Per-VRF MPLS-TE Tunnels
Per-VRF MPLS-TE Tunnels
This is a solution to route traffic from different VRFs to different MPLS-TE tunnels rather than making all VRFs traffic to go through a single MPLS-TE tunnel.
Network topology:
Since TE tunnels will be configured PE-to-PE, no LDP is required. RSVP-TE will be used to exchange labels. However, LDP must be enabled on MPLS TE tunnels. This is required so that labels can be exchanged for Loopback11 and Loopback22 interfaces.
Preparing for MPLS TE on PE1 & PE3
PE1 router:mpls traffic-eng tunnels!interface fastethernet 0/0 description To P2 router ip address 10.1.1.1 255.255.255.252 ip ospf 1 area 0 ip rsvp bandwidth mpls traffic-eng tunnels!interface fastethernet 0/1 description To PE3 router ip address 10.2.2.1 255.255.255.252 ip ospf 1 area 0 ip rsvp bandwidth mpls traffic-eng tunnels!PE3 router:mpls traffic-eng tunnels!interface fastethernet 0/0 description To P2 router ip address 10.1.1.6 255.255.255.252 ip ospf 1 area 0 ip rsvp bandwidth mpls traffic-eng tunnels!interface fastethernet 0/1 description To PE1 router ip address 10.2.2.2 255.255.255.252 ip ospf 1 area 0 ip rsvp bandwidth mpls traffic-eng tunnels!All traffic from CE11 router to CE12 router (these routers are part of VRF CUST1) should go through MPLS-TE Tunnel1 while traffic from CE21 router to CE22 router (part of VRF CUST2) must go through Tunnel2.
PE1 VRF configuration
ip vrf CUST1 rd 1:1 route-target both 1:1 bgp next-hop Loopback11 !Remote PE3 router to use BGP next-hop as Loopback 11 for VRF CUST1 traffic i.e remote PE3 router will use Loopback11 IP address as BGP next-hop for VRF CUST1!ip vrf CUST2 rd 2:2 route-target both 2:2 bgp next-hop Loopback22 !Remote PE3 router to use BGP next-hop as Loopback22 for VRF CUST2 traffic i.e. PE3 router will use Loopback22 IP address as BGP next-hop for VRF CUST2!interface serial 0/0 ip vrf forwarding CUST1 ip address 172.16.1.2 255.255.255.252!interface serial 0/1 ip vrf forwarding CUST2 ip address 172.16.2.2 255.255.255.252!interface Loopback11 ip address 11.1.1.1 255.255.255.255!interface Loopback22 ip address 22.1.1.1 255.255.255.255!PE3 VRF Configuration
ip vrf CUST1 rd 1:1 route-target both 1:1 bgp next-hop Loopback11!ip vrf CUST2 rd 2:2 route-target both 2:2 bgp next-hop Loopback22!interface serial 0/0 ip vrf forwarding CUST1 ip address 172.16.1.6 255.255.255.252!interface serial 0/1 ip vrf forwarding CUST2 ip address 172.16.2.6 255.255.255.252!interface Loopback11 ip address 11.2.2.2 255.255.255.255!interface Loopback22 ip address 22.2.2.2 255.255.255.255!Tunnel configuration:
An MPLS-TE tunnel is uni-directional and hence tunnels will be created on both PE routers. Since there are two VRF, two TE tunnels will be created- one for each VRF.
MPLS TE on PE1
mpls traffic-eng tunnels!interface Loopback 0 ip address 1.1.1.1 255.255.255.255 ip ospf 1 area 0!interface Tunnel 1 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 3.3.3.3 mpls ip tunnel mpls traffic-eng path-option 1 explicit name CUST1 tunnel mpls traffic-eng path-option 2 dynamic tunnel mpls traffic-eng bandwidth 6000 tunnel mpls traffic-eng record-route tunnel mpls traffic-eng priority 7 7!ip explicit-path name CUST1 next-address 2.2.2.2 ! Via P2 router next-address 3.3.3.3!interface Tunnel 2 ip unnumbered Loopback 0 tunnel mode mpls traffic-eng tunnel destination 3.3.3.3 mpls ip tunnel mpls traffic-eng path-option 1 explicit name CUST2 tunnel mpls traffic-eng path-option 2 dynamic tunnel mpls traffic-eng bandwidth 1000 tunnel mpls traffic-eng priority 5 5 tunnel mpls traffic-eng record-route!ip explicit-path name CUST2 next-address 3.3.3.3!router ospf 1 mpls traffic-eng area 0 mpls traffic-eng router-id Loopback0!MPLS TE on PE3
mpls traffic-eng tunnels!interface Loopback 0 ip address 3.3.3.3 255.255.255.255 ip ospf 1 area 0!interface Tunnel 1 ip unnumbered Loopback0 tunnel mode mpls traffic-eng tunnel destination 1.1.1.1 mpls ip tunnel mpls traffic-eng path-option 1 explicit name CUST1 tunnel mpls traffic-eng path-option 2 dynamic tunnel mpls traffic-eng bandwidth 6000 tunnel mpls traffic-eng priority 7 7 tunnel mpls traffic-eng record-route!ip explicit-path name CUST1 next-address 2.2.2.2 next-address 1.1.1.1!interface Tunnel 2 ip unnumbered Loopback 0 tunnel mode mpls traffic-eng tunnel destination 1.1.1.1 mpls ip tunnel mpls traffic-eng path-option 1 explicit name CUST2 tunnel mpls traffic-eng path-option 2 dynamic tunnel mpls traffic-eng bandwidth 1000 tunnel mpls traffic-eng priority 5 5 tunnel mpls traffic-eng record-route!ip explicit-path name CUST2 next-address 1.1.1.1!VRF-to-TE Tunnel Routing:
Two static routes will be used to indicate to PE routers to use MPLS TE tunnels to reach BGP next-hop IP addresses. For example- PE1 router will forward all traffic for BGP next-hop 11.2.2.2 over to Tunnel 1, while PE1 router will forward all traffic for BGP next-hop 22.2.2.2 over to Tunnel 2.
