MPLS TE - MPLS TE per VPN

Unanswered Question

Hi,


I would like to route VRF-X over new TE Tunnel which have diferrent network path.


I am not plan to use the BGP Next-hop method, but prefer to use static route.


eg. TE 100 - via existing path

TE 521 - new tunnel via new patch.


VRF-X will use TE 521 and the rest of VRF remain use the TE 100 (auto route).


What I did is create new TE tunnels TE 521 then add static route for VRF-X.



interface Tunnel521

ip unnumbered Loopback0

tag-switching ip

tunnel destination 172.18.255.5

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng priority 1 1

tunnel mpls traffic-eng path-option 1 explicit name path1-skb_KPG1PE

tunnel mpls traffic-eng path-option 2 dynamic

tunnel mpls traffic-eng record-route

tunnel mpls traffic-eng fast-reroute


ip route vrf X 10.1.1.0 255.255.255.0 Tunnel521


But it does not work, I check tunnel521 no output pakets at all.


Regards


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Laurent Aubert Mon, 08/03/2009 - 17:44
User Badges:
  • Cisco Employee,

Hi,


It's normal because there is no VPN label associated to your static route so the remote PE receive an IPv4 packet instead of a labelled packet on its uplink which belongs to the global routing table.


You need to create another loopback on the remote PE and announce it into your IGP. Then you configure the remote PE to use this loopback to set the BGP NH for vrf X. Last thing is to add a static route on your head-end to reach this loopback via Tunnel 521.


HTH


Laurent.

Is this statement still require ?


ip route vrf X 10.1.1.0 255.255.255.0 Tunnel521


attached is the full config, hope you can help to verify.



==================================

SITE A - PE Router

==================================


interface Tunnel521

ip unnumbered Loopback0

tag-switching ip

tunnel destination 172.18.255.5 ( this site B loopback0 IP - must be OSPF ID right ??)

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng priority 1 1

tunnel mpls traffic-eng path-option 1 explicit name path1-skb_KPG1PE

tunnel mpls traffic-eng path-option 2 dynamic

tunnel mpls traffic-eng record-route

tunnel mpls traffic-eng fast-reroute


Interface loopback 2

ip address 172.18.255.21 255.255.255.255


router ospf 100

network 172.18.255.21 0.0.0.0 area 0


ip vrf V401:GnGp

bgp next-hop loopback 2



ip route 172.18.255.25 255.255.255.255 Tunnel 521 [ route site B loopback 2 ]


ip route 10.1.1.0 255.255.255.0 Tunnel 521 [ vrf V401:GnGp netwwork of Site B ]

ip route 10.1.2.0 255.255.255.0 Tunnel 521 [ vrf V401:GnGp netwwork of Site B ]



==================================

SITE B - PE Router

==================================


interface Tunnel501

ip unnumbered Loopback0

tag-switching ip

tunnel destination 172.18.255.1 ( this site A loopback0 IP - must be OSPF ID right ??)

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng priority 1 1

tunnel mpls traffic-eng path-option 1 explicit name path1-skb_SHT1PE

tunnel mpls traffic-eng path-option 2 dynamic

tunnel mpls traffic-eng record-route

tunnel mpls traffic-eng fast-reroute


Interface loopback 2

ip address 172.18.255.25 255.255.255.255


router ospf 100

network 172.18.255.25 0.0.0.0 area 0


ip vrf V401:GnGp

bgp next-hop loopback 2



ip route 172.18.255.21 255.255.255.255 Tunnel 501 [ route site A loopback 2 ]


ip route 10.2.1.0 255.255.255.0 Tunnel 501 [ vrf V401:GnGp netwwork of Site A ]

ip route 10.2.2.0 255.255.255.0 Tunnel 501 [ vrf V401:GnGp netwwork of Site A ]



Laurent Aubert Tue, 08/04/2009 - 05:46
User Badges:
  • Cisco Employee,

no, you need to remove those static routes so the PE will use its BGP routes. Only the BGP NH must be resolved via the TE tunnel.


Tunnel destination has nothing to do with the OSPF router-Id and you don't need the tag-switching ip command as the tunnel is PE to PE


HTH


Laurent.


Laurent Aubert Tue, 08/04/2009 - 06:31
User Badges:
  • Cisco Employee,

Hi,


1) You only need the static routes for the new loopback

2) Tunnel destination must be an IP address belonging to the remote PE. It can be any reachable loopback


HTH


Laurent.

Hi,


That mean the bgp next-hop command at vrf V401:GnGp cause the remote PE advertise their routes with next-hop of new loopback (loopback 2)

In local PE static route :

ip route 172.18.255.25 255.255.255.255 Tunnel 521

make this remote PE new loopback IP reachable via new tunnel Tu521.


