Networking stuff | findings from experience…

Single post

PIM SSM through Nexus VPC

Cisco does not support PIM SSM on Nexus switches when receivers are connected to a VPC domain, as documented here. The official solution is to enable Fabric path.
However, this requires additional licensing and maybe some fundamental design changes.
The good news is : even though Fabric path is not an option, it is possible to make PIM SSM work through a VPC domain.

The problem : when hosts or routers are connected to a pair of L3 Nexus switches through a VPC, they see a single logical L2 switch but two different routers.
Consequently, the client router/host ends up receiving a scrambled and duplicated flow.

Note : PIM Assert mechanism does not help because egress interface is a vPC, not a shared LAN.

The solution : modify RPF on one of the vPC peers and disable PIM on L3 interfaces between vPC peers.

Setup environment :

  • Multicast source is connected to a VPC domain, either directly or through a PIM router.
  • Both VPC peers are L3 and PIM SSM enabled
  • Multicast receivers are directly attached through a L2 switch, or an L3 PIM switch router.

Control plane operations :

  1. receivers send IGMPv3 membership reports,
  2. L2 switch programs IGMP snooping entry, and forwards IGMPv3 membership on one of the attached port-channel member – L3 switch programs IGMP S,G state, and sends a PIM S,G Join message on one of the attached port-channel member
  3. vPC peer receiving IGMPv3 membership (resp PIM S,G Join) creates an S,G PIM state and sends according info to its peer using  CFS for VPC synchronisation purposes
  4. both VPCpeers send PIM S,G Join message to upstream RPF router
  5. L3 switch attached to the source sends a S,G PIM Join message to the multicast source.

Data plane operations :

  1. Source sends traffic
  2. L3 switch forward multicast flows according to OIL programming : both VPC peers receive the flow.
  3. both VPC peer forward the multicast flow according to OIL
  4. L2 (resp L3) switch acts as a merge point and duplicates flows towards receivers, according to IGMP snooping table (resp PIM S,G state).Packets are duplicated and service is unusable.

Description of the solution :
Control plane operations :

  1. receivers send IGMPv3 membership reports,
  2. L2 switch programs IGMP snooping entry, and forwards IGMPv3 membership on one of the attached port-channel member – L3 switch programs IGMP S,G state, and sends a PIM S,G Join message on one of the attached port-channel member
  3. vPC peer receiving IGMPv3 membership (resp PIM S,G Join) creates an S,G PIM state and sends according info to its peer using  CFS for VPC synchronisation purposes
  4. one of the VPCpeers send PIM S,G Join message to upstream RPF router – the other one cannot build RPF since PIM is not enabled on the L3 interconnection between VPC peers. When primary switch is down, RPF is built by the remaining switch, using 4b path.
  5. L3 switch attached to the source sends a S,G PIM Join message to the multicast source.

 


Data plane operations :

  1. Source sends traffic
  2. L3 switch forward multicast flows according to OIL programming : only one of the VPC peers receive the flow.
  3. Multicast active VPC peer forward the multicast flow according to OIL
  4. L2 (resp L3) switch flows towards receivers, according to IGMP snooping table (resp PIM S,G state).Packets are not duplicated and service is working.
    In case of failure, backup data path goes through 2b>3b

I have not given too much details regarding RPF modification since it is only regular routing to the source, and thus can be achieved by using classic unicast routing, either static or dynamic.

I have used this workaround several times and it works perfectly.

minor drawback : multicast flows coming from a specific source are forwarded by one of the vPC peers only (the other one is standby).
Thus we cannot achieve load sharing with the same granularity as we do for unicast flows. 

21 Avr 2014

There are no comments for PIM SSM through Nexus VPC

Laisser un commentaire

  • Google add

  • Commentaires récents

    • Latest Tweets

    • Archives