MPLS Traffic Engineering Inter-Area and Inter-Level Tunnels
Table of Contents
- What is an MPLS TE inter-area tunnel? ‹
- How to configure an MPLS TE inter-area tunnel? (OSPF) ‹
- How to configure an MPLS TE inter-level tunnel? (IS-IS) ‹
- Download section ‹
What is an MPLS TE inter-area tunnel?
MPLS Traffic Engineering tunnels can be configured across different IGP areas. An MPLS network may be deployed with a hierarchical design of the transport protocol by using different OSPF areas or IS-IS levels. As a result, functional layers can be created such as a Core Layer and an Aggregation Layer. Such a differentiation can benefit network convergence in large service provider Layer-3 VPN MPLS backbones.
For an MPLS Traffic Engineering inter-area tunnel to work, it needs to use an explicit path which is configured on the PE routers. The explicit path contains Explicit Route Objects (ERO) which are specifically set to "Loose ERO" for the Area Border Routers (ABR). For all other devices the ERO is set to "Strict". These details are included in RSVP such as the one displayed below.
How to configure an MPLS TE inter-area tunnel? (OSPF)
In the following example topology a Service Provider MPLS Layer-3 VPN backbone is divided into separate functional layers. The Core Layer is configured with OSPF in area 0. The Aggregation Layer is where the Provider Edge (PE) routers are located, and it is assigned to OSPF non-backbone areas (1 and 2). Thus, Type-3 summary LSAs advertise the PE router Loopback addresses across the MPLS domain.
The separation of the OSPF network into different areas means that the dynamic path-option cannot be used on the MPLS TE tunnel. This is because the Constraint-based SPF algorithm that finds the best path for the MPLS TE LSP only works within a single IGP area.
As a result, an explicit path (ERO) needs to be configured on the PE routers, including loose hop ERO types for the ABR R4 and R6. Also, the tunnel interface requires the command tunnel mpls traffic-eng autoroute destination to transmit traffic via the MPLS TE tunnel.
Configuration:
R2 (PE)
R2#show run | sec ^mpls mpls label range 200 299 mpls traffic-eng tunnels R2#show run | sec ^vrf vrf definition Gold rd 65100:1 ! address-family ipv4 route-target export 65100:1 route-target import 65100:2 exit-address-family R2#show run int Lo10 | sec int interface Loopback10 ip address 2.2.2.2 255.255.255.255 R2#show run int Gi1 | sec int interface GigabitEthernet1 description ** to CE R1 ** no ip address negotiation auto no mop enabled no mop sysid R2#show run int Gi1.10 | sec int interface GigabitEthernet1.10 description ** to CE R1 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.1.1 255.255.255.252 R2#show run int Gi2 | sec int interface GigabitEthernet2 description ** to R3 ** ip address 10.1.0.2 255.255.255.252 ip ospf network point-to-point negotiation auto mpls traffic-eng tunnels no mop enabled no mop sysid ip rsvp bandwidth 100 50 R2#show run int Tu10 | sec int interface Tunnel10 description ** MPLS TE inter-area tunnel to PE R8 ** ip unnumbered Loopback10 tunnel mode mpls traffic-eng tunnel destination 8.8.8.8 tunnel mpls traffic-eng autoroute destination tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng bandwidth 50 tunnel mpls traffic-eng path-option 10 explicit name EXAMPLE-PATH R2#show run | sec ^ip exp ip explicit-path name EXAMPLE-PATH enable index 1 next-address 3.3.3.3 index 2 next-address loose 4.4.4.4 index 3 next-address 5.5.5.5 index 4 next-address loose 6.6.6.6 index 5 next-address 7.7.7.7 index 6 next-address 8.8.8.8 R2#show run | sec ^router router ospf 10 router-id 2.2.2.2 network 2.2.2.2 0.0.0.0 area 1 network 10.1.0.0 0.0.0.3 area 1 mpls traffic-eng router-id Loopback10 mpls traffic-eng area 1 router bgp 65100 bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 9.9.9.9 remote-as 65100 neighbor 9.9.9.9 update-source Loopback10 ! address-family vpnv4 neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community extended exit-address-family ! address-family ipv4 vrf Gold network 10.0.1.0 mask 255.255.255.252 neighbor 10.0.1.2 remote-as 65001 neighbor 10.0.1.2 activate exit-address-family
