MPLS TE Per VRF TE Tunnel

Networking
master
August 28, 2023

MPLS TE Per VRF TE Tunnel

In this lesson, I’ll explain how to configure MPLS VPN per VRF TE tunnels. If you haven’t configured MPLS VPN over TE tunnels before, look at our MPLS VPN over MPLS TE tunnels first.

Building a TE tunnel for customer VRFs doesn’t make much sense because of scalability issues. If you have more traffic in a VRF than a single TE tunnel can support, you have an issue. It could make sense when you use VRFs for central services that require strict QoS requirements.

Having said that, let’s dive into the configuration.

Configuration

To make this work, we need to configure three items for each VRF that require its own TE tunnel:

A new loopback interface with an IP address that we’ll use as the BGP next hop.
Change the VRF so it uses the BGP next hop of the loopback interface.
A static route for each BGP next hop that points to the TE tunnel.

Here is the topology we’ll use:

MPLS TE Per VRF TE Tunnel

Here’s what we have:

CE1 and CE3 are in VRF RED.
CE2 and CE4 are in VRF BLUE.
The CE routers have a loopback interface which we’ll use to verify reachability.
PE1, P1, P2, and PE2 run MPLS TE.
We have two unidirectional TE tunnels from PE1 to PE2 and PE2 to PE1:
- These tunnels both use the loopback0 interfaces on PE1 and PE2 (not shown in the picture).
- Tunnel two has an explicit path so that it uses the path through P2.

We’ll configure this network so that VRF RED uses tunnel one and VRF BLUE uses tunnel two.

I use Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.9(3)M6, RELEASE SOFTWARE (fc1) on all routers.

Technically, you don’t need MPLS LDP on this network because we use TE tunnels from PE1 to PE2 and vice versa. RSVP supplies the required labels.

Configurations

Want to take a look for yourself? Here, you will find the startup configuration of each device.

CE1

hostname CE1
!
ip cef
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0
 ip address 192.168.13.1 255.255.255.0
!
router ospf 1
 network 1.1.1.1 0.0.0.0 area 0
 network 192.168.13.0 0.0.0.255 area 0
!
end

CE2

hostname CE2
!
ip cef
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface GigabitEthernet0/0
 ip address 192.168.23.2 255.255.255.0
!
router ospf 1
 network 2.2.2.2 0.0.0.0 area 0
 network 192.168.23.0 0.0.0.255 area 0
!
end

CE3

hostname CE3
!
ip cef
!
interface Loopback0
 ip address 7.7.7.7 255.255.255.255
!
interface GigabitEthernet0/0
 ip address 192.168.67.7 255.255.255.0
!
router ospf 1
 network 7.7.7.7 0.0.0.0 area 0
 network 192.168.67.0 0.0.0.255 area 0
!
end

CE4

hostname CE4
!
ip cef
!
interface Loopback0
 ip address 8.8.8.8 255.255.255.255
!
interface GigabitEthernet0/0
 ip address 192.168.68.8 255.255.255.0
!
router ospf 1
 network 8.8.8.8 0.0.0.0 area 0
 network 192.168.68.0 0.0.0.255 area 0
!
end

hostname P1
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.34.4 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.46.4 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0004.0004.0004.0004.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

hostname P2
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.35.5 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.56.5 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0005.0005.0005.0005.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

PE1

hostname PE1
!
ip vrf BLUE
 rd 2:2
 route-target export 2:2
 route-target import 2:2
!
ip vrf RED
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface Tunnel1
 ip unnumbered Loopback0
 tunnel mode mpls traffic-eng
 tunnel destination 6.6.6.6
 tunnel mpls traffic-eng priority 7 7
 tunnel mpls traffic-eng bandwidth 750
 tunnel mpls traffic-eng path-option 1 dynamic
 no routing dynamic
!
interface Tunnel2
 ip unnumbered Loopback0
 tunnel mode mpls traffic-eng
 tunnel destination 6.6.6.6
 tunnel mpls traffic-eng priority 7 7
 tunnel mpls traffic-eng bandwidth 750
 tunnel mpls traffic-eng path-option 1 explicit name INCLUDE_P2
 no routing dynamic
!
interface GigabitEthernet0/0
 ip address 192.168.34.3 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.35.3 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/2
 ip vrf forwarding RED
 ip address 192.168.13.3 255.255.255.0
!
interface GigabitEthernet0/3
 ip vrf forwarding BLUE
 ip address 192.168.23.3 255.255.255.0
!
router ospf 1 vrf RED
 redistribute bgp 1 subnets
 network 192.168.13.0 0.0.0.255 area 0
!
router ospf 2 vrf BLUE
 redistribute bgp 1 subnets
 network 192.168.23.0 0.0.0.255 area 0
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0003.0003.0003.0003.00
 is-type level-2-only
 metric-style wide
!
router bgp 1
 neighbor 6.6.6.6 remote-as 1
 neighbor 6.6.6.6 update-source Loopback0
 !
 address-family vpnv4
  neighbor 6.6.6.6 activate
  neighbor 6.6.6.6 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf BLUE
  redistribute ospf 2
 exit-address-family
 !
 address-family ipv4 vrf RED
  redistribute ospf 1
 exit-address-family
!
ip explicit-path name INCLUDE_P2 enable
 next-address loose 5.5.5.5
!
mpls ldp router-id Loopback0 force
!
end

