Strict rpf check for multicast protocols, Gre support with other features, Support for ecmp for routes through a gre tunnel – Brocade FastIron Ethernet Switch Layer 3 Routing Configuration Guide User Manual

Support for IPv4 multicast routing over GRE tunnels

PIM-DM and PIM-SM Layer 3 multicast protocols and multicast data traffic are supported over GRE
tunnels. When a multicast protocol is enabled on both ends of a GRE tunnel, multicast packets can be
sent from one tunnel endpoint to another. To accomplish this, the packets are encapsulated using the
GRE unicast tunneling mechanism and forwarded like any other IPv4 unicast packet to the destination
endpoint of the tunnel. The router that terminates the tunnel (i.e., the router where the tunnel endpoint is
an ingress interface) de-encapsulates the GRE tunneled packet to retrieve the native multicast data
packets. After de-encapsulation, data packets are forwarded in the direction of its receivers, and control
packets may be consumed. This creates a PIM-enabled virtual or logical link between the two GRE
tunnel endpoints.

Strict RPF check for multicast protocols

IronWare software enforces strict Reverse Path Forwarding (RPF) check rules on an (s,g) entry on a
GRE tunnel interface. The (s,g) entry uses the GRE tunnel as an RPF interface. During unicast routing
transit, GRE tunnel packets may arrive at different physical interfaces. The strict RPF check limits GRE
PIM tunnel interfaces to accept the (s,g) GRE tunnel traffic.

NOTE
For the SX-FI624C, SX-FI624P, SX-FI624HF, and the SX-FI62XG modules loopback ports are required
for de-encapsulating the GRE tunneled packet. On these hardware devices, when the GRE-
encapsulated multicast packet is received, the unicast GRE mechanism takes care of de-encapsulating
the packet. The packet then egresses and re-ingresses the tunnel interface loopback port as the native
multicast packet. The hardware RPF check is done, not on the tunnel interface directly, but on the
loopback port - the hardware compares this port number with the port number configured in the
Multicast table (s,g) entry. If they match, the packet is routed. Otherwise it is sent to the CPU for error
processing. In unicast, it is permissible for multiple tunnel interfaces to use a single loopback port.
However, in multicast, this will not allow the hardware to determine the tunnel interface that the packet
was received on in order to do an RPF check. Therefore, when IPv4 Multicast Routing is enabled on a
GRE tunnel, the tunnel interface must have a dedicated loopback port.

GRE support with other features

This section describes how GRE tunnels may affect other features on FSX, FCX, and ICX6610 devices.

Support for ECMP for routes through a GRE tunnel

Equal-Cost Multi-Path (ECMP) load sharing allows for load distribution of traffic among available routes.
When GRE is enabled, a mix of GRE tunnels and normal IP routes is supported. If multiple routes are
using GRE tunnels to a destination, packets are automatically load-balanced between tunnels, or
between tunnels and normal IP routes.

ACL, QoS, and PBR support for traffic through a GRE tunnel

NOTE
PBR and ACL filtering for packets terminating on a GRE tunnel is not supported on FCX devices.
However, PBR can be used to map IP traffic into a GRE tunnel, but it cannot be used to route GRE
traffic. On FCX devices, QoS support for GRE encapsulated packets is limited to copying DSCP values
from the inner header onto the outer header.

Support for IPv4 multicast routing over GRE tunnels

FastIron Ethernet Switch Layer 3 Routing Configuration Guide

115

53-1003087-04