No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Commissioning Guide

This is NE40E V800R010C10SPC500 Commissioning Guide
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Commissioning Multicast VPN

Commissioning Multicast VPN

Users can choose to configure multicast VPN based on the actual network planning. This section describes how to commission multicast VPN.

Prerequisites

The following configurations are complete, and the device is running normally.

Context

As shown in Figure 6-11, configure single-AS MD VPN in the network.

Figure 6-11 Networking diagram of configuring single-AS MD VPN

In Table 6-3, GE1 stands for GigabitEthernet 1/0/0, GE2 stands for GigabitEthernet 2/0/0, and GE3 stands for GigabitEthernet 3/0/0. The IP address of each interface is shown in the following table.

Table 6-3 Configuration information about interfaces

Device

IP Address of Interface

Remarks

P

GE1: 192.168.6.2/24

-

GE2: 192.168.7.2/24

-

GE3: 192.168.8.2/24

-

Loopback1: 2.2.2.2/32

Acts as C-RP of the public network

PE-A

GE1: 192.168.6.1/24

Public network instance

GE2: 10.110.1.1/24

VPN-RED instance

GE3: 10.110.2.1/24

VPN-RED instance

Loopback1: 1.1.1.1/32

Public network instance

Loopback 1 interfaces of PE-A, PE-B, and PE-C set up IBGP peer relationships.

PE-B

GE1: 192.168.7.1/24

Public network instance

GE2: 10.110.3.1/24

VPN-BLUE instance

GE3: 10.110.4.1/24

VPN-RED instance

Loopback1: 1.1.1.2/32

Public network instance

Loopback 1 interfaces of PE-A, PE-B, and PE-C set up IBGP peer relationships.

PE-C

GE1: 192.168.8.1/24

Public network instance

GE2: 10.110.5.1/24

VPN-RED instance

GE3: 10.110.6.1/24

VPN-BLUE instance

Loopback1: 1.1.1.3/32

Public network instance

Loopback 1 interfaces of PE-A, PE-B, and PE-C set up IBGP peer relationships.

Loopback2: 33.33.33.33/32

VPN-BLUE instance

Acts as C-RP of VPN-BLUE

CE-Ra

GE1: 10.110.7.1/24

-

GE2: 10.110.2.2/24

-

CE-Bb

GE1: 10.110.8.1/24

-

GE2: 10.110.3.2/24

-

CE-Rb

GE1: 10.110.9.1/24

-

GE2: 10.110.4.2/24

-

GE3: 10.110.12.1/24

-

Loopback1: 22.22.22.22/32

VPN-RED instance

Acts as C-RP of VPN-RED instance

CE-Rc

GE1: 10.110.10.1/24

-

GE2: 10.110.5.2/24

-

GE3: 10.110.12.2/24

-

CE-Bc

GE1: 10.110.11.1/24

-

GE2: 10.110.6.2/24

-

Source1

10.110.7.2/24

Multicast source in the VPN-RED

Source2

10.110.8.2/24

Multicast source in the VPN-BLUE

PC1

10.110.1.2/32

Multicast receiver in the VPN-RED

PC2

10.110.9.2/32

Multicast receiver in the VPN-RED

PC3

10.110.10.2/32

Multicast receiver in the VPN-RED

PC4

10.110.11.2/32

Multicast receiver in the VPN-BLUE

Table 6-4 Networking requirements of Single-AS MD VPN solution

Item

Networking Requirements

Multicast source/ receiver

Multicast source of VPN RED is Source1. The receivers include PC1, PC2, and PC3. Multicast source of VPN BLUE is Source2. The receiver is PC4. In VPN RED, Share-Group address is 239.1.1.1 and Switch-Group address pool ranges from 225.2.2.1 to 225.2.2.16. In VPN BLUE, Share-Group address is 239.2.2.2 and Switch-Group address pool ranges from 225.4.4.1 to 225.4.4.16.

