まず最初に
この検証内容は、2011年に MPLS VPN についてラボで確認した時の結果をローカルのwikiサーバーに保存していました。その後、誰かの参考になったのかどうかは分からないのですが、もうwikiサーバーも動いていませんので、誰もこの内容を見ることもないと思います。でも、最近になって自分でも見直すことがありましたので、少しでも参考になればと思い、こちらにアップすることにしました。
Topology
Figure-1
Figure-2
各AS内のルーティング(IGP)は、AS間で交換しない。そのため、RPFチェックができない。
rpf proxy vector
異なるASからマルチキャストパケットが届いた場合、その送信元ASのIGPを知らなければ、RPFチェックに失敗して破棄される。
CE2B(R10)から、CE2A(R9)までpingを実行してみる。
log
CE2B#ping 239.1.1.1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 239.1.1.1, timeout is 2 seconds:
Reply to request 0 from 172.17.12.10, 84 ms
まず最初に、このpingの結果として、multicastが流れることが確認できる
AS2内のmrouteを確認
PE2B(R6)
PE2B(R6)は、multicast送信元のAS内なので特に問題なし
log
PE2B#show ip mroute 232.1.1.1 10.2.2.2
IP Multicast Routing Table
(10.2.2.2, 232.1.1.1), 00:23:31/00:02:36, flags: sT
Incoming interface: Loopback0, RPF nbr 0.0.0.0
Outgoing interface list:
Ethernet0/0, Forward/Sparse, 00:23:31/00:02:36
RPFチェック
log
PE2B#show ip rpf 10.2.2.2
RPF information for ? (10.2.2.2)
RPF interface: Loopback0
RPF neighbor: ? (10.2.2.2) - directly connected
RPF route/mask: 10.2.2.2/32
RPF type: multicast (connected)
Doing distance-preferred lookups across tables
RPF topology: ipv4 multicast base
PE2B#
P1B(R4)
P1B(R4)は、multicast送信元のAS内なので特に問題なし
log
P1B#show ip mroute 232.1.1.1 10.2.2.2
IP Multicast Routing Table
(10.2.2.2, 232.1.1.1), 00:23:06/00:02:23, flags: T
Incoming interface: Ethernet1/0, RPF nbr 172.19.42.2
Outgoing interface list:
Ethernet0/0, Forward/Sparse, 00:23:06/00:03:00
RPFチェック
log
P1B#show ip rpf 10.2.2.2
RPF information for ? (10.2.2.2)
RPF interface: Ethernet1/0
RPF neighbor: ? (172.19.42.2)
RPF route/mask: 10.2.2.2/32
RPF type: unicast (isis)
Doing distance-preferred lookups across tables
RPF topology: ipv4 multicast base, originated from ipv4 unicast base
P3B(R2)
P3B(R2)は、multicast送信元のAS内なので特に問題なし
log
PE3B#show ip mroute 232.1.1.1 10.2.2.2
IP Multicast Routing Table
(10.2.2.2, 232.1.1.1), 00:24:32/00:02:33, flags: sT
Incoming interface: Ethernet0/0, RPF nbr 172.16.43.5
Outgoing interface list:
Ethernet1/0, Forward/Sparse, 00:24:32/00:02:33
RPFチェック
log
PE3B#show ip rpf 10.2.2.2
RPF information for ? (10.2.2.2)
RPF interface: Ethernet0/0
RPF neighbor: ? (172.16.43.5)
RPF route/mask: 10.2.2.2/32
RPF type: unicast (isis)
Doing distance-preferred lookups across tables
RPF topology: ipv4 multicast base, originated from ipv4 unicast base
AS1内のmrouteを確認
PE3A(R1)
PE3A(R1)は、他ASからのマルチキャストパケットを受信している
ここで、vector 172.20.34.4が表示されていることが確認できる
log
PE3A#show ip mroute 232.1.1.1 10.2.2.2
IP Multicast Routing Table
(10.2.2.2, 232.1.1.1), 00:33:09/00:02:46, flags: sTV
Incoming interface: Ethernet1/0, RPF nbr 172.20.34.4, vector 172.20.34.4
Outgoing interface list:
Ethernet0/0, Forward/Sparse, 00:33:09/00:02:46
その為、Sourceアドレスに対するRPFチェックは失敗する
log
PE3A#show ip rpf 10.2.2.2
failed, no route exists
しかし、vectorのアドレスに対して、RPFチェックすると成功する
log
PE3A#show ip rpf 172.20.34.4
RPF information for ? (172.20.34.4)
RPF interface: Ethernet1/0