Static routing on PE1 & PE3
PE1 router:ip route 11.2.2.2 255.255.255.255 Tunnel 1!ip route 22.2.2.2 255.255.255.255 Tunnel 2!PE3 router:ip route 11.1.1.1 255.255.255.255 Tunnel 1!ip route 22.1.1.1 255.255.255.255 Tunnel 2!LDP Adjacency over MPLS TE:
Since LDP was enabled on MPLS TE tunnels, LDP forms adjacency over TE tunnels. This is important for label exchange for Loopback prefixes 11.2.2.2/32 and 22.2.2.2/32 on PE3 router, and 11.1.1.1/32 and 22.1.1.1/32 on PE1 router.
LDP Adjacency over MPLS TE
PE1# show mpls ldp neighbor Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 1.1.1.1:0 TCP connection: 3.3.3.3.62209 - 1.1.1.1.646 State: Oper; Msgs sent/rcvd: 30/30; Downstream Up time: 00:15:37 LDP discovery sources: Targeted Hello 1.1.1.1 -> 3.3.3.3, active, passive Addresses bound to peer LDP Ident: 10.2.2.2 10.1.1.6 3.3.3.3 11.2.2.2 22.2.2.2Label exchange using RSVP-TE:
RSVP is used to exchange labels for MPLS TE tunnels. In this case, PE3 router advertises an Implicit-Null label for P2 router for Tunnel 1, and P2 router advertises Label 16 to PE1 router. Since PE3 and PE1 are directly connected and Tunnel 2 is explicitly defined to use this direct path, PE3 advertises an Implicit-Null label to PE1 router for Tunnel 2.
Label exchange using RSVP-TE
PE1# show mpls traffic-eng tunnels tunnel 1Name: PE1_t1 (Tunnel1) Destination: 3.3.3.3 Status: Admin: up Oper: up Path: valid Signalling: connected path option 1, type explicit CUST1 (Basis for Setup, path weight 2) path option 2, type dynamic Config Parameters: Bandwidth: 6000 kbps (Global) Priority: 7 7 Affinity: 0x0/0xFFFF Metric Type: TE (default) AutoRoute: disabled LockDown: disabled Loadshare: 6000 bw-based auto-bw: disabled InLabel : - OutLabel : FastEthernet2/0, 16 RSVP Signalling Info: Src 1.1.1.1, Dst 3.3.3.3, Tun_Id 1, Tun_Instance 25 RSVP Path Info: My Address: 10.1.1.1 Explicit Route: 10.1.1.2 10.1.1.5 10.1.1.6 3.3.3.3 Record Route: Tspec: ave rate=6000 kbits, burst=1000 bytes, peak rate=6000 kbits RSVP Resv Info: Record Route: 10.1.1.2 10.1.1.6 Fspec: ave rate=6000 kbits, burst=1000 bytes, peak rate=6000 kbits Shortest Unconstrained Path Info: Path Weight: 1 (TE) Explicit Route: 10.2.2.1 10.2.2.2 3.3.3.3 History: Tunnel: Time since created: 1 hours, 6 minutes Time since path change: 59 minutes, 38 seconds Current LSP: Uptime: 59 minutes, 38 seconds Prior LSP: ID: path option 2 [24] Removal Trigger: tunnel shutdownPE1# show mpls traffic-eng tunnels tunnel 2Name: PE1_t2 (Tunnel2) Destination: 3.3.3.3 Status: Admin: up Oper: up Path: valid Signalling: connected path option 1, type explicit CUST2 (Basis for Setup, path weight 1) path option 2, type dynamic Config Parameters: Bandwidth: 1000 kbps (Global) Priority: 5 5 Affinity: 0x0/0xFFFF Metric Type: TE (default) AutoRoute: disabled LockDown: disabled Loadshare: 1000 bw-based auto-bw: disabled InLabel : - OutLabel : FastEthernet2/1, implicit-null RSVP Signalling Info: Src 1.1.1.1, Dst 3.3.3.3, Tun_Id 2, Tun_Instance 25 RSVP Path Info: My Address: 10.2.2.1 Explicit Route: 10.2.2.2 3.3.3.3 Record Route: Tspec: ave rate=1000 kbits, burst=1000 bytes, peak rate=1000 kbits RSVP Resv Info: Record Route: 10.2.2.2 Fspec: ave rate=1000 kbits, burst=1000 bytes, peak rate=1000 kbits Shortest Unconstrained Path Info: Path Weight: 1 (TE) Explicit Route: 10.2.2.1 10.2.2.2 3.3.3.3 History: Tunnel: Time since created: 1 hours, 6 minutes Time since path change: 1 hours, 3 minutes Current LSP: Uptime: 1 hours, 3 minutesLabel exchange using MP-BGP:
When BGP sessions are established between PE1 and PE3 routers, they exchange VRF prefixes along with labels (AFI/SAFI = 1/4). For example, PE3 router will advertise 172.16.1.4/30 prefix (it's VRF network with CE12 router) and a label for this prefix. It will also advertise 172.16.2.4/30 prefix (its VRF network with CE22 router) and a label for this prefix.
