Multicast over L3 SFVPN


Hi, we have a customer requesting GRE over the VPN so that they can establish OSPF adjacency between networks. Unknown unicast and other broadcast is not permitted by their RFP so L2 sfvpn is not workable.


I think PepVPN should meet the requirement if OSPF adjacency is needed. Anyway, can you share how the connectivity looks like?


HI TK, thanks for your attention.
Does peplink L3 SFVPN forward packets with destination multicast addresses? (in this case,


Must the adjacency be done between the CPE routers? If not, you just need to add the Peplink’s LAN interface into OSPF Area 0 (Network > OSPF & RIPv2 > Area). Then routes will be advertised between the CPE routers.

If the adjacency between CPE router is necessary, this will back to the request below:

Do you mean both CPE routers will establish a GRE tunnel over SpeedFusion? Then multicast traffic will be travel in the GRE tunnel? If so, this is supported.


The customer want their CPE to form adjacency (No intermediate OSPF neighbors), the point is that they want a transport network which allows them to control their own L3 without interaction with our devices.


Please help to answer my question. If this is true, then you have no issue to run Multicast over L3 SFVPN (In fact, the multicast traffic runs in the GRE tunnel).



Sorry TK,
No. The customer does not want to set up GRE to transport the multicast. They want our Peplink CPE to forward the multicast instead.
I can only see that possible in two cases:

  1. L2 SFVPN
  2. Mutilcast forwarding in the SFVPN

Thanks. I understand your position. You are correct.



Can you provide more info for the description given previously ?
“broadcast is not permitted by their RFP so L2 sfvpn is not workable”

Do you mean broadcast is not allow/permitted in WAN level ?
CPE <—> WAN <–> CPE (Broadcast traffics shouldn’t send direct to ISP ?)

Basically when L2SF is enabled, traffics is encapsulated & encrypted via PepVPN, thus you will only find TCP32015 & UDP 4500 forwarded at ISP level. This is not permitted design for the RFP ?

CPE -->Broadcast–> Balance <–> ISP—PepVPN (Encapsulated & Encrypted)—ISP <-- Balance <–Broadcast-- CPE

This is a very common design for a lot of Enterprise network :thumbsup: as long as the broadcast traffics is not directly forwarded to the WAN network.