PE2

hostname PE2
!
ip vrf BLUE
 rd 2:2
 route-target export 2:2
 route-target import 2:2
!
ip vrf RED
 rd 1:1
 route-target export 1:1
 route-target import 1:1
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface Tunnel1
 ip unnumbered Loopback0
 tunnel mode mpls traffic-eng
 tunnel destination 3.3.3.3
 tunnel mpls traffic-eng priority 7 7
 tunnel mpls traffic-eng bandwidth 750
 tunnel mpls traffic-eng path-option 1 dynamic
 no routing dynamic
!
interface Tunnel2
 ip unnumbered Loopback0
 tunnel mode mpls traffic-eng
 tunnel destination 3.3.3.3
 tunnel mpls traffic-eng priority 7 7
 tunnel mpls traffic-eng bandwidth 750
 tunnel mpls traffic-eng path-option 1 explicit name INCLUDE_P2
 no routing dynamic
!
interface GigabitEthernet0/0
 ip address 192.168.46.6 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.56.6 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/2
 ip vrf forwarding RED
 ip address 192.168.67.6 255.255.255.0
!
interface GigabitEthernet0/3
 ip vrf forwarding BLUE
 ip address 192.168.68.6 255.255.255.0
!
router ospf 1 vrf RED
 redistribute bgp 1 subnets
 network 192.168.67.0 0.0.0.255 area 0
!
router ospf 2 vrf BLUE
 redistribute bgp 1 subnets
 network 192.168.68.0 0.0.0.255 area 0
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0006.0006.0006.0006.00
 is-type level-2-only
 metric-style wide
!
router bgp 1
 neighbor 3.3.3.3 remote-as 1
 neighbor 3.3.3.3 update-source Loopback0
 !
 address-family vpnv4
  neighbor 3.3.3.3 activate
  neighbor 3.3.3.3 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf BLUE
  redistribute ospf 2
 exit-address-family
 !
 address-family ipv4 vrf RED
  redistribute ospf 1
 exit-address-family
!
ip explicit-path name INCLUDE_P2 enable
 next-address loose 5.5.5.5
!
mpls ldp router-id Loopback0 force
!
end

Loopback Interfaces

We’ll start with the loopback interfaces. We need one for each VRF:

PE1(config)#interface Loopback1
PE1(config-if)#ip address 172.16.3.3 255.255.255.255

PE1(config-if)#interface Loopback2
PE1(config-if)#ip address 172.16.33.33 255.255.255.255

PE2(config)#interface Loopback1
PE2(config-if)#ip address 172.16.6.6 255.255.255.255

PE2(config-if)#interface Loopback2
PE2(config-if)#ip address 172.16.66.66 255.255.255.255

BGP Next-Hop

Under the VRF configuration, we use the bgp next-hop command to change the BGP next hop:

PE1 & PE2
(config)#ip vrf RED
(config-vrf)#bgp next-hop Loopback1

(config)#ip vrf BLUE
(config-vrf)#bgp next-hop Loopback2

Static Routes

The only thing left to do is configure a static route so that we reach the BGP next hops through the TE tunnels:

PE1(config)#ip route 172.16.6.6 255.255.255.255 Tunnel1
PE1(config)#ip route 172.16.66.66 255.255.255.255 Tunnel2

PE2(config)#ip route 172.16.3.3 255.255.255.255 Tunnel1
PE2(config)#ip route 172.16.33.33 255.255.255.255 Tunnel2

This completes the configuration.

Verification

Let’s verify our work. I’ll use PE1 to show you everything we need to know. First, we’ll make sure that tunnels are up and running:

PE1#show mpls traffic-eng tunnels tunnel 1

Name: PE1_t1                              (Tunnel1) Destination: 6.6.6.6
  Status:
    Admin: up         Oper: up     Path: valid       Signalling: connected
    path option 1, type dynamic (Basis for Setup, path weight 20)

  Config Parameters:
    Bandwidth: 750      kbps (Global)  Priority: 7  7   Affinity: 0x0/0xFFFF
    Metric Type: TE (default)
    AutoRoute:  disabled  LockDown: disabled  Loadshare: 750      bw-based
    auto-bw: disabled
  Active Path Option Parameters:
    State: dynamic path option 1 is active
    BandwidthOverride: disabled  LockDown: disabled  Verbatim: disabled