RPF neighbor: ? (172.20.34.4) - directly connected
RPF route/mask: 172.20.34.0/24
RPF type: multicast (connected)
Doing distance-preferred lookups across tables
RPF topology: ipv4 multicast base
P1A(R3)
P1A(R3)は、他ASからのマルチキャストパケットを受信している
log
P1A#show ip mroute 232.1.1.1 10.2.2.2
IP Multicast Routing Table
(10.2.2.2, 232.1.1.1), 00:39:09/00:02:22, flags: TV
Incoming interface: Ethernet0/0, RPF nbr 192.168.143.3, vector 10.1.1.3
Outgoing interface list:
Ethernet1/0, Forward/Sparse, 00:39:09/00:02:36
PE3Aと同じように、Sourceアドレスに対するRPFチェックは失敗する
log
P1A#show ip rpf 10.2.2.2
failed, no route exists
しかし、vectorのアドレスに対して、RPFチェックすると成功する
注目すべき点は、vectorアドレスが、PEルータによって書き換えられていること
log
P1A#show ip rpf 10.1.1.3
RPF information for ? (10.1.1.3)
RPF interface: Ethernet0/0
RPF neighbor: ? (192.168.143.3)
RPF route/mask: 10.1.1.3/32
RPF type: unicast (isis)
Doing distance-preferred lookups across tables
RPF topology: ipv4 multicast base, originated from ipv4 unicast base
PE2A(R5)
PE2A(R5)は、他ASからのマルチキャストパケットを受信している
log
PE2A#show ip mroute 232.1.1.1 10.2.2.2 IP Multicast Routing Table
(10.2.2.2, 232.1.1.1), 00:42:01/stopped, flags: sTIZV
Incoming interface: Ethernet0/0, RPF nbr 172.19.142.5, vector 10.1.1.3
Outgoing interface list:
MVRF blue, Forward/Sparse, 00:42:01/00:02:58
PE3Aと同じように、Sourceアドレスに対するRPFチェックは失敗する
log
PE2A#show ip rpf 10.2.2.2
failed, no route exists
しかし、vectorのアドレスに対して、RPFチェックすると成功する
log
PE2A#show ip rpf 10.1.1.3
RPF information for ? (10.1.1.3)
RPF interface: Ethernet0/0
RPF neighbor: ? (172.19.142.5)
RPF route/mask: 10.1.1.3/32
RPF type: unicast (isis)
Doing distance-preferred lookups across tables
RPF topology: ipv4 multicast base, originated from ipv4 unicast base
log
config
R1
config
hostname PE3A
!
ip multicast-routing
!
mpls label range 1000 1999
mpls label protocol ldp
!
interface Loopback0
ip address 10.1.1.3 255.255.255.255
ip pim sparse-mode
ip router isis
!
interface Ethernet0/0
ip address 192.168.143.3 255.255.255.0
ip pim sparse-mode
ip router isis
mpls ip
!
interface Ethernet1/0
ip address 172.20.34.3 255.255.255.0
ip pim sparse-mode
mpls bgp forwarding
!
router isis
net 49.0000.0000.3333.00
!
router bgp 1
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 1
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.1.2 remote-as 1
neighbor 10.1.1.2 update-source Loopback0
neighbor 172.20.34.4 remote-as 2
!
address-family ipv4
no synchronization
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
neighbor 10.1.1.1 next-hop-self
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
neighbor 10.1.1.2 next-hop-self
neighbor 172.20.34.4 activate
neighbor 172.20.34.4 send-community extended
exit-address-family
!
address-family ipv4 mdt
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
neighbor 10.1.1.1 next-hop-self
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
neighbor 10.1.1.2 next-hop-self
neighbor 172.20.34.4 activate
neighbor 172.20.34.4 send-community extended
exit-address-family
!
ip pim ssm default
!