R8 (PE)
R8#show run | sec ^mpls mpls label range 800 899 mpls traffic-eng tunnels R8#show run | sec ^vrf vrf definition Gold rd 65100:2 ! address-family ipv4 route-target export 65100:2 route-target import 65100:1 exit-address-family R8#show run int Lo10 | sec int interface Loopback10 ip address 8.8.8.8 255.255.255.255 R8#show run int Gi1 | sec int interface GigabitEthernet1 description ** to CE R10 ** no ip address negotiation auto no mop enabled no mop sysid R8#show run int Gi1.10 | sec int interface GigabitEthernet1.10 description ** to CE R10 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.2.1 255.255.255.252 R8#show run int Gi2 | sec int interface GigabitEthernet2 description ** to R7 ** ip address 10.7.0.2 255.255.255.252 ip ospf network point-to-point negotiation auto mpls traffic-eng tunnels no mop enabled no mop sysid ip rsvp bandwidth 100 50 R8#show run int Tu10 | sec int interface Tunnel10 description ** MPLS TE inter-area tunnel to PE R2 ** ip unnumbered Loopback10 tunnel mode mpls traffic-eng tunnel destination 2.2.2.2 tunnel mpls traffic-eng autoroute destination tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng bandwidth 50 tunnel mpls traffic-eng path-option 10 explicit name EXAMPLE-PATH R8#show run | sec ^ip exp ip explicit-path name EXAMPLE-PATH enable index 1 next-address 7.7.7.7 index 2 next-address loose 6.6.6.6 index 3 next-address 5.5.5.5 index 4 next-address loose 4.4.4.4 index 5 next-address 3.3.3.3 index 6 next-address 2.2.2.2 R8#show run | sec ^router router ospf 10 router-id 8.8.8.8 network 8.8.8.8 0.0.0.0 area 2 network 10.7.0.0 0.0.0.3 area 2 mpls traffic-eng router-id Loopback10 mpls traffic-eng area 2 router bgp 65100 bgp router-id 8.8.8.8 bgp log-neighbor-changes neighbor 9.9.9.9 remote-as 65100 neighbor 9.9.9.9 update-source Loopback10 ! address-family vpnv4 neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community extended exit-address-family ! address-family ipv4 vrf Gold network 10.0.2.0 mask 255.255.255.252 neighbor 10.0.2.2 remote-as 65002 neighbor 10.0.2.2 activate exit-address-family
R4 (ABR)
R4#show run | sec ^mpls mpls label range 400 499 mpls traffic-eng tunnels R4#show run int Lo10 | sec int interface Loopback10 ip address 4.4.4.4 255.255.255.255 R4#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R3 ** ip address 10.2.0.2 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R4#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R5 ** ip address 10.3.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R4#show run | sec ^router router ospf 10 mpls traffic-eng router-id Loopback10 mpls traffic-eng area 0 mpls traffic-eng area 1 router-id 4.4.4.4 network 4.4.4.4 0.0.0.0 area 0 network 10.2.0.0 0.0.0.3 area 1 network 10.3.0.0 0.0.0.3 area 0
R6 (ABR)
R6#show run | sec ^mpls mpls label range 600 699 mpls traffic-eng tunnels R6#show run int Lo10 | sec int interface Loopback10 ip address 6.6.6.6 255.255.255.255 R6#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R7 ** ip address 10.6.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R6#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R5 ** ip address 10.4.0.2 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R6#show run | sec ^router router ospf 10 mpls traffic-eng router-id Loopback10 mpls traffic-eng area 0 mpls traffic-eng area 2 router-id 6.6.6.6 network 6.6.6.6 0.0.0.0 area 0 network 10.4.0.0 0.0.0.3 area 0 network 10.6.0.0 0.0.0.3 area 2
R9 (BGP RR)
R9#show run int Lo10 | sec int interface Loopback10 ip address 9.9.9.9 255.255.255.255 R9#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R5 ** ip address 10.5.0.2 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 R9#show run | sec ^router router ospf 10 router-id 9.9.9.9 network 9.9.9.9 0.0.0.0 area 0 network 10.5.0.0 0.0.0.3 area 0 router bgp 65100 bgp router-id 9.9.9.9 bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 65100 neighbor 2.2.2.2 update-source Loopback10 neighbor 8.8.8.8 remote-as 65100 neighbor 8.8.8.8 update-source Loopback10 ! address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community extended neighbor 2.2.2.2 route-reflector-client neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community extended neighbor 8.8.8.8 route-reflector-client exit-address-family
