Solved: Per-CE MPLS-TE Tunnel

filopeter · ‎12-20-2017

Hello,

I am looking for a solution on how to redirect traffic from a CE router in a VRF to a TE tunnel.
I have a simple VPN scenario. CE1 and CE2 are my branches, CE3 is my central office. Please see the topology picture. Without LSP manipulation, traffic between CE3 and CE1/CE2 flows over P3 and P4 according the IGP shortest path.
What I want to achieve is that traffic between CE3 and CE1 will flow over P1 and P2.

For a direction from CE3 to CE1 I have configured a TE tunnel - Tunnel 21 between PE2 (headend) and PE1 (tailend) with explicit path over P2 and P1. On PE1 I must put CE1 into a different vrf to modify the bgp next-hop, so the PE2 can see CE1 reachable over different bgp next-hop as CE2. Both vrfs on PE1 share the same route-targets, so all CE routers are still in the same VPN.

PE1#

!
ip vrf A
rd 1:1
route-target export 1:1
route-target import 1:1
!
ip vrf B
rd 2:2
route-target export 1:1
route-target import 1:1
bgp next-hop Loopback111
!
On PE2 I have created a static route for the modified bgp next-hop to the TE tunnel 21. Using this configuration a I have redirected the traffic originated from CE3 towards CE1 to Tunnel 21. With this configuration I have partially achieved my goal.

But I would also like to manipulate the traffic which originates on CE1 and is destined for CE3 and redirect it to TE tunnel - Tunnel 12 between PE1 (headend) and PE2 (tailend) with explicit path over P1 and P2. The issue I have is I do not know how to redirect the traffic from CE1 to CE3 to Tunnel 12. Obviously I can not modify the bgp next-hop on PE2, because CE3 has a single connection to vrf A. I have tried PBR on PE1, but it does not work.

!
route-map PBR permit 10
match ip address 100
set vrf B
set interface Tunnel12
!

Any ideas?

Thank you,

Peter

filopeter · ‎01-03-2018

Hi Harold,

just an quick update. I had to create master tunnel to make CBTS work. Here is my partial working config

!
interface Tunnel1
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 172.16.0.2
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng exp-bundle master
tunnel mpls traffic-eng exp-bundle member Tunnel12
tunnel mpls traffic-eng exp-bundle member Tunnel34
!
interface Tunnel12
description Tunnel to PE2 over P1P2
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 172.16.0.2
tunnel mpls traffic-eng path-option 1 explicit name P1P2
tunnel mpls traffic-eng exp 1
!
interface Tunnel34
description Tunnel to PE2 over P3P4
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 172.16.0.2
tunnel mpls traffic-eng path-option 1 explicit name P3P4
tunnel mpls traffic-eng exp 0 2 3 4 5 6 7
!

Both tunnel members must be configured with explicit path, the combination of one tunnel with explicit path and the second one with dynamic path did not work. Based on this config my BGP next-hop is reachable over Tunnel1 interface, which does the loadbalancing based on EXP bits

!
PE1#sh mpls traffic-eng tunnels tunnel 1
Name: PE1_t1 (Tunnel1) Destination: 172.16.0.2
Status: Master
Admin: up Oper: up Signalling: N/A

Member Tunnels: Member Autoroute: Inactive

Tunnel12: Config Exp: 1
Tunnel34: Config Exp: 0 2 3 4 5 6 7
!

Best Regards,

P.

View solution in original post

Harold Ritter · ‎12-23-2017

PBR to TE Tunnel will only work if the interface on which the policy is applied is in the GRT, rather than a VRF.

On way to solve the issue would be to have two VRFs on PE2 as well and to use two different VLANs to interconnect PE2 and CE3, one in VRF A and the other in VRF B. This way you could use the same approach you use to steer traffic to PE1, depending of whether is it destined to CE1 or CE2.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

filopeter · ‎12-28-2017

Hi Harold,

thank you for your answer. Your proposal is ok as long as you have the option to modify the CE-PE interface and divided it into multiple vlans.

One possible idea how to solve the issue without modifying the CE-PE interface would be to create two TE tunnels (PE1 headend, PE2 tailend), one tunnel with explicit path over P1P2 and the second tunnel with dynamic (shortest) path over P3P4.

Using autoroute announce feature the BGP next-hop for CE3 prefixes (PE2) would be reachable over both tunnels on PE1 and so PE1 can load-balance the traffic over both tunnels.

The drawback of this idea is that I do not have control on the load balancing. To gain control I wanted to use Class-Based Tunnel Selection feature and mark the traffic from CE1 towards CE3 with specific EXP bits and transport this traffic over the tunnel with explicit path and the traffic from CE2 towards CE3 over the tunnel with dynamic path.

But so far it seems that CBTS feature is either obsolete or overwritten with CEF per-destination balancing mechanism.

Best Regards,

Peter

Harold Ritter · ‎12-28-2017

Hi Peter,

I had thought of CBTS, but obviously requires the ability to control the QOS values sent by the customers. If this is an option, CBTS should work for you. Could you post your CBTS related configs?

