Multicast over L3 SFVPN

DKonkin · January 4, 2017, 2:25am

Hi, we have a customer requesting GRE over the VPN so that they can establish OSPF adjacency between networks. Unknown unicast and other broadcast is not permitted by their RFP so L2 sfvpn is not workable.
Thanks
Dana

TK_Liew · January 4, 2017, 6:30pm

I think PepVPN should meet the requirement if OSPF adjacency is needed. Anyway, can you share how the connectivity looks like?

DKonkin · January 5, 2017, 12:10am

HI TK, thanks for your attention.
Does peplink L3 SFVPN forward packets with destination multicast addresses? (in this case, 224.0.0.5)

TK_Liew · January 5, 2017, 6:31pm

Must the adjacency be done between the CPE routers? If not, you just need to add the Peplink’s LAN interface into OSPF Area 0 (Network > OSPF & RIPv2 > Area). Then routes will be advertised between the CPE routers.

If the adjacency between CPE router is necessary, this will back to the request below:

Do you mean both CPE routers will establish a GRE tunnel over SpeedFusion? Then multicast traffic will be travel in the GRE tunnel? If so, this is supported.

DKonkin · January 6, 2017, 1:19am

HI,
The customer want their CPE to form adjacency (No intermediate OSPF neighbors), the point is that they want a transport network which allows them to control their own L3 without interaction with our devices.
Cheers
Dana

TK_Liew · January 8, 2017, 7:14pm

Please help to answer my question. If this is true, then you have no issue to run Multicast over L3 SFVPN (In fact, the multicast traffic runs in the GRE tunnel).

Thanks.

DKonkin · January 9, 2017, 1:51am

Sorry TK,
No. The customer does not want to set up GRE to transport the multicast. They want our Peplink CPE to forward the multicast instead.
I can only see that possible in two cases:

L2 SFVPN
Mutilcast forwarding in the SFVPN

Thanks. I understand your position. You are correct.
Dana

sitloongs · January 9, 2017, 8:59pm

@DKonkin

Can you provide more info for the description given previously ?
“broadcast is not permitted by their RFP so L2 sfvpn is not workable”

Do you mean broadcast is not allow/permitted in WAN level ?
CPE <—> WAN ↔ CPE (Broadcast traffics shouldn’t send direct to ISP ?)

Basically when L2SF is enabled, traffics is encapsulated & encrypted via PepVPN, thus you will only find TCP32015 & UDP 4500 forwarded at ISP level. This is not permitted design for the RFP ?

CPE -->Broadcast–> Balance ↔ ISP—PepVPN (Encapsulated & Encrypted)—ISP ← Balance <–Broadcast-- CPE

This is a very common design for a lot of Enterprise network as long as the broadcast traffics is not directly forwarded to the WAN network.

Primdas_Suhandra9381 · January 10, 2024, 4:47am

Hi TK,

From your statment : “” then you have no issue to run Multicast over L3 SFVPN"" is it mean L3 SFVPN support multicast or need to create GRE tunnel ?

Thanks and regards

Primdas

TK_Liew · January 10, 2024, 8:16am

@Primdas_Suhandra9381, please read my full statement here. For the case we discussed in this thread, multicast will be carried within the GRE tunnel (over Layer 3 SpeedFusion tunnel).

If you need to carry multicast over SpeedFusion, please consider using Layer 2 SpeedFusion.

Primdas_Suhandra9381 · January 10, 2024, 8:30am

Ok TK,

Thanks

Is there any documentation or manual of multicast network with L2PepVPN ? i need to setup customer network with B 305 and 12 Balance 20X that support data and multicast. Right now i have sample configuration from Edwin Sanders.

Thanks and regards
Primdas

TK_Liew · January 10, 2024, 9:24am

@Primdas_Suhandra9381, please refer to this KB - Setting up a Layer 2 PepVPN Profile in Firmware 6.2 Onwards to setup Layer 2 SpeedFusion. Peplink devices will act as Layer 2 switches after Layer 2 SpeedFusion is established. Then multicast will be functioning in layer 2 environment.