  InLabel  :  - 
  OutLabel : GigabitEthernet0/0, 21
  RSVP Signalling Info:
       Src 3.3.3.3, Dst 6.6.6.6, Tun_Id 1, Tun_Instance 44
    RSVP Path Info:
      My Address: 192.168.34.3   
      Explicit Route: 192.168.34.4 192.168.46.4 192.168.46.6 6.6.6.6 
      Record   Route:   NONE
      Tspec: ave rate=750 kbits, burst=1000 bytes, peak rate=750 kbits
    RSVP Resv Info:
      Record   Route:   NONE
      Fspec: ave rate=750 kbits, burst=1000 bytes, peak rate=750 kbits
  Shortest Unconstrained Path Info:
    Path Weight: 20 (TE)
    Explicit Route: 192.168.34.3 192.168.34.4 192.168.46.4 192.168.46.6 
                    6.6.6.6 
  History:
    Tunnel:
      Time since created: 15 hours, 29 minutes
      Time since path change: 15 hours, 9 minutes
      Number of LSP IDs (Tun_Instances) used: 44
    Current LSP:
      Uptime: 15 hours, 9 minutes

Tunnel one is connected and uses the path through P1. We use label 21. Let’s check tunnel two:

PE1#show mpls traffic-eng tunnels tunnel 2 

Name: PE1_t2                              (Tunnel2) Destination: 6.6.6.6
  Status:
    Admin: up         Oper: up     Path: valid       Signalling: connected
    path option 1, type explicit INCLUDE_P2 (Basis for Setup, path weight 10)

  Config Parameters:
    Bandwidth: 750      kbps (Global)  Priority: 7  7   Affinity: 0x0/0xFFFF
    Metric Type: TE (default)
    AutoRoute:  disabled  LockDown: disabled  Loadshare: 750      bw-based
    auto-bw: disabled
  Active Path Option Parameters:
    State: explicit path option 1 is active
    BandwidthOverride: disabled  LockDown: disabled  Verbatim: disabled


  InLabel  :  - 
  OutLabel : GigabitEthernet0/1, 21
  RSVP Signalling Info:
       Src 3.3.3.3, Dst 6.6.6.6, Tun_Id 2, Tun_Instance 46
    RSVP Path Info:
      My Address: 192.168.35.3   
      Explicit Route: 192.168.35.5 5.5.5.5 
      Record   Route:   NONE
      Tspec: ave rate=750 kbits, burst=1000 bytes, peak rate=750 kbits
    RSVP Resv Info:
      Record   Route:   NONE
      Fspec: ave rate=750 kbits, burst=1000 bytes, peak rate=750 kbits
  Shortest Unconstrained Path Info:
    Path Weight: 20 (TE)
    Explicit Route: 192.168.34.3 192.168.34.4 192.168.46.4 192.168.46.6 
                    6.6.6.6 
  History:
    Tunnel:
      Time since created: 15 hours, 30 minutes
      Time since path change: 14 hours, 58 minutes
      Number of LSP IDs (Tun_Instances) used: 46
    Current LSP:
      Uptime: 14 hours, 48 minutes
      Selection: reoptimization
    Prior LSP:
      ID: path option 1 [44]
      Removal Trigger: reoptimization completed

Tunnel two is also connected and uses the path through P2. We use label 21 for this tunnel.

Let’s check MP-BGP:

PE1#show ip bgp vpnv4 all
BGP table version is 9, local router ID is 172.16.33.33
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf RED)
 *>   1.1.1.1/32       192.168.13.1             2         32768 ?
 *>i  7.7.7.7/32       172.16.6.6               2    100      0 ?
 *>   192.168.13.0     0.0.0.0                  0         32768 ?
 *>i  192.168.67.0     172.16.6.6               0    100      0 ?
Route Distinguisher: 2:2 (default for vrf BLUE)
 *>   2.2.2.2/32       192.168.23.2             2         32768 ?
 *>i  8.8.8.8/32       172.16.66.66             2    100      0 ?
 *>   192.168.23.0     0.0.0.0                  0         32768 ?
 *>i  192.168.68.0     172.16.66.66             0    100      0 ?

Above, we see the two VRFs and the routes PE1 learned. You can see that we use different BGP next hops. For example:

7.7.7.7/32 (CE3) uses next hop 172.16.6.6 (loopback 1 of PE2)
8.8.8.8/32 (CE4) uses next hop 172.16.66.66 (loopback 2 of PE2)

You can also look at one particular entry which also tells us the label we use for this route:

Source link

MPLS TE Per VRF TE Tunnel

Configuration

Loopback Interfaces

BGP Next-Hop

Static Routes

Verification

What are network assurance tools and why are they important?

Chris’ Corner: Even More SVG Tricks

Leave a Reply Cancel reply

Recent Posts

Recent Comments

Search

Categories

(+254) 113665235

Contact info

Useful Links

About Company

Service Schedule

MPLS TE Per VRF TE Tunnel

MPLS TE Per VRF TE Tunnel

Configuration

Loopback Interfaces

BGP Next-Hop

Static Routes

Verification

What are network assurance tools and why are they important?

Chris’ Corner: Even More SVG Tricks

Leave a Reply Cancel reply

Recent Posts

Recent Comments

Search

Categories

Popular Tags

(+254) 113665235