R2
config
hostname PE3B
!
ip multicast-routing
!
mpls label range 2000 2999
mpls label protocol ldp
!
interface Loopback0
ip address 10.2.2.3 255.255.255.255
ip pim sparse-mode
ip router isis
!
interface Ethernet0/0
ip address 172.16.43.3 255.255.255.0
ip pim sparse-mode
ip router isis
mpls ip
!
interface Ethernet1/0
ip address 172.20.34.4 255.255.255.0
ip pim sparse-mode
mpls bgp forwarding
!
router isis
net 49.0000.0000.3333.00
!
router bgp 2
no bgp default ipv4-unicast
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 10.2.2.1 remote-as 2
neighbor 10.2.2.1 update-source Loopback0
neighbor 10.2.2.2 remote-as 2
neighbor 10.2.2.2 update-source Loopback0
neighbor 172.20.34.3 remote-as 1
!
address-family ipv4
no synchronization
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 10.2.2.1 activate
neighbor 10.2.2.1 send-community extended
neighbor 10.2.2.1 next-hop-self
neighbor 10.2.2.2 activate
neighbor 10.2.2.2 send-community extended
neighbor 10.2.2.2 next-hop-self
neighbor 172.20.34.3 activate
neighbor 172.20.34.3 send-community extended
exit-address-family
!
address-family ipv4 mdt
neighbor 10.2.2.1 activate
neighbor 10.2.2.1 send-community extended
neighbor 10.2.2.1 next-hop-self
neighbor 10.2.2.2 activate
neighbor 10.2.2.2 send-community extended
neighbor 10.2.2.2 next-hop-self
neighbor 172.20.34.3 activate
neighbor 172.20.34.3 send-community extended
exit-address-family
!
ip pim ssm default
!
R3
config
hostname P1A
!
ip multicast-routing
!
mpls label range 3000 3999
mpls label protocol ldp
!
interface Ethernet0/0
ip address 192.168.143.5 255.255.255.0
ip pim sparse-mode
ip router isis
mpls ip
!
interface Ethernet1/0
ip address 172.19.142.5 255.255.255.0
ip pim sparse-mode
ip router isis
mpls ip
!
interface Ethernet2/0
ip address 172.30.41.5 255.255.255.0
ip pim sparse-mode
ip router isis
mpls ip
!
router isis
net 49.0000.0000.4444.00
!
R4
config
hostname P1B
!
ip multicast-routing
!
mpls label range 4000 4999
mpls label protocol ldp
!
interface Ethernet0/0
ip address 172.16.43.5 255.255.255.0
ip pim sparse-mode
ip router isis
mpls ip
!
interface Ethernet1/0
ip address 172.19.42.5 255.255.255.0
ip pim sparse-mode
ip router isis
mpls ip
!
interface Ethernet2/0
ip address 172.30.141.5 255.255.255.0
ip pim sparse-mode
ip router isis
mpls ip
!
router isis
net 49.0000.0000.4444.00
!