R3
R3#show run | sec ^mpls mpls label range 300 399 mpls traffic-eng tunnels R3#show run int Lo10 | sec int interface Loopback10 ip address 3.3.3.3 255.255.255.255 R3#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to PE R2 ** ip address 10.1.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R3#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to ABR R4 ** ip address 10.2.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R3#show run | sec ^router router ospf 10 mpls traffic-eng router-id Loopback10 mpls traffic-eng area 1 router-id 3.3.3.3 network 3.3.3.3 0.0.0.0 area 1 network 10.1.0.0 0.0.0.3 area 1 network 10.2.0.0 0.0.0.3 area 1
R5
R5#show run | sec ^mpls mpls label range 500 599 mpls traffic-eng tunnels R5#show run int Lo10 | sec int interface Loopback10 ip address 5.5.5.5 255.255.255.255 R5#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to ABR R4 ** ip address 10.3.0.2 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R5#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to ABR R6 ** ip address 10.4.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R5#show run int Gi0/2 | sec int interface GigabitEthernet0/2 description ** to BGP RR R9 ** ip address 10.5.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 R5#show run | sec ^router router ospf 10 mpls traffic-eng router-id Loopback10 mpls traffic-eng area 0 router-id 5.5.5.5 network 5.5.5.5 0.0.0.0 area 0 network 10.3.0.0 0.0.0.3 area 0 network 10.4.0.0 0.0.0.3 area 0 network 10.5.0.0 0.0.0.3 area 0
R7
R7#show run | sec ^mpls mpls label range 700 799 mpls traffic-eng tunnels R7#show run int Lo10 | sec int interface Loopback10 ip address 7.7.7.7 255.255.255.255 R7#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to PE R8 ** ip address 10.7.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R7#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to ABR R6 ** ip address 10.6.0.2 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R7#show run | sec ^router router ospf 10 mpls traffic-eng router-id Loopback10 mpls traffic-eng area 2 router-id 7.7.7.7 network 7.7.7.7 0.0.0.0 area 2 network 10.6.0.0 0.0.0.3 area 2 network 10.7.0.0 0.0.0.3 area 2
R1 (CE)
R1#show run | sec ^vrf vrf definition Gold rd 1:1 ! address-family ipv4 exit-address-family R1#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to Host1 ** no ip address duplex auto speed auto media-type rj45 R1#show run int Gi0/0.1 | sec int interface GigabitEthernet0/0.1 description ** to Host1 in VRF Gold (VLAN 1) ** encapsulation dot1Q 1 native vrf forwarding Gold ip address 192.168.1.2 255.255.255.0 R1#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to PE R2 ** no ip address duplex auto speed auto media-type rj45 R1#show run int Gi0/1.10 | sec int interface GigabitEthernet0/1.10 description ** to PE R2 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.1.2 255.255.255.252 R1#show run | sec ^router router bgp 65001 bgp router-id 1.1.1.1 bgp log-neighbor-changes ! address-family ipv4 vrf Gold network 192.168.1.0 neighbor 10.0.1.1 remote-as 65100 neighbor 10.0.1.1 activate exit-address-family
R10 (CE)
R10#show run | sec ^vrf vrf definition Gold rd 1:1 ! address-family ipv4 exit-address-family R10#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to Host2 ** no ip address duplex auto speed auto media-type rj45 R10#show run int Gi0/0.1 | sec int interface GigabitEthernet0/0.1 description ** to Host2 in VRF Gold (VLAN 1) ** encapsulation dot1Q 1 native vrf forwarding Gold ip address 192.168.2.2 255.255.255.0 R10#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to PE R8 ** no ip address duplex auto speed auto media-type rj45 R10#show run int Gi0/1.10 | sec int interface GigabitEthernet0/1.10 description ** to PE R8 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.2.2 255.255.255.252 R10#show run | sec ^router router bgp 65002 bgp router-id 10.10.10.10 bgp log-neighbor-changes ! address-family ipv4 vrf Gold network 192.168.2.0 neighbor 10.0.2.1 remote-as 65100 neighbor 10.0.2.1 activate exit-address-family
