Architecture Documentation

1.2 OpenContrail Controller and the vRouter

Multiprotocol Label Switching
All routers in the underlay network both the physical router S1 and S2 and the virtual routers vRouter 1 and vRouter 2 participate in some routing protocol such as OSPF. The OpenContrail vRouter is conceptually similar to existing commercial and open source vSwitches such as for example the Open vSwitch OVS but it also provides routing and higher layer services hence vRouter instead of vSwitch. You can read more on IPSecurity on Firewall. Thank you very much. Instead, you can configure MLD proxying on these devices. No Community Members Cluster: Telcos often sell Frame Relay to businesses looking for a cheaper alternative to dedicated lines ; its use in different geographic areas depended greatly on governmental and telecommunication companies' policies.

Navigation menu

Layer 2 VPN Architectures

No technical knowledge is required. Windows, Mac, iOS and Android. Sign up, install, and press connect. You are accessing the internet from Canada , region Quebec and from the following IP address The affordable, customer-friendly VPN service. Easy to install and use. Last sold 41sec ago. Last sold 20min ago. This method is by far less secure than the previous one examined. IPSec encryption occurs from the PE routers onwards, leaving the rest of the network unencrypted and therefore not providing true VPN security.

Thousands of Enterprise customers are moving from the old and expensive leased-line solutions to the much cheaper MPLS VPN alternative for all the previously mentioned reasons. A typical scenario is a customer with two sites that require connectivity between each other. The configuration is performed on the Customer Edge routers to create an IPSec tunnel between the two sites. In most cases, the end result is pretty much the same as any MPLS network, but one could argue about the security offered by such a setup, especially when the CE routers are directly connected to the Internet.

Tests performed by large vendors such as Cisco Systems have proven that the security provided in these solutions is directly comparable with that of an MPLS VPN, considering of course proper configuration of the CE routers has been performed. Companies seeking to cut costs on data telecommunication services are already moving to this new trend which has become extremely popular in Europe and Asia. This article was written by Chris Partsenidis, for Techtarget.

Deal with bandwidth spikes Free Download. Network Analyzer Free Download. Web Vulnerability Scanner Free Download. To configure a port as a simulated member host: Step Command Remarks Enter system view. Then, the port forwards the data to attached receiver hosts. The receiver hosts will receive multicast data that it does not want to receive. To avoid mistakenly deleting multicast group members, make sure the IGMP general query interval is greater than the maximum response time for IGMP general queries.

Configuration prerequisites Before you configure parameters for IGMP messages, complete the following tasks: For IGMP packets created by the priority device, the For IGMP packets to be forwarded, the device does not change the Enabling multicast source port filtering This feature enables the device to discard all multicast data packets and to accept multicast protocol packets.

You can enable this feature on ports that connect only to multicast receivers. You can enable this feature for the specified ports in IGMP-snooping view or for a port in interface view. Enabling multicast group replacement This feature enables the device to replace an existing group with a newly joined group when the number of groups exceeds the upper limit. This feature is typically used in the channel switching application.

Without this feature, the device discards IGMP reports for new groups, and the user cannot change to the new channel. Displaying and maintaining IGMP snooping Execute display commands in any view and reset commands in user view. Configure a multicast group policy and simulated joining to meet the following requirements: Enable the IGMP snooping feature. Configure static ports to meet the following requirements: Router ports 1 in total: Received error IGMP messages: Solution To resolve the problem: Use the display igmp-snooping command to display IGMP snooping status.

In this way, the multicast data can be forwarded to only the ports that are interested in the data. Figure 18 Multicast packet transmission without or with PIM snooping Multicast packet transmission Multicast packet transmission when Enable IP multicast routing. When Switch A Layer 3 device receives multicast data for that group, it sends three copies of the multicast data to Switch B Layer 2 device. Perform one of the following tasks: Step Command Remarks view.

Configuration prerequisites Before you configure a port-based multicast VLAN, complete the following tasks: Displaying and maintaining multicast VLANs Execute display commands in any view and reset commands in user view.

Display information about multicast display multicast-vlan group [ source-address group-address groups in multicast VLANs. Host ports 3 in total: Configuring multicast routing and forwarding Overview The following tables are involved in multicast routing and forwarding: RPF check implementation in multicast Implementing an RPF check on each received multicast packet brings a big burden to the router.

The use of a multicast forwarding table is the solution to this issue. When the router creates a multicast forwarding entry for an S, G packet, it sets the RPF interface of the packet as the incoming interface of the S, G entry. In this case, the S, G entry is correct, but the packet traveled along a wrong path.

Static multicast routes Depending on the application environment, a static multicast route can change an RPF route or create an RPF route. Device A encapsulates the multicast data in unicast IP packets, and forwards them to Device B across the tunnel through unicast routers.

Configuring multicast routing and forwarding Before you configure multicast routing and forwarding, complete the following tasks: Configuring static multicast routes To configure a static multicast route for a given multicast source, you can specify an RPF interface or an RPF neighbor for the multicast traffic from that source. Configuring multicast load splitting You can enable the device to split multiple data flows on a per-source basis or on a per-source-and-group basis.