R5
config
hostname PE2A
!
ip vrf blue
rd 55:1111
route-target export 55:1111
route-target import 55:1111
mdt default 232.1.1.1
!
ip multicast-routing
ip multicast-routing vrf blue
ip multicast vrf blue rpf proxy rd vector
!
mpls label range 5000 5999
mpls label protocol ldp
!
interface Loopback0
ip address 10.1.1.2 255.255.255.255
ip pim sparse-mode
ip router isis
!
interface Ethernet0/0
ip address 172.19.142.2 255.255.255.0
ip pim sparse-mode
ip router isis
mpls ip
!
interface Serial1/0
ip vrf forwarding blue
ip address 172.17.12.2 255.255.255.0
ip pim sparse-mode
no fair-queue
serial restart-delay 0
!
router isis
net 49.0000.0000.2222.00
!
router rip
!
address-family ipv4 vrf blue
redistribute bgp 1 metric 1
network 172.17.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 1
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.1.3 remote-as 1
neighbor 10.1.1.3 update-source Loopback0
!
address-family ipv4
no synchronization
neighbor 10.1.1.1 activate
neighbor 10.1.1.3 activate
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community extended
exit-address-family
!
address-family ipv4 mdt
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community extended
exit-address-family
!
address-family ipv4 vrf blue
no synchronization
redistribute rip metric 1
exit-address-family
!
ip pim ssm default
ip pim vrf blue bsr-candidate Serial1/0 0
ip pim vrf blue rp-candidate Serial1/0 group-list 1
!
access-list 1 permit 239.1.1.1
!
R6
config
hostname PE2B
!
ip vrf blue
rd 55:1111
route-target export 55:1111
route-target import 55:1111
mdt default 232.1.1.1
!
ip multicast-routing
ip multicast-routing vrf blue
ip multicast vrf blue rpf proxy rd vector
!
mpls label range 6000 6999
mpls label protocol ldp
!
interface Loopback0
ip address 10.2.2.2 255.255.255.255
ip pim sparse-mode
ip router isis
!
interface Ethernet0/0
ip address 172.19.42.2 255.255.255.0
ip pim sparse-mode
ip router isis
mpls ip
!
interface Serial1/0
ip vrf forwarding blue
ip address 172.18.22.2 255.255.255.0
ip pim sparse-mode
no fair-queue
serial restart-delay 0
!
router isis
net 49.0000.0000.2222.00
!
router rip
!
address-family ipv4 vrf blue
redistribute bgp 2 metric 1
network 172.18.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.2.2.1 remote-as 2
neighbor 10.2.2.1 update-source Loopback0
neighbor 10.2.2.3 remote-as 2
neighbor 10.2.2.3 update-source Loopback0
!
address-family ipv4
no synchronization
neighbor 10.2.2.1 activate
neighbor 10.2.2.3 activate
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 10.2.2.1 activate
neighbor 10.2.2.1 send-community extended
neighbor 10.2.2.3 activate
neighbor 10.2.2.3 send-community extended
exit-address-family
!
address-family ipv4 mdt
neighbor 10.2.2.1 activate
neighbor 10.2.2.1 send-community extended
neighbor 10.2.2.3 activate
neighbor 10.2.2.3 send-community extended
exit-address-family
!
address-family ipv4 vrf blue
no synchronization
redistribute rip metric 1
exit-address-family
!
ip pim ssm default
ip pim vrf blue bsr-candidate Serial1/0 0
ip pim vrf blue rp-candidate Serial1/0 group-list 1
!
access-list 1 permit 239.2.2.2
!
R7
config
hostname PE1A
!
ip vrf green
rd 55:2222
route-target export 55:2222
route-target import 55:2222
mdt default 232.2.2.2
!
ip multicast-routing
ip multicast-routing vrf green
ip multicast vrf green rpf proxy rd vector
!
mpls label range 7000 7999
mpls label protocol ldp
!
interface Loopback0
ip address 10.1.1.1 255.255.255.255
ip pim sparse-mode
ip router isis
!
interface Ethernet0/0
ip address 172.30.41.1 255.255.255.0
ip pim sparse-mode
ip router isis
mpls ip
!
interface Serial1/0
ip vrf forwarding green
ip address 172.25.11.1 255.255.255.0
ip pim dense-mode
no fair-queue
serial restart-delay 0
!
router isis
net 49.0000.0000.1111.00
!
router rip
!