As seen below, PE1 receives 172.16.1.4/30 for VRF CUST1 and 172.16.2.4/30 for VRF CUST2. The next-hops are different for both prefixes , although, they were advertised by PE3 router. This is because of the bgp next-hop command under VRF configuration. This forces the PE3 router to use Loopback11 IP address 11.2.2.2 for all VRF CUST1 prefixes, and Loopback22 IP address 22.2.2.2 for all VRF CUST2 prefixes.
Prefix + Label advertisement using MP-BGP
PE1# show ip bgp vpnv4 allBGP table version is 16, local router ID is 22.1.1.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 1:1 (default for vrf CUST1)*> 172.16.1.0/30 0.0.0.0 0 32768 ?*>i172.16.1.4/30 11.2.2.2 0 100 0 ?Route Distinguisher: 2:2 (default for vrf CUST2)*> 172.16.2.0/30 0.0.0.0 0 32768 ?*>i172.16.2.4/30 22.2.2.2 0 100 0 ?PE1# show ip bgp vpnv4 all 172.16.1.4BGP routing table entry for 1:1:172.16.1.4/30, version 6Paths: (1 available, best #1, table CUST1) Not advertised to any peer Local 11.2.2.2 from 3.3.3.3 (22.2.2.2) Origin incomplete, metric 0, localpref 100, valid, internal, best Extended Community: RT:1:1 mpls labels in/out nolabel/21PE1# show ip bgp vpnv4 all 172.16.2.4BGP routing table entry for 2:2:172.16.2.4/30, version 16Paths: (1 available, best #1, table CUST2)Flag: 0x820 Not advertised to any peer Local 22.2.2.2 from 3.3.3.3 (22.2.2.2) Origin incomplete, metric 0, localpref 100, valid, internal, best Extended Community: RT:2:2 mpls labels in/out nolabel/22Resolving next-hop IP and label imposition:
As seen above, the next-hop IP addresses are different for different VRFs. Also, static routes are configured above to forward all traffic for these IP addresses over to MPLS TE tunnels. So 11.2.2.2/32 is reachable via Tunnel 1 and 22.2.2.2/32 is reachable via Tunnel 2.
Resolving NH on PE1
PE1# show ip cef 11.2.2.211.2.2.2/32, version 30, epoch 0, attached0 packets, 0 bytes tag information set, shared local tag: 19 fast tag rewrite with Tu1, point2point, tags imposed: {16} via Tunnel1, 1 dependency valid adjacency tag rewrite with Tu1, point2point, tags imposed: {16}PE1# show ip cef 22.2.2.222.2.2.2/32, version 23, epoch 0, attached0 packets, 0 bytes tag information set, shared local tag: 18 fast tag rewrite with Tu2, point2point, tags imposed: {} via Tunnel2, 1 dependency valid adjacency tag rewrite with Tu2, point2point, tags imposed: {}PE1 router imposes two labels for VRF CUST1 prefix 172.16.1.4/30 - top label is TE label (16) and bottom label is VPN label (21). The top-label will be swapped at each intermediate. And PE1 router imposes only one label for VRF CUST2 prefix 172.16.2.4/30 - top TE label is Implicit-Null label as advertised by PE3 router and bottom VPN label (22).
Labels imposed by PE1
PE1# show ip cef vrf CUST1 172.16.1.4172.16.1.4/30, version 12, epoch 00 packets, 0 bytes tag information set local tag: VPN-route-head fast tag rewrite with Tu1, point2point, tags imposed: {16 21} via 11.2.2.2, 0 dependencies, recursive next hop 11.2.2.2, Tunnel1 via 11.2.2.2/32 valid adjacency tag rewrite with Tu1, point2point, tags imposed: {16 21}PE1# show ip cef vrf CUST2 172.16.2.4172.16.2.4/30, version 18, epoch 00 packets, 0 bytes tag information set local tag: VPN-route-head fast tag rewrite with Tu2, point2point, tags imposed: {22} via 22.2.2.2, 0 dependencies, recursive next hop 22.2.2.2, Tunnel2 via 22.2.2.2/32 valid adjacency tag rewrite with Tu2, point2point, tags imposed: {22}