[c-nsp] MPLS VPN traffic engineering tunnel selection

Peter Rathlev peter at rathlev.dk
Thu Apr 10 11:33:53 EDT 2008 

Hi Oliver,

On Thu, 2008-04-10 at 15:08 +0200, Oliver Boehmer (oboehmer) wrote:
> this was just recently discussed on the list, check out the thread
> "Cisco 10K MPLS VPN", for example at
> http://www.gossamer-threads.com/lists/cisco/nsp/83117
> Let me know if you need more info..

Thank you for the pointer, I have it working now. I followed that thread
somewhat, but overlooked that it actually was about something similar.

The "trick" is that it's at the origin I do the configuration, and let
the box figure it out, whereas I before thought I should configure it at
the far end with destination based routing.

I tried it out, and I had btw also overlooked the fact that "mpls
traffic-eng router-id" under "router isis" should not be the regular
loopback also used for BGP next-hop, but instead my TE loopback. And all
explicit-path hops should be the TE loopbacks. Stupid thing to overlook,
but I'm glad I found out. :-)

I still have one question though: Is there any way of doing "destination
based" routing? I was thinking about something along the line of PBR,
with explicit selection of path/tunnel based on source and destination
at both ends, e.g. somehow using the tunnel as next hop in the VRF. I
guess I can adjust the BGP next-hop in an inbound route-map on PE1 just
as well as I can outbound on PE2. But that only solves part of the
problem. What if I'd like to treat different source networks in the same
VRF on the same PE differently? I know this is asking much, but maybe
there's a way...

Thank you very much again. For interested parties, the configuration
ended up as below. It's only TE one way, and just uses two different
paths for two different prefixes in this example. It's tested from a
cleared config on 6500/Sup720/SXF13.

Regards,
Peter


! *** PE1 ***
hostname PE1
!
mpls label protocol ldp
mpls traffic-eng tunnels
mpls ldp router-id Loopback0
mls mpls tunnel-recir
!
ip explicit-path name through_P1 enable
 next-address 10.0.1.3 ! P1
 next-address 10.0.1.2 ! PE2
 exit
! 
ip vrf A
 rd 65530:1
 route-target both 65530:1
 exit
!
interface Loopback0
 description "Regular" loopback
 ip address 10.0.0.1 255.255.255.255
 ip router isis
 no shutdown
 exit
!
interface Loopback1
 description MPLS TE loopback
 ip address 10.0.1.1 255.255.255.255
 ip router isis
 no shutdown
 exit
!
interface Tunnel1
 description MPLS TE tunnel to PE2
 ip unnumbered Loopback1
 tunnel destination 10.0.1.2
 tunnel mode mpls traffic-eng
 tunnel mpls traffic-eng path-option 10 explicit name through_P1
 tunnel mpls traffic-eng record-route
 no shutdown
 exit
!
interface TenGigabitEthernet9/1
 description -> PE2
 ip address 10.0.2.1 255.255.255.252
 ip router isis
 mpls traffic-eng tunnels
 mpls ip
 no shutdown
 exit
!
interface TenGigabitEthernet9/2
 description -> P1
 ip address 10.0.2.5 255.255.255.252
 ip router isis
 mpls traffic-eng tunnels
 mpls ip
 no shutdown
 exit
!
interface GigabitEthernet5/2
 description -> CE1
 ip vrf forwarding A
 ip address 10.66.0.1 255.255.255.0
 no shutdown
 exit
!
router isis
 metric-style wide
 mpls traffic-eng router-id Loopback1
 mpls traffic-eng level-1
 net 49.fc00.0000.0000.0001.00
 is-type level-1
 exit
!
router bgp 65530
 bgp router-id 10.0.0.1
 neighbor CORE peer-group
 neighbor CORE remote-as 65530
 neighbor CORE update-source Loopback0
 neighbor 10.0.0.2 peer-group CORE
 !
 address-family vpnv4
  neighbor CORE activate
  neighbor CORE next-hop-self
  neighbor CORE send-community both
  neighbor 10.0.0.2 peer-group CORE
  exit-address-family
 !
 address-family ipv4 vrf A
  network 10.66.0.0 mask 255.255.255.0
  exit-address-family
 !
 exit
!
ip route 10.0.1.2 255.255.255.255 Tunnel1 10.0.1.2
!