VPN instance which the interfaces on PEs belong to

On PE-A, GE2 and GE3 belong to VPN-RED instance, and GE1 and Loopback1 belong to the public network instance. On PE-B, GE2 belongs to VPN-BLUE instance, GE3 belongs to VPN-RED instance, and GE1 and Loopback1 belong to the public network instance. On PE-C, GE2 belongs to VPN-RED instance, GE3 and Loopback2 belong to VPN-BLUE instance, and GE1 and Loopback1 belong to the public network instance.

Routing protocol and MPLS

Configure OSPF on the public network. Enable RIP on PE and CE routers. Establish a BGP peer connection and transmit all VPN routes between Loopback1 interfaces on PE-A, PE-B, and PE-C. Enable MPLS forwarding on the public network.

Multicast function

Enable multicast on P. Enable multicast on the public network instance on PE-A, PE-B, and PE-C. Enable multicast on VPN-RED instance on PE-A, PE-B, and PE-C. Enable multicast on VPN-BLUE instance on PE-B and PE-C. Enable multicast on CE-Ra, CE-Rb, CE-Rc, CE-Bb, and CE-Bc.

IGMP function

Enable IGMP on GE2 of PE-A.Enable IGMP on GE1 of CE-Rb, GE1 of CE-Rc, and GE1 of CE-Bc.

PIM function

Enable PIM-SM on all the VPN interfaces in VPN-RED instance. Enable PIM-SM on all the VPN interfaces in VPN-BLUE instance. Enable PIM-SM on all the interfaces of P and CEs, as well as public network instance interfaces of PEs. Configure Loopback1 of P as the C-BSR and C-RP of public network (serving all multicast groups). Configure Loopback1 of CE-Rb as the C-BSR and C-RP of VPN-RED (serving all multicast groups). Configure Loopback2 of PE-C as the C-BSR and C-RP of VPN-BLUE (serving all multicast groups).

Procedure

  1. Run the display pim routing-table command to view information about the multicast routing table.

    <HUAWEI> display pim routing-table
    VPN-Instance: RED
     Total 1 (*, G) entries; 1 (S, G) entry
    
     (*, 239.1.1.1)
         RP: 22.22.22.22
         Protocol: pim-sm, Flag: WC 
         UpTime: 2d:03h     
         Upstream interface: GigabitEthernet2/0/0
             Upstream neighbor: NULL
             RPF prime neighbor:NULL
         Downstream interface(s) information:
         Total number of downstreams: 1
           1: GigabitEthernet1/0/0
                 Protocol: igmp, UpTime: 00:01:23, Expires: - 
    
     (10.110.7.2, 239.1.1.1)
         RP: 22.22.22.22
         Protocol: pim-sm, Flag: SPT ACT 
         UpTime: 00:00:03     
         Upstream interface: GigabitEthernet2/0/0
             Upstream neighbor: NULL
             RPF prime neighbor:NULL
         Downstream interface(s) information:
         Total number of downstreams: 1
            1: GigabitEthernet1/0/0
                 Protocol: pim-sm, UpTime: 00:00:03, Expires: -
    

  2. Run the display multicast-domain vpn-instance command on the device to view information about the Share-Group and MTI.

    <HUAWEI> display multicast-domain vpn-instance RED share-group
    MD local share-group information for VPN-Instance: RED
      Share-group: 239.1.1.1
      MTunnel address: 2.2.2.1   

Common Troubleshooting

If the MDT cannot be correctly set up after the multicast VPN is configured, perform the following:

  1. Check that unicast routes are available.

    Run the display ip routing-table command on each PE and P to check whether devices on the public network are reachable through unicast routes.

    Run the display ip routing-table vpn-instance vpn-instance-name command on the PEs to check whether the devices in each VPN instance bound to the PEs are reachable through unicast routes.

    Run the ping command on CEs to check whether CEs are routable in each VPN instance.

    • If unicast routes are unavailable, check the faults of unicast routes.

    • If unicast routes are available on both the public network and VPNs, go to Step 2.

