Inter-VRF multicast routing

Taoufik.irisi · June 5, 2024, 7:26pm

Hi Team, This is my first time posting a question in this forum and helpfully you can help me out. Here is my design.

Core switch: 2x 9500 configured as Stackwise virtual
Firewall: 2xASA (Active/standby)

In the Core switch we have 2VRFs ( VRF-DATA and VRF-Voice) and in each VRF has multiple VLANs/SVIs.

We do the inter-VRF routing at the ASA and it is working properly, all the routes are static so there is no dynamic routing protocol. We have L3 link between the Core and the ASA for each VRF.

Core --------->ASA: --------> This is a L3 link ( Core: Connect the link to an access port and assign it to a vlan in VRF, ASA: Connect the link to L3 port).

Question:

We have a streaming audio in VRF-Voice and we would like a device in VRF-DATA to receive the multicast traffic. How can I configure the Core and the ASA to allow the multicast traffic to traverse between the VRF-DATA and VRF-Voice.

Thanks in advance.

lagapidis · June 10, 2024, 4:24am

Hello Taoufik

First of all, I want to clarify this point:

My question is, has the ASA been configured with VRFs as well? If so, how is inter-VRF routing established, using VRF route leaking? Or is the ASA configured without VRFs and is simply acting as a “traversal network” (this is my term, not an official term) between the two VRFs created in the Core? Because the configuration on the ASA will affect what solution you will use.

The configuration necessary to achieve this requires several components but depends highly on the configuration of the ASA I mentioned. Can you clarify this point so that we can help you further!

Thanks!

Laz

Taoufik.irisi · June 10, 2024, 12:36pm

Thanks for your Reply Laz,
Correct there is no inter-vrf routing configued in the ASA. We have uplinks from the Core to ASA for each VRF.

lagapidis · June 15, 2024, 5:58am

Hello Taoufik

Thanks for the additional information. With your current setup, if I’m not mistaken, you have unicast traffic being exchanged between the VRFs via the ASA. Since you have two VRFs on the Core switches, and I assume you haven’t introduced VRF route leaking, then the ASA routes between the VRFs.

If that is the case, and you want to establish multicast between the VRFs as well, at least for this one device in VRF-DATA, then you can use the ASA to do this. I am assuming that multicast has already been configured on the Core devices. The general steps you should take to achieve this include:

Configure multicast on each of the VRFs in your cores
Configure PIM on the L3 links between the core and ASAs
Configure multicast routing on the ASA
Now to configure the multicast routing to take place between VRFs, you will probably want to create some static multicast routes and PIM configurations to forward multicast traffic, especially if you want that traffic to be forwarded only for a particular host in VRF_DATA. For example:

ASA(config)# mroute 224.0.0.0 255.0.0.0 Gi0/0
ASA(config)# mroute 224.0.0.0 255.0.0.0 Gi0/1

You would also need to configure a multicast access list like this:

ASA(config)# access-list multicast-traffic extended permit ip any 224.0.0.0 255.0.0.0

These are just some guidelines that will hopefully help you to apply and troubleshoot the solution. Let us know how you get along!

I hope this has been helpful!

Laz