1-7How MD-VPN WorksThis section describes the implementation principle of the MD-VPN technology, including establishmentof a share-MDT, packet delivery over it, and implementation of multi-AS MD-VPN.For a VPN instance, multicast data transmission in the public network is transparent. The MTIs at thelocal PE device and the remote PE device form a channel for the seamless transmission of privatenetwork data over the public network. All that is known to the VPN instance is that the VPN data is sentout the MTI and then the remote site can receive the data through the MTI. Actually, the multicast datatransmission process (the MDT transmission process) over the public network is very complicated.Share-MDT EstablishmentThe multicast routing protocol running in the public network can be PIM-DM, PIM-SM, or PIM-SSM. Theprocess of creating a share-MDT is different in these three PIM modes.Share-MDT establishment in a PIM-DM networkFigure 1-5 Share-MDT establishment in a PIM-DM networkAs shown in Figure 1-5, PIM-DM is enabled in the network and all the PE devices support VPN instanceA. The process of establishing a share-MDT is as follows:The public instance on PE 1 initiates a flood-prune process in the entire public network, with the BGPinterface address (namely the interface address used to establish the BGP peer) as the multicastsource address and the share-group address as the multicast group address. All the other PE devicesthat are running VPN instance A are group members, so that a (11.1.1.1, 239.1.1.1) state entry iscreated on each device along the path in the public network. This forms an SPT with PE 1 as the root,and PE 2 and PE 3 as leaves.At the same time, PE 2 and PE 3 respectively initiate a similar flood-prune process. Finally, threeindependent SPTs are established in the MD. In the PIM-DM network, these independent SPTsconstitute a share-MDT.