So final config shall be :


==================================

SITE A - PE Router

==================================


interface Tunnel521

ip unnumbered Loopback0

tag-switching ip

tunnel destination 172.18.255.5

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng priority 1 1

tunnel mpls traffic-eng path-option 1 explicit name path1-skb_KPG1PE

tunnel mpls traffic-eng path-option 2 dynamic

tunnel mpls traffic-eng record-route

tunnel mpls traffic-eng fast-reroute


Interface loopback 2

ip address 172.18.255.21 255.255.255.255


router ospf 100

network 172.18.255.21 0.0.0.0 area 0


ip vrf V401:GnGp

bgp next-hop loopback 2



ip route 172.18.255.25 255.255.255.255 Tunnel 521 [ route site B loopback 2 ]




==================================

SITE B - PE Router

==================================


interface Tunnel501

ip unnumbered Loopback0

tag-switching ip

tunnel destination 172.18.255.1

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng priority 1 1

tunnel mpls traffic-eng path-option 1 explicit name path1-skb_SHT1PE

tunnel mpls traffic-eng path-option 2 dynamic

tunnel mpls traffic-eng record-route

tunnel mpls traffic-eng fast-reroute


Interface loopback 2

ip address 172.18.255.25 255.255.255.255


router ospf 100

network 172.18.255.25 0.0.0.0 area 0


ip vrf V401:GnGp

bgp next-hop loopback 2



ip route 172.18.255.21 255.255.255.255 Tunnel 501 [ route site A loopback 2 ]





Thanks, I tested the solution works.


BTW, I found weird when looking at the vrf V401:GnGp routing table.


after configured bgp next-hop at vrf V401:GnGp, not all routes learned from remote PE the next-hop is point to new loopback IP. I wait for hour ..it remain the same. Only some change to new next-hop.


172.18.25.5 is current loopback 0

172.18.255.27 is new loopback 2


SHTMPLS1PE#sh ip ro vrf V401:GnGp | inc 172.18.255.5

B 172.18.250.152 [200/0] via 172.18.255.5, 01:08:41

B 203.92.151.64/27 [200/0] via 172.18.255.5, 01:08:41

B 203.92.151.72/32 [200/21] via 172.18.255.5, 01:08:41

B 203.92.151.74/32 [200/21] via 172.18.255.5, 01:08:41

B 203.92.151.76/32 [200/11] via 172.18.255.5, 01:08:41

B 203.92.151.77/32 [200/21] via 172.18.255.5, 01:08:41

B 203.92.151.96/27 [200/0] via 172.18.255.5, 01:08:41

B 203.92.151.103/32 [200/11] via 172.18.255.5, 01:08:41

B 203.92.151.105/32 [200/11] via 172.18.255.5, 01:08:41

B 203.92.151.107/32 [200/21] via 172.18.255.5, 01:08:41

B 203.92.151.108/32 [200/11] via 172.18.255.5, 01:08:41

B 203.92.151.144/32 [200/1] via 172.18.255.5, 01:08:41

B 203.92.151.192/28 [200/0] via 172.18.255.5, 01:08:41

B 203.92.151.208/28 [200/0] via 172.18.255.5, 01:08:41

SHTMPLS1PE#

SHTMPLS1PE#

SHTMPLS1PE#

SHTMPLS1PE#sh ip ro vrf V401:GnGp | inc 172.18.255.27

B 192.168.193.160 [200/0] via 172.18.255.27, 01:08:46

B 192.168.193.128 [200/0] via 172.18.255.27, 01:08:46

B 172.19.225.24 [200/0] via 172.18.255.27, 01:08:46

B 172.19.225.40 [200/0] via 172.18.255.27, 01:08:46

B 172.19.224.40 [200/0] via 172.18.255.27, 01:08:46

B 172.19.225.32 [200/0] via 172.18.255.27, 01:08:46

B 172.19.225.216 [200/0] via 172.18.255.27, 01:08:46

B 172.19.225.208 [200/0] via 172.18.255.27, 01:08:46

B 172.19.224.208 [200/0] via 172.18.255.27, 01:08:46

B 172.19.225.224 [200/0] via 172.18.255.27, 01:08:46

B 172.18.190.28 [200/0] via 172.18.255.27, 01:08:46

B 172.18.161.60 [200/0] via 172.18.255.27, 01:08:46

B 172.18.161.56 [200/0] via 172.18.255.27, 01:08:46

B 172.18.190.84 [200/0] via 172.18.255.27, 01:08:46

B 172.18.161.172 [200/0] via 172.18.255.27, 01:08:46

B 172.18.161.168 [200/0] via 172.18.255.27, 01:08:46

B 203.92.135.1 [200/2] via 172.18.255.27, 01:08:46

B 203.92.135.3 [200/2] via 172.18.255.27, 01:08:46


Laurent Aubert Wed, 08/05/2009 - 09:44
User Badges:
  • Cisco Employee,

You should do a route-refresh so the PE will re-generate all its updates with the new NH value.


Laurent.

Actions

This Discussion