address-family ipv4 vrf green
redistribute bgp 1 metric 1
network 172.25.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.1.1.2 remote-as 1
neighbor 10.1.1.2 update-source Loopback0
neighbor 10.1.1.3 remote-as 1
neighbor 10.1.1.3 update-source Loopback0
!
address-family ipv4
no synchronization
neighbor 10.1.1.2 activate
neighbor 10.1.1.3 activate
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community extended
exit-address-family
!
address-family ipv4 mdt
neighbor 10.1.1.2 activate
neighbor 10.1.1.2 send-community extended
neighbor 10.1.1.3 activate
neighbor 10.1.1.3 send-community extended
exit-address-family
!
address-family ipv4 vrf green
no synchronization
redistribute rip
exit-address-family
!
ip pim ssm default
!
R8
config
hostname PE1B
!
ip vrf green
rd 55:2222
route-target export 55:2222
route-target import 55:2222
mdt default 232.2.2.2
!
ip multicast-routing
ip multicast-routing vrf green
ip multicast vrf green rpf proxy rd vector
!
mpls label range 8000 8999
mpls label protocol ldp
!
interface Loopback0
ip address 10.2.2.1 255.255.255.255
ip pim sparse-mode
ip router isis
!
interface Ethernet0/0
ip address 172.30.141.1 255.255.255.0
ip pim sparse-mode
ip router isis
mpls ip
!
interface Serial1/0
ip vrf forwarding green
ip address 172.25.111.1 255.255.255.0
ip pim dense-mode
no fair-queue
serial restart-delay 0
!
router isis
net 49.0000.0000.1111.00
!
router rip
!
address-family ipv4 vrf green
redistribute bgp 2 metric 1
network 172.25.0.0
no auto-summary
version 2
exit-address-family
!
router bgp 2
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 10.2.2.2 remote-as 2
neighbor 10.2.2.2 update-source Loopback0
neighbor 10.2.2.3 remote-as 2
neighbor 10.2.2.3 update-source Loopback0
!
address-family ipv4
no synchronization
neighbor 10.2.2.2 activate
neighbor 10.2.2.3 activate
no auto-summary
exit-address-family
!
address-family vpnv4
neighbor 10.2.2.2 activate
neighbor 10.2.2.2 send-community extended
neighbor 10.2.2.3 activate
neighbor 10.2.2.3 send-community extended
exit-address-family
!
address-family ipv4 mdt
neighbor 10.2.2.2 activate
neighbor 10.2.2.2 send-community extended
neighbor 10.2.2.3 activate
neighbor 10.2.2.3 send-community extended
exit-address-family
!
address-family ipv4 vrf green
no synchronization
redistribute rip
exit-address-family
!
ip pim ssm default
!
R9
config
hostname CE2A
!
ip multicast-routing
!
interface Serial0/0
ip address 172.17.12.10 255.255.255.0
ip pim sparse-mode
ip igmp join-group 239.1.1.1
serial restart-delay 0
!
router rip
version 2
network 172.17.0.0
no auto-summary
!
R10
config
hostname CE2B
!
ip multicast-routing
!
interface Serial0/0
ip address 172.18.22.10 255.255.255.0
ip pim sparse-mode
ip igmp join-group 239.2.2.2
serial restart-delay 0
!
router rip
version 2
network 172.18.0.0
no auto-summary
!
R11
config
hostname CE1A
!
ip multicast-routing
!
interface Serial0/0
ip address 172.25.11.10 255.255.255.0
ip pim dense-mode
ip igmp join-group 239.1.1.1
serial restart-delay 0
!
router rip
version 2
network 172.25.0.0
no auto-summary
!
R12
config
hostname CE1B
!
ip multicast-routing
!
interface Serial0/0
ip address 172.25.111.10 255.255.255.0
ip pim dense-mode
ip igmp join-group 239.2.2.2
serial restart-delay 0
!
router rip
version 2
network 172.25.0.0
no auto-summary
!