Ethernet0/0 ip address 10.23.6.6 255.255.255.0 mpls ip router ospf 1 network 6.6.6.6 0.0.0.0 area 0 network 10.23.6.6 0.0.0.0 area 0 router bgp 100 no bgp default ipv4-unicast !sesiune eBGP multihop cu RR2 neighbor 2.2.2.2 remote-as 200 neighbor 2.2.2.2 ebgp-multihop 255 neighbor 2.2.2.2 update-source Loopback0 !sesiune iBGP cu PE1 neighbor 8.8.8.8 remote-as 100 neighbor 8.8.8.8 update-source Loopback0 address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community both neighbor 2.2.2.2 next-hop-unchanged neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community both neighbor 8.8.8.8 route-reflector-client exit-address-family

RR 2 interface Loopback0 ip address 2.2.2.2 255.255.255.255 !Ethernet0/1 - leg cu P2 interface Ethernet0/1 ip address 10.0.222.2 255.255.255.0 mpls ip router ospf 1 network 2.2.2.2 0.0.0.0 area 0 network 10.0.222.2 0.0.0.0 area 0 router bgp 200 no bgp default ipv4-unicast !sesiune eBGP multihop cu RR1 neighbor 6.6.6.6 remote-as 100 neighbor 6.6.6.6 ebgp-multihop 255 neighbor 6.6.6.6 update-source Loopback0 !sesiune iBGP cu PE2 neighbor 21.21.21.21 remote-as 200 neighbor 21.21.21.21 update-source Loopback0 address-family vpnv4 neighbor 6.6.6.6 activate neighbor 6.6.6.6 send-community both neighbor 6.6.6.6 next-hop-unchanged neighbor 21.21.21.21 activate neighbor 21.21.21.21 send-community both neighbor 21.21.21.21 route-reflector-client exit-address-family