Single-autonomous system (AS) multicast domain (MD) VPN isolates multicast services of different VPNs in the same AS.
On the network shown in Figure 1, a single AS runs MPLS/BGP VPN. Both PE 1 and PE 2 have two VPN instances configured: VPN BLUE and VPN RED. The RED instances have the same share-group address, use the same share-MDT, and belong to the same MD. The BLUE instances have the same share-group address, use the same share-MDT, and belong to the same MD.
The following example uses VPN BLUE to describe how multicast services are isolated between VPNs.
After a share-multicast distribution tree (MDT) is established for the BLUE instances, the two BLUE instances connected with CE 1 and CE 2 exchange multicast protocol packets through a multicast tunnel (MT).
Multicast devices in the BLUE instances can then establish neighbor relationships, and send Join, Prune, and BSR messages to each other. The protocol packets in the BLUE instances are encapsulated and decapsulated only on the MTs of the PEs. The PEs are unaware they are on VPN networks, so they process the multicast protocol packets and forward multicast data packets like devices on a public network. Multicast data is transmitted in the same MD, but isolated from VPN instances in other MDs.