Realizing The Hub And Spoke Topology - Cisco ASR 9000 Series Configuration Manual

Multicast VPN Hub and Spoke Topology
• Spoke sites of a VPN customer do not need any connectivity between spoke sites. Hubs can send and
receive traffic from all sites but spoke sites can send or receive traffic only to or from Hub sites.

Realizing the Hub and Spoke Topology

Hub and Spoke implementation leverages the infrastructure built for MVPN Extranet. The regular MVPN
follows the model in which packets can flow from any site to the other sites. But Hub and Spoke MVPN will
restrict traffic flows based on their subscription.
A site can be considered to be a geographic location with a group of CE routers and other devices, such as
server farms, connected to PE routers by PE-CE links for VPN access. Either every site can be placed in a
separate VRF, or multiple sites can be combined in one VRF on the PE router.
By provisioning every site in a separate VRF, you can simplify the unicast and multicast Hub and Spoke
implementation. Such a configuration brings natural protection from traffic leakage - from one spoke site to
another. Cisco IOS XR Software implementation of hub and spoke follows the one- site-to-one VRF model.
Any site can be designated as either a hub or spoke site, based on how the import or export of routes is setup.
Multiple hub and spoke sites can be collated on a given PE router.
Unicast Hub and Spoke connectivity is achieved by the spoke sites importing routes from only Hub sites, and
Hub sites importing routes from all sites. As the spoke sites do not exchange routes, spoke to spoke site traffic
cannot flow. If interspoke connectivity is required, hubs can choose to re-inject routes learned from one spoke
site into other spoke site.
MVPN Hub and Spoke is achieved by separating core tunnels, for traffic sourced from hub sites, and spoke
sites. MDT hub is the tunnel carrying traffic sourced from all Hub sites, and MDT spoke carries traffic sourced
from all spoke sites. Such tunnel end-points are configured on all PEs participating in hub and spoke topology.
If spoke sites do not host any multicast sources or RPs, provisioning of MDT Spoke can be completely avoided
at all such routers.
Once these tunnels are provisioned, multicast traffic path will be policy routed in this manner:
1 Hub sites will send traffic to only MDT Hub.
2 Spoke sites will send traffic to only MDT Spoke.
3 Hub sites will receive traffic from both tunnels.
4 Spoke sites will receive traffic from only MDT Hub.
These rules ensure that hubs and spokes can send and receive traffic to or from each other, but direct spoke
to spoke communication does not exist. If required, interspoke multicast can flow by turning around the traffic
at Hub sites.
These enhancements are made to the Multicast Hub and Spoke topology in Cisco IOS XR Software Release
4.0:
• Auto-RP and BSR are supported across VRFs that are connected through extranet. It is no longer restricted
to using static RP only.
• MP-BGP can publish matching import route-targets while passing prefix nexthop information to RIB.
• Route policies can use extended community route targets instead of IP address ranges.
• Support for extranet v4 data mdt was included so that data mdt in hub and spoke can be implemented.
Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide, Release 6.0.x
106
Implementing Layer-3 Multicast Routing on Cisco IOS XR Software