  2. Check that the TTL value of the multicast data sent by the multicast source is sufficient to reach the destination.

    Confirm the TTL value of the multicast data with customers or the supplier of the multicast source device.

    • If the TTL value is smaller than the number of hops of the path from the multicast source to the receiver, you are recommended to increase the TTL value of the multicast data sent from the multicast source.

    • If the TTL value is equal to or greater than the number of hops of the path from the multicast source to the receiver, go to Step 3.

  3. Check that multicast is enabled on both the public network and VPNs.

    Run the display current-configuration command on each device to check current configurations. Focus on checking configurations on each PE.

    Multicast VPN requires PEs to support multicast multi-instance. The following are configuration requirements on PEs:

    The multicast routing-enable command is run in the system view to enable multicast on the public network.

    The multicast routing-enable command is run in the view of each VPN instance bound to PEs to enable multicast in each VPN instance.

    • If multicast routing-enable is not displayed in the configurations of an instance bound to a PE, multicast is not enabled in this instance. Then run the multicast routing-enable command in the VPN instance view.

    • If multicast routing-enable is displayed in the configurations of the public network instance and all the VPN instances, go to Step 4.

  4. Check that configurations of the share-groups configured for the same VPN instance to which PEs are bound are consistent.

    Run the display multicast-domain vpn-instance vpn-instance-name share-group command on PEs to check that configurations of the share-groups configured for a specified VPN instance are consistent.

    • If share-groups are not configured or configurations of share-groups are different, run the multicast-domain share-group group-address binding mtunnel number command in this VPN instance view to reconfigure a share-group and bind the share-group to a specified MTI.

    • If the configurations of the share-groups configured for the specified VPN instance are consistent, go to Step 5.

  5. Check that configurations of the MTIs on PEs are correct.

    Run the display current-configuration command on each PE to check whether the MTI address is correct and consistent with the address of the local interface setting up an IBGP peer relationship.

    • If no MTI is configured or the address of the MTI is inconsistent with that of the local interface setting up an IBGP peer relationship, the multicast packet can reach the VPN instance on the PE through the MTI, but cannot pass the RPF check. Then run the ip address ip-address { mask | mask-length } command in the MTI view to change the IP address of the MTI.

    • If MTIs on PEs are correctly configured, go to Step 6.

  6. Check that PIM neighbor relationships are established between devices.

    Run the display pim [ vpn-instance vpn-instance-name ] neighbor command on devices to check whether they have set up PIM neighbor relationships correctly. If the command output shows related neighbor addresses, neighbor relationships are correctly established.

    • If no PIM neighbor relationship is established, do as follows:
      1. Check whether interfaces are in the Up state.

        Run the display interface interface-type interface-number command to check whether interfaces are in the Up state.

      2. Check that the interfaces that set up BGP peer relationships on the public network can normally forward Hello messages.

        Run the display pim vpn-instance vpn-instance-name control-message counters interface interface-type interface-number message-type hello command to check whether interfaces that set up BGP peer relationships on the public network can normally forward Hello messages. If the number of packets sent and received in more than one Hello interval continues to increase, packet forwarding is normal. If packet forwarding is abnormal, contact Huawei technical support personnel.

      3. Check whether the PE is configured with the integrated service processing board to support the multicast VPN service.

        If the PE interface connecting P or the PE interface connecting CE is an IP-Trunk interface, Eth-Trunk interface, or Eth-Trunk sub-interface, use the display this command in the PE system view to check whether to configure the multicast-vpn slot slot-id command which uses the integrated service processing board to support the multicast VPN service.
        • If the PE is not configured with the multicast-vpn slot slot-id command, configure the multicast-vpn slot slot-id command in the system view.

        • If the PE is configured with the multicast-vpn slot slot-id command, proceed Step 7.

    • If PIM neighbor relationships are correctly established between devices, go to Step 7.

  7. Check that the PIM-SM BSR and RP are correctly configured.

    • Run the display pim vpn-instance vpn-instance-name bsr-info command on PEs to check BSR information of each VPN instance. If the elected BSR addresses in the same VPN instance bound to the PEs are consistent, BSR configurations are correct.

