1 / 16

v4-over-v6 MVPNs

v4-over-v6 MVPNs. 4-over-6 MVPNs Objectives. CE based service Offered as a IPv6 core service Automatic detection of member CE routers No new protocol developments or modifications (ie yet one more BGP mod…) Precise replication of multicast traffic to only member Ces

marypaige
Download Presentation

v4-over-v6 MVPNs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. v4-over-v6 MVPNs

  2. 4-over-6 MVPNsObjectives • CE based service • Offered as a IPv6 core service • Automatic detection of member CE routers • No new protocol developments or modifications (ie yet one more BGP mod…) • Precise replication of multicast traffic to only member Ces • No address collision between VPN customers group address assignments • Unicast VPN services could use the same solution.

  3. 4-over-6 MVPNsHighlights • CE-managed service. • ISP based PE and P routers just run IPv6 and PIM • No PE and P additional configuration or functionality • ISP infrastructure uses IPv6 PIM so precise multicast replication can be performed among the VPN sites. • Each VPN customer is assigned an IPv6 Multicast scoped prefix • The high-order bits are used to create a Multipoint tunnel used between the VPN customer sites so dynamic discovery of CE devices can occur. • Broadcasting over the tunnel is realized by using IPv6 multicast in the underlying network. • ARP is used to realize the underlying tunnel endpoint. • ARP over the multipoint tunnel for a VPN-based next-hop (on the tunnel's subnet) and the hardware address returned is a CE IPv6 address internal to the core.

  4. 4-over-6 VPNs • IPv6 PIM runs in the core. • PIM runs with the IGP at each site as well as over the multipoint tunnel. • Sending IGP and PIM Hellos are "broadcasted" over the tunnel. • only the CE routers will get the packets (the underlying network will multicast to the correct places only). • IPv6 multicast encapsulated ‘L2’ interconnecting remote customer networks • CE routers are simply configured with an underlying IPv6 multicast address (and possibly a key so the tunnel can be IPsec) to identify the multipoint tunnel for the VPN.

  5. 4-over-6 VPNsPacket Forwarding • Unicast packets are forwarded at the customer site as IPv4 packets to the edge of the network following the IPv4 default route. • CE routers will encapsulate the IPv4 packets in IPv6 and send to the hardware address learned for the multipoint tunnel. • Destination CE router will decapsulate and forward on inside IPv4 header to unicast destination. • Multicast can run in any of ASM, SSM, and Bidir mode. For ASM and Bidir, the RP can be located at any of the VPN sites. • For joining SSM channels, the member in the receiver site will join a (S,G) which are IPv4 addresses. • The IGP routing within the VPN allows the PIM join to travel to the edge and over the multipoint tunnel. VPN internal multicast state is setup via normal IPv4 PIM.

  6. 4-over-6 VPNsPacket Forwarding • Forwarding to receiver sites could be a subset of all VPN sites, so you want to have precise replication/forwarding and don't want the IPv4 multicast packets to go over the multipoint tunnel. • Possibly triggered to limit core state explosion • The CE router(s) in the receiver sites will take the IPv4 PIM (S,G) join (? - after sending it over the multipoint tunnel - ?) and build an IPv6 PIM (S,G) join. • S is the underlying IPv6 address of the CE router at the source site and G is a group address derived from the IPv4 (S,G) address. • The IPv6 group address could be ff18:vvvv:ssss:ssss:gggg:gggg::x where s and g are the nibbles of the IPv4 (S,G) address and vvvv is a 16-bit VPN ID value - same 16-bit VPN ID value used for the multipoint ARP tunnel • The 16 bit prefix can be one of several possibilities: ff05, ff08, or could possibly have an new scope ID assignment. The T flag may also be 1.

  7. 4-over-6 VPNsPacket Forwarding • The IPv6 (S,G) route in the core allows precise replication for the multicast flow. • IPv6 group address is globally unique because the VPN ID is included in the address. • For debugging purposes in the core, you know the IPv4 (S,G) address since it is embedded in the IPv6 group address. • The same infrastructure can be used for both unicast and multicast VPN services.

  8. CE PE P P CE PE CE P PE CE CE PE 4-over-6 VPNs IPv4 Customers Customer A IPv6 Core Customer A Customer B Customer B IPv6 multicast address is assigned per VPN customer with the embedded VPN ID vvvv: ff18:vvvv:: Customer A

  9. CE PE P P CE PE PE P CE CE CE PE ff18:vvvv:: 4-over-6 VPNs IPv4 Customers Customer A IPv6 Core Customer A Customer B Customer B Multipoint tunnel using the VPN ID IPv6 multicast address is used for dynamic discovery of CE devices Customer A

  10. CE PE P P CE PE PE P CE CE CE PE ff18:vvvb:: 4-over-6 VPNs IPv4 Customers Customer A IPv6 Core Customer A Customer B Customer B ARP over the tunnel for a VPN-based next-hop (on the tunnel's subnet) and the hardware address returned is a IPv6 address internal to the core. Customer A

  11. ff18:vvvr:: CE PE PE PE P P CE PE CE CE CE P ff18:vvvb:: 4-over-6 VPNs IPv4 Customers Customer A IPv6 Core Customer A Customer B Customer B Each VPN customer is assigned a unique VPN ID IPv6 core-scoped multicast address. Customer A

  12. CE CE P PE PE CE P P CE PE CE PE 4-over-6 VPNs V4 (S,G) join IPv4 Customers V6 (S,G) join Customer A IPv6 Core Customer A Sv4 Customer B Customer B Receiver sends v4 (S,G) join Receiver CE converts v4 (S,G) join to core v6 (S,G) join where: S = Source CE IPv6 core address G = ff18::vvvb::Sv4:Gv4:xxxx Customer A

  13. PE CE P P CE PE PE P CE CE CE PE 4-over-6 VPNs V4 (S,G) join IPv4 Customers V6 (S,G) join Customer A IPv6 Core Customer A Sv4 Customer B Customer B Receiver PE converts v6 (S,G) join back into v4 (S,G) join using the Sv4 and Gv4 learned from the embedded addresses of the V6 join. Customer A

  14. CE P PE PE CE P P CE PE CE PE CE 4-over-6 VPNs V4 (S,G) join IPv4 Customers V6 (S,G) join Customer A IPv6 Core Customer A Sv4 Customer B Customer B Precise multicast state is maintained inside the V6 core. No address collisions between VPN customers. Customer A Data only travels to interested VPN edge sites.

  15. PE CE P P CE PE PE P CE CE CE PE 4-over-6 VPNs V4 (S,G) join IPv4 Customers V6 (S,G) join Customer A IPv6 Core Customer A Sv4 Customer B Customer B Because the VPN customer IGP runs over the same VPN ID core-scoped multicast group, and the CE endpoints are all known (automatically) the same infrastructure can support BOTH mcast and ucast VPN services Customer A

  16. Thank You Greg Shepherd shep@cisco.com

More Related