[c-nsp] MPLS VPN traffic engineering tunnel selection

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Fri Apr 11 01:41:42 EDT 2008 

Peter Rathlev <mailto:peter at rathlev.dk> wrote on Thursday, April 10,
2008 5:34 PM:

> Hi Oliver,
> 
> On Thu, 2008-04-10 at 15:08 +0200, Oliver Boehmer (oboehmer) wrote:
>> this was just recently discussed on the list, check out the thread
>> "Cisco 10K MPLS VPN", for example at
>> http://www.gossamer-threads.com/lists/cisco/nsp/83117
>> Let me know if you need more info..
> 
[...]
> 
> I tried it out, and I had btw also overlooked the fact that "mpls
> traffic-eng router-id" under "router isis" should not be the regular
> loopback also used for BGP next-hop, but instead my TE loopback. 

Well, not necessarily.. Trick is to set your BGP next-hop to something
which is only routed over the tunnel. There are several ways to do this.
If the BGP next-hop is different from the TE router-id, you need to
enable LDP on the tunnel ("mpls ip") in order to transport tagged
packets. Actually: You almost always want to enable LDP on the tunnel if
you use TE for MPLS pkts (L2VPN/L3VPN)..

> And
> all explicit-path hops should be the TE loopbacks. Stupid thing to
> overlook, but I'm glad I found out. :-)

You can also use interface addresses to force tunnels over (or away
from) specific interfaces.

> I still have one question though: Is there any way of doing
> "destination based" routing? I was thinking about something along the
line of PBR,
> with explicit selection of path/tunnel based on source and destination
> at both ends, e.g. somehow using the tunnel as next hop in the VRF. I
> guess I can adjust the BGP next-hop in an inbound route-map on PE1
> just as well as I can outbound on PE2. But that only solves part of
the
> problem. What if I'd like to treat different source networks in the
> same VRF on the same PE differently? I know this is asking much, but
maybe
> there's a way...

You can use policy-based routing on the VRF interface, but this requires
a recent 12.2SR or 12.2SXH to work in a VRF context. You then just match
the pkts using an ACL, and set the outgoing interface to the TE tunnel.

	oli

More information about the cisco-nsp mailing list