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

filopeter · ‎01-02-2018

Hi Harold,

here is my partial CBTS config

!
interface Tunnel12
description Tunnel to PE2 over P1P2
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 172.16.0.2
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 1 explicit name P1P2
tunnel mpls traffic-eng exp 1
!
interface Tunnel34
description Tunnel to PE2 over P3P4
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 172.16.0.2
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 1 dynamic
tunnel mpls traffic-eng exp 0 2 3 4 5 6 7
!

The IP address 172.16.0.2 is my BGP next-hop for prefixes in the VRF. I have the following policy-map attached to CE1-PE interface on PE1 for traffic marking with EXP 1.

!
policy-map SET-EXP
class class-default
police cir 100000000 conform-action set-mpls-exp-imposition-transmit 1 exceed-action set-mpls-exp-imposition-transmit 1
!

According the traceroute and show commands, the ip cef forwarding mechanism is EXP bits unaware

!
PE1#sh ip route 172.16.0.2
Routing entry for 172.16.0.2/32
Known via "ospf 1", distance 110, metric 22, type intra area
Last update from 172.16.0.2 on Tunnel12, 00:00:27 ago
Routing Descriptor Blocks:
172.16.0.2, from 172.16.0.222, 00:00:27 ago, via Tunnel12
Route metric is 22, traffic share count is 1
* 172.16.0.2, from 172.16.0.222, 00:00:45 ago, via Tunnel34
Route metric is 22, traffic share count is 1
!
PE1#sh ip cef 172.16.0.2 detail
172.16.0.2/32, epoch 2, per-destination sharing
dflt local label info: global/1002 [0x3]
1 RR source [no flags]
nexthop 172.16.0.2 Tunnel34
nexthop 172.16.0.2 Tunnel12
!
PE1#sh mpls forwarding-table 172.16.0.2 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
1002 Pop Label 172.16.0.2/32 0 Tu34 point2point
MAC/Encaps=14/18, MRU=1500, Label Stack{28}, via Gi4
FA163E906F24FA163ED3FA6D8847 0001C000
No output feature configured
Per-destination load-sharing, slots: 0 2 4 6 8 10 12 14
Pop Label 172.16.0.2/32 0 Tu12 point2point
MAC/Encaps=14/18, MRU=1500, Label Stack{27}, via Gi3
FA163E2CBE66FA163E1EA1348847 0001B000
No output feature configured
Per-destination load-sharing, slots: 1 3 5 7 9 11 13 15
!
!
!
CE1#traceroute 10.3.1.1 source loopback 1
Type escape sequence to abort.
Tracing the route to 10.3.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 100.1.1.1 3 msec 2 msec 1 msec
2 172.16.13.2 [MPLS: Labels 28/2010 Exp 1] 6 msec 6 msec 6 msec
3 172.16.34.2 [MPLS: Labels 28/2010 Exp 1] 6 msec 6 msec 6 msec
4 100.3.1.1 [MPLS: Label 2010 Exp 1] 5 msec 6 msec 5 msec
5 100.3.1.2 6 msec * 6 msec

which is the the path over Tunnel 34

!

PE1#sh mpls forwarding-table vrf B 10.3.1.1 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
None 2010 10.3.1.0/24[V] Tu34 point2point
MAC/Encaps=14/22, MRU=1496, Label Stack{28 2010}, via Gi4
FA163E906F24FA163ED3FA6D8847 0001C000007DA000
VPN route: B
No output feature configured
Per-destination load-sharing, slots: 0 2 4 6 8 10 12 14
2010 10.3.1.0/24[V] Tu12 point2point
MAC/Encaps=14/22, MRU=1496, Label Stack{27 2010}, via Gi3
FA163E2CBE66FA163E1EA1348847 0001B000007DA000
VPN route: B
No output feature configured
Per-destination load-sharing, slots: 1 3 5 7 9 11 13 15

!

Best Regards,

P.

filopeter · ‎01-03-2018

Hi Harold,

just an quick update. I had to create master tunnel to make CBTS work. Here is my partial working config

!
interface Tunnel1
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 172.16.0.2
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng exp-bundle master
tunnel mpls traffic-eng exp-bundle member Tunnel12
tunnel mpls traffic-eng exp-bundle member Tunnel34
!
interface Tunnel12
description Tunnel to PE2 over P1P2
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 172.16.0.2
tunnel mpls traffic-eng path-option 1 explicit name P1P2
tunnel mpls traffic-eng exp 1
!
interface Tunnel34
description Tunnel to PE2 over P3P4
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel destination 172.16.0.2
tunnel mpls traffic-eng path-option 1 explicit name P3P4
tunnel mpls traffic-eng exp 0 2 3 4 5 6 7
!

Both tunnel members must be configured with explicit path, the combination of one tunnel with explicit path and the second one with dynamic path did not work. Based on this config my BGP next-hop is reachable over Tunnel1 interface, which does the loadbalancing based on EXP bits

!
PE1#sh mpls traffic-eng tunnels tunnel 1
Name: PE1_t1 (Tunnel1) Destination: 172.16.0.2
Status: Master
Admin: up Oper: up Signalling: N/A

Member Tunnels: Member Autoroute: Inactive

Tunnel12: Config Exp: 1
Tunnel34: Config Exp: 0 2 3 4 5 6 7
!

Best Regards,

P.