[c-nsp] MPLS VPN traffic engineering tunnel selection

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Thu Apr 10 09:08:42 EDT 2008


Peter,

this was just recently discussed on the list, check out the thread
"Cisco 10K MPLS VPN", for example at
http://www.gossamer-threads.com/lists/cisco/nsp/83117
Let me know if you need more info..

	oli
 
Peter Rathlev <> wrote on Thursday, April 10, 2008 2:35 PM:

> Hi,
> 
> I have this really "simple" thing about MPLS TE that I don't
> understand. I have TE working nicely-ish in the lab with no problems,
> but I'm missing a crucial part in my understanding of the MPLS VPN +
> TE combination.
> 
> The setup is as follows:
> 
>          +-----+             +-----+
> +-----+  |     |-------------|     |  +-----+
>> CE1 |--| PE1 |   +----+    | PE2 |--| CE2 |
> +-----+  |     |---| P1 |----|     |  +-----+
>          +-----+   +----+    +-----+
> 
> It's ISIS for an IGP. PE's and P are all 6500/Sup720 running SXF.
> Regular MPLS VPN (rfc2547) works with no problems. TE configuration
> went smooth too, having what seems like all the right information in
> the ISIS database. For PE-CE I tried both BGP and static routing.
> 
> I tested MPLE TE explicit path, and it works like a charm. Natural
> path (PE1 directly to PE2) is replaced by an explicit path through
> P1. I haven't tested CBR yet, but can't see why it shouldn't work.
> 
> Now to the problem: What I don't understand is how I can use a tunnel
> selectively in a specific VRF. Right now, any traffic from PE1 to PE2
> uses the tunnel. In "regular" MPLS VPN, a prefix from CE2 looks
> something like "impose {X Y}" on PE1, with X and Y being VPN and
> next-hop/loopback-labels. Using explicit path, I get "impose {Z Y}",
> with Z being the new LSP to PE2 through the tunnel. That works fine,
> but I would like to have only e.g. VRF A use a specific path, not all
> MPLS traffic between PEs. And I really can't seem to find out how
> that's accomplished.
> 
> I tried (creatively) something like:
> 
> ip route vrf A 10.66.0.0 255.255.255.0 Tunnel40 10.22.0.1 global
> 
> explicitly on PE1, where 10.66.0.0/24 is a net originating from CE2
> and 
> 10.22.0.1 is PE2s loopback. This semi "works": I can have the packets
> use the TE LSP, but PE1 then only imposes the TE label on entry, not
> the VPN label. How the fudge does it work? ;-) I'm probably
> overlooking something simple. Can anybody give me a clue?
> 
> I tried browsing through LOTS of documents on cisco.com, but can't
> seem to find any that describe how to use tunnels selectively, apart
> from Class Based Tunnel Selection, which is not what I want.
> 
> Thanks in advance,
> Peter
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list