Policy based routing on VRF interfaces to route traffic through TE Tunnel

Unanswered Question
Aug 6th, 2008

Hi All,

Is there a method to do policy based routing on VRF interfaces and route data traffic through one TE tunnel and non-data traffic through another TE tunnel.

The tunnel is already build up with these below config

interface Tunnel25

ip unnumbered Loopback0

tunnel destination

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng path-option 10 explicit name test


ip explicit-path name test enable

next-address x.x.x.x

next-address y.y.y.y


router ospf 1

mpls traffic-eng router-id Loopback0

mpls traffic-eng area 0


mpls traffic-eng tunnels


nterface GigabitEthernet5/2

mpls traffic-eng tunnels

mpls ip

Is there additional config needed to work ,also in the destination end for the return traffic,we want to use the normal PATH --I mean non TE tunnel.

We tested with the above scenario,but couldn't able to reach the destination.Meantime we had a question,when the packet uses the policy map while ingress,it may not know the associatuion with VRF(Is that right? --If so ,how to make it happen)

Any help would be really appreciated



Anantha Subramanian Natarajan

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.3 (4 ratings)
n.nandrekar Wed, 08/06/2008 - 21:53

Hi Anantha!

I dont think it will be possible to do PBR to select the outgoing TE tunnel. PBR is not supported on ip-to-tag path (atleast on 6500 - and hence 7600).

But for your requirement, you can achieve it through CBTS (class based tunnel selection).


You can have different TEW tunnels for different markings. All you need to do is do ingress marking on PE / or trust the cust markings and configure the CBST feature. You have to create a master tunnel to 1 PE and multiple COS.PREC based tunnels within that.

Hope this helps.



(pls rate helpful posts)

anasubra_2 Thu, 08/07/2008 - 01:51

Hi Niranjan,

Thank you very much for the reply . We went through the CBTS option but seems would require IOS to be 12.2SR on 7600. We are currently running 12.2(18)SXF4 and preferably would like to find a soltion without an IOS upgrade.Is there a solution which is supported in this train.

Also,on CBTS scenario,If some of our core links on WS67xx series,Sup720 gig ports,does the same is supported?

Thanks for your assistance.


Anantha Subramanian Natarajan

n.nandrekar Fri, 08/08/2008 - 00:14


You are right! CBTS is supported only after SRB in 7600 and SXH in 6500. SXF wouldnt support it.

Also, the hardware should not make any difference in the functionality as TE tunnel imposition/disposition is done by the PFC. So for L3-VPN no restrictions. FOR L2VPN,eompls,atom,vpls etc. the h/w restrictions of those features will take care.

As of now I cant think of any other way of achieving your aim in SXF. Will get back if i get something else.



anasubra_2 Fri, 08/08/2008 - 01:54

Hi Niranjan,

Thank you very much for the reply.

Also I have couple of questions on CBTS,

1)If we use CBTS to acheive this by upgrading the IOS on the router and use the autoroute announce on the Tunnel created,will there be issue with MVPN traffic,I would assume RPF would fail if the multicast traffic travels through the tunnel. If this understanding is right?,is there a way to make multicast work .For us,Multicast traffic can take any core path at this moment.

2) Is there a way to force the EOMPLS traffic towards the specific path on the core by using CBTS or some other method

Any help would be really appreciated.


Anantha Subramanian Natarajan

n.nandrekar Fri, 08/08/2008 - 05:36

hi Anantha!

I might not be the right person to comment on your first question. I have not configured MVPNs yet and not very confertable with the topic.

But I am sure that if you read through the CBTS doc thoroughly, you might be able to derive the answer yourself. One thing I notice is that " a Tunnel will be selected regularly according to the routing process (even isf it is cbts enabled). From the tunnels selected using the regular best path selection, the traffic is mapped to a perticular tunnel in the group if specific class is mapped to that tunnel.

So a master tunnel can be the only tunnel between the 2 devices over which the routing (bgp next hops) are exchanged and all other tunnels can be members of this tunnel. So your RPF might not fail.

You might have to explore on this a bit more and read about the co-existance of multicast and TE. This will be the same as that.

For your second question, the answer would be easy :

If you want a specific eompls cust to take a particular tunnel/path, just create a seperate pair of loopbacks on the PEs. Make the loopback learnt on the remote PE through the tunnel/path that you want the eompls to take. Then establish the xconnect with this loopback. I am assuming that your question is that a particular eompls session should take a particular path.

If you meant that certain traffic from the same eompls session take a different path/tunnel, then CBTS will work.



anasubra_2 Fri, 08/08/2008 - 06:04

Hi Niranjan,

Thank you very much for the answer of question 2.

Regarding question 1,sure will read the CBTS doc and my initially understanding/concern is,since tunnel are unidirectional ,when RPF check happens,it may not understand the incoming interface of the Multicast traffic .....

Again thanks for your answer .......Really appreciated .


Anantha Subramanian Natarajan


This Discussion