      Run the display pim vpn-instance vpn-instance-name rp-info group-address command on PEs to check whether configurations of the RPs serving the same group in the same VPN instance bound to the PE are consistent. If the BSR RP addresses are consistent, RP configurations are correct.

    • Run the display pim bsr-info command on devices in VPNs to check BSR information. If elected BSR addresses used by the devices are consistent in each VPN, BSR configurations are correct.

      Run the display pim rp-info command on devices in VPNs to check RP information. If the BSR RP addresses on the devices are consistent in each VPN, RP configurations are correct.

    • Run the display pim bsr-info command on PEs and the P to check BSR information of the public network. If the elected BSR address in the command output on the PEs and P are consistent, BSR configurations are correct.

    • Run the display pim bsr-info command on PEs and the P to check RP information of the public network. If the BSR RP addresses in the command output on the PEs and P are consistent, RP configurations are correct.

    If PIM-SM BSR and RP configurations are correct, go to Step 8.

  8. Check that group addresses are within the SSM group address range.

    NOTE:

    If PIM-SSM is used, this step is mandatory. If PIM-SM is used, skip this step.

    • If PIM-SSM is enabled in VPNs, a uniform SSM group address must be configured for all the devices in each VPN.
      • Run the display current-configuration command on PEs to check whether the same VPN instance bound to the PEs is configured with the same SSM group address range. If the configurations are inconsistent, enter the PIM view of the VPN instance and run the ssm-policy { basic-acl-number | acl-name acl-name } command to reconfigure an SSM group address range.

      • Run the display current-configuration command on devices in VPNs to check whether the same VPN instance bound to the devices in VPNs is configured with the same SSM group address range. If the configurations are inconsistent, enter the PIM view of the VPN instance and run the ssm-policy { basic-acl-number | acl-name acl-name } command to reconfigure an SSM group address range.

    • If PIM-SSM is enabled on the public network, a uniform SSM group address must be configured for all the devices on the public network.

      Run the display current-configuration command on PEs and Ps to check whether the same VPN instance bound to the PEs and Ps are configured with the same SSM group address range. If the configurations are inconsistent, enter the PIM view and run the ssm-policy { basic-acl-number | acl-name acl-name } command to reconfigure an SSM group address range.

    • If the group addresses are within the SSM group address range, go to Step 9.

  9. Check whether a multicast boundary is configured.

    Run the display multicast [ vpn-instance vpn-instance-name ] forwarding-table command on the intermediate nodes in sequence from the receiver to the source and check the value of the Forwarded changes within several minutes. If the value of Forwarded does not change on a device, it indicates packet forwarding fails on this device. Then run the display multicast [ vpn-instance vpn-instance-name ] boundary [ group-address ] command on the faulty device. Two situations are involved:
    • For the public network, if the RPT has been switched to the SPT, group-address is an address in the switch-group address pool; if the RPT has not been switched to the SPT, group-address is the share-group address.

    • For VPNs, group-address is a private multicast group address.

    • If the interface configured with a multicast boundary is an RPF interface to the upstream device, run the undo multicast boundary { group-address { mask | mask-length } | all } command to delete or change the multicast boundary configurations.

    • If no multicast boundary is configured on the interface, go to Step 10.

  10. Check that the interfaces that directly connect CEs to hosts have IGMP group information.

    Run the display igmp group interface interface-type interface-number command to check whether the interfaces that directly connect CEs to hosts have IGMP group information.

    • If the outbound interface of the CE connecting users in private network does not have information about the IGMP group, refer to chapter "Multicast" in "HUAWEI NetEngine40E Universal Service Router Troubleshooting" for detailed troubleshooting methods.

    • If the fault persists after the preceding troubleshooting procedures are complete, contact Huawei technical support personnel.

Translation
Download
Updated: 2019-01-02

Document ID: EDOC1100055014

Views: 4754

Downloads: 63

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next