This optimizes the traffic delivery. To configure multicast load splitting: Task Command display multicast [ vpn-instance vpn-instance-name ] Display static multicast routing entries. Configure a static multicast route: On Switch A, enable multicast routing. Downstream interface s information: Total number of downstreams: IGMP has the following versions: After receiving a query message, the host whose report delay timer expires first sends an IGMP report to multicast group G1 to announce its membership for G1.

After receiving the leave message, the querier sends a configurable number of IGMP group-specific queries to the group that the host is leaving. Both the destination address field and the group address field of the message are the address of the multicast group that is being queried. It also introduces IGMP group-and-source-specific queries. A general query does not carry a group address or a source address. To specify an IGMP version: Hosts attached to the ipv4-acl-number policy.

This feature does not process IGMPv3 messages. For more information, see "Enabling multicast forwarding on a non-querier interface. Step Command Remarks By default, multicast load splitting is disabled, and only the proxy Enable multicast load splitting. Receiver hosts of different organizations form stub networks N1 and N2.

Other querier present time for IGMP: Configuration procedure Assign an IP address and subnet mask to each interface, as shown in Figure On Switch D, enable IP multicast routing. Use the display current-configuration command to verify the IGMP information on the interfaces. Make sure the routers on the subnet have the same IGMP settings on their interfaces.

Use the display igmp interface command on all routers on the same subnet to verify the IGMP-related timer settings. PIM uses the underlying unicast routing to generate a multicast routing table without relying on any particular unicast routing protocol. An S, G entry contains a multicast source address S, a multicast group address G, an outgoing interface list, and an incoming interface. A prune process is initiated by a leaf router. As a result, the downstream node Router C receives two identical multicast packets.

An advertisement message contains the address of the advertising C-RP and the multicast group range to which it is designated. It is also known as RPA. The multicast source S sends the first multicast packet to the multicast group G. When receiving the multicast packet, the source-side DR encapsulates the packet into a PIM register message and unicasts the message to the RP.

When the RP receives multicast traffic, it sends an S, G source-specific join message toward the multicast source. The subsequent multicast data is forwarded to the RP along the SPT without being encapsulated into register messages. DF election On a subnet with multiple multicast routers, duplicate multicast packets might be forwarded to the RP. Only the DFs can forward multicast data to the RP. DF election is not necessary for an RPL.

When a receiver wants to join the multicast group G, it uses an IGMP message to inform the directly connected router. When a multicast source sends multicast packets to the multicast group G, the DF in each subnet unconditionally forwards the packets to the RP.

Multicast group ranges that are associated with different admin-scoped zones can have intersections. However, the multicast groups in an admin-scoped zone are valid only within the local zone, and theses multicast groups are regarded as private group addresses. The global-scoped zone maintains a BSR for the multicast groups that do not belong to any admin-scoped zones.

They send IGMPv3 report messages to their DRs to express their interest in the multicast information that the multicast source S sends to the multicast group G. G is in the A multicast source is SSM group range? Enabling the state refresh feature Optional. Configuring state refresh parameters Optional. Configuring common PIM features Configuration prerequisites Before you configure PIM-DM, configure a unicast routing protocol so that all devices in the domain can interoperate at the network layer.

Configuring state refresh parameters The state refresh interval determines the interval at which a router sends state refresh messages. Return to system view. BSR does not receive any advertisement message when the timer expires, it considers the C-RP failed or unreachable. It is used to guard against C-RP spoofing. The rest of the interface addresses become backup RP member addresses.

To configure Anycast RP: For more information about static multicast routes, see "Configuring multicast routing forwarding. Disabling the device from forwarding BSMs out of their incoming interfaces By default, the device forwards BSMs out of their incoming interfaces to avoid the situation that some devices cannot receive the BSMs because of inconsistent routing information.

Configure the device to By default, the device calculates calculate the checksum the checksum based on the Disabling the device from forwarding BSMs out of their incoming interfaces Optional. Configuring a static RP If only one dynamic RP exists on a network, you can configure a static RP to avoid communication interruption caused by single-point failures. Configure a PIM domain By default, an interface is not a pim bsr-boundary border.

Configuring the SSM group range Optional. Configuration procedure To configure an SSM group range: Configuring a multicast source policy The device does not source-policy ipv4-acl-number policy. Otherwise, the upstream router cannot track join messages from every downstream routers.

The following are common timers in PIM: Set the hello interval. The default setting is 30 seconds. The default setting is 5 seconds. This configuration takes effect pim timer join-prune interval after the current interval ends. Configuration restrictions and guidelines When you enable PIM passive mode, follow these restrictions and guidelines: Displaying and maintaining PIM Execute display commands in any view and reset commands in user view.

The receiver groups of different organizations form stub networks, and one or more receiver hosts exist on each stub network.

Troubleshooting

Leave a Reply