! *** P1 ***
hostname P1
!
mpls label protocol ldp
mpls traffic-eng tunnels
mpls ldp router-id Loopback0
mls mpls tunnel-recir
!
interface Loopback0
 description "Regular" loopback
 ip address 10.0.0.3 255.255.255.255
 ip router isis
 no shutdown
 exit
!
interface Loopback1
 description MPLS TE loopback
 ip address 10.0.1.3 255.255.255.255
 ip router isis
 no shutdown
 exit
!
interface TenGigabitEthernet9/1
 description -> PE1
 ip address 10.0.2.6 255.255.255.252
 ip router isis
 mpls traffic-eng tunnels
 mpls ip
 no shutdown
 exit
!
interface TenGigabitEthernet9/2
 description -> PE2
 ip address 10.0.2.9 255.255.255.252
 ip router isis
 mpls traffic-eng tunnels
 mpls ip
 no shutdown
 exit
!
router isis
 metric-style wide
 mpls traffic-eng router-id Loopback1
 mpls traffic-eng level-1
 net 49.fc00.0000.0000.0003.00
 is-type level-1
 exit
!

! *** PE2 ***
hostname PE2
!
mpls label protocol ldp
mpls traffic-eng tunnels
mpls ldp router-id Loopback0
mls mpls tunnel-recir
!
ip prefix-list TE-TEST-pl seq 5 permit 10.66.1.0/24
!
route-map TE-TEST permit 10
 match ip address prefix-list TE-TEST-pl
 set ip next-hop 10.0.1.2
 exit
!
route-map TE-TEST permit 20
 exit
!
ip vrf A
 rd 65530:1
 route-target both 65530:1
 exit
!
interface Loopback0
 description "Regular" loopback
 ip address 10.0.0.2 255.255.255.255
 ip router isis
 no shutdown
 exit
!
interface Loopback1
 description MPLS TE loopback
 ip address 10.0.1.2 255.255.255.255
 ip router isis
 no shutdown
 exit
!
interface TenGigabitEthernet9/1
 description -> P1
 ip address 10.0.2.10 255.255.255.252
 ip router isis
 mpls traffic-eng tunnels
 mpls ip
 no shutdown
 exit
!
interface TenGigabitEthernet9/2
 description -> PE1
 ip address 10.0.2.2 255.255.255.252
 ip router isis
 mpls traffic-eng tunnels
 mpls ip
 no shutdown
 exit
!
interface GigabitEthernet5/2
 description -> CE2
 ip vrf forwarding A
 ip address 10.66.1.1 255.255.255.0
 ip address 10.66.2.1 255.255.255.0 secondary
 no shutdown
 exit
!
router isis
 metric-style wide
 mpls traffic-eng router-id Loopback1
 mpls traffic-eng level-1
 net 49.fc00.0000.0000.0002.00
 is-type level-1
 exit
!
router bgp 65530
 bgp router-id 10.0.0.2
 neighbor CORE peer-group
 neighbor CORE remote-as 65530
 neighbor CORE update-source Loopback0
 neighbor 10.0.0.1 peer-group CORE
 !
 address-family vpnv4
  neighbor CORE activate
  neighbor CORE next-hop-self
  neighbor CORE send-community both
  neighbor CORE route-map TE-TEST out
  neighbor 10.0.0.1 peer-group CORE
  exit-address-family
 !
 address-family ipv4 vrf A
  network 10.66.1.0 mask 255.255.255.0
  network 10.66.2.0 mask 255.255.255.0
  exit-address-family
 !
 exit
!

! *** CE1 ***
interface GigabitEthernet0/1
 description -> PE1
 no switchport
 ip address 10.66.0.50 255.255.255.0
 no shutdown
 exit
!
ip route 0.0.0.0 0.0.0.0 10.66.0.1
!

! *** CE2 ***
interface GigabitEthernet0/1
 description -> PE2
 no switchport
 ip address 10.66.1.50 255.255.255.0
 ip address 10.66.2.50 255.255.255.0 secondary
 no shutdown
 exit
!
ip route 0.0.0.0 0.0.0.0 10.66.1.1
!


! Trace from CE1 to CE2:10.66.1.50
! This uses the explicit path through P1
CE1#trace 10.66.1.50

Type escape sequence to abort.
Tracing the route to 10.66.1.50

  1 10.66.0.1 0 msec 0 msec 0 msec
  2 10.0.2.6 8 msec 0 msec 0 msec
  3 10.66.1.1 0 msec 0 msec 0 msec
  4 10.66.1.50 0 msec *  0 msec
CE1#

! Trace from CE1 to CE2:10.66.2.50
! This uses the shortest (regular) path to PE2
CE1#trace 10.66.2.50

Type escape sequence to abort.
Tracing the route to 10.66.2.50

  1 10.66.0.1 0 msec 0 msec 0 msec
  2 10.66.1.1 0 msec 0 msec 0 msec
  3 10.66.1.50 0 msec *  0 msec
CE1#

More information about the cisco-nsp mailing list