Host1
Host1#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R1 ** ip address 192.168.1.1 255.255.255.0 duplex auto speed auto media-type rj45 Host1#show run | sec ^ip route ip route 0.0.0.0 0.0.0.0 192.168.1.2
R2#show mpls traffic-eng tunnels brief Signalling Summary: LSP Tunnels Process: running Passive LSP Listener: running RSVP Process: running Forwarding: enabled auto-tunnel: p2p Disabled (0), id-range:62336-64335 Periodic reoptimization: every 3600 seconds, next in 2059 seconds Periodic FRR Promotion: Not Running Periodic auto-bw collection: every 300 seconds, next in 259 seconds SR tunnel max label push: 13 primary path labels (13 repair path labels) P2P TUNNELS/LSPs: TUNNEL NAME DESTINATION UP IF DOWN IF STATE/PROT ** MPLS TE inter-area tunnel... 8.8.8.8 - Gi2 up/up « MPLS TE tunnel is up ** MPLS TE inter-area tunnel... 2.2.2.2 Gi2 - up/up Displayed 1 (of 1) heads, 0 (of 0) midpoints, 1 (of 1) tails P2MP TUNNELS: Displayed 0 (of 0) P2MP heads P2MP SUB-LSPS: Displayed 0 P2MP sub-LSPs: 0 (of 0) heads, 0 (of 0) midpoints, 0 (of 0) tails Host1#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 48/51/53 ms « Host1 (Site 1) can reach Host2 (Site 2) Host1#trace 192.168.2.1 probe 1 Type escape sequence to abort. Tracing the route to 192.168.2.1 VRF info: (vrf in name/id, vrf out name/id) 1 192.168.1.2 1 msec 2 10.0.1.1 40 msec 3 10.1.0.1 [MPLS: Labels 301/802 Exp 0] 49 msec « MPLS label stack is used 4 10.2.0.2 [MPLS: Labels 401/802 Exp 0] 49 msec 5 10.3.0.2 [MPLS: Labels 501/802 Exp 0] 51 msec 6 10.4.0.2 [MPLS: Labels 601/802 Exp 0] 49 msec 7 10.6.0.2 [MPLS: Labels 701/802 Exp 0] 50 msec 8 10.0.2.1 [MPLS: Label 802 Exp 0] 29 msec « PE router R8 assigns VPN Service Label 9 10.0.2.2 51 msec 10 192.168.2.1 50 msec R2#show ip bgp vpnv4 rd 65100:2 192.168.2.0 BGP routing table entry for 65100:2:192.168.2.0/24, version 5 « MP-BGP VPNv4 prefix from Site 2 Paths: (1 available, best #1, no table) Not advertised to any peer Refresh Epoch 1 65002 8.8.8.8 (via default) from 9.9.9.9 (9.9.9.9) « PE router R8 advertises this prefix Origin IGP, metric 0, localpref 100, valid, internal, best Extended Community: RT:65100:2 Originator: 8.8.8.8, Cluster list: 9.9.9.9 mpls labels in/out nolabel/802 « PE R8 assigns VPN Service Label 802 rx pathid: 0, tx pathid: 0x0 Updated on Apr 25 2024 17:19:21 UTC Host2#trace 192.168.1.1 probe 1 Type escape sequence to abort. Tracing the route to 192.168.1.1 VRF info: (vrf in name/id, vrf out name/id) 1 192.168.2.2 2 msec 2 10.0.2.1 33 msec 3 10.7.0.1 [MPLS: Labels 700/202 Exp 0] 50 msec 4 10.6.0.1 [MPLS: Labels 600/202 Exp 0] 50 msec 5 10.4.0.1 [MPLS: Labels 500/202 Exp 0] 53 msec 6 10.3.0.1 [MPLS: Labels 400/202 Exp 0] 50 msec 7 10.2.0.1 [MPLS: Labels 300/202 Exp 0] 51 msec 8 10.0.1.1 [MPLS: Label 202 Exp 0] 28 msec 9 10.0.1.2 50 msec 10 192.168.1.1 51 msec
As visible, the two sites can connect using the MPLS VPN label stack. The following output displays the MPLS transport network IGP routing table on PE R2. Note that the IGP OSPF domain is divided into different areas, and for this reason OSPF inter-area routes are advertised.
R2#show ip route ospf | beg Ga Gateway of last resort is not set 3.0.0.0/32 is subnetted, 1 subnets O 3.3.3.3 [110/2] via 10.1.0.1, 00:37:47, GigabitEthernet2 4.0.0.0/32 is subnetted, 1 subnets O IA 4.4.4.4 [110/3] via 10.1.0.1, 00:37:47, GigabitEthernet2 « inter-area Type-3 summary LSA 5.0.0.0/32 is subnetted, 1 subnets O IA 5.5.5.5 [110/4] via 10.1.0.1, 00:37:47, GigabitEthernet2 6.0.0.0/32 is subnetted, 1 subnets O IA 6.6.6.6 [110/5] via 10.1.0.1, 00:37:47, GigabitEthernet2 7.0.0.0/32 is subnetted, 1 subnets O IA 7.7.7.7 [110/6] via 10.1.0.1, 00:37:47, GigabitEthernet2 9.0.0.0/32 is subnetted, 1 subnets O IA 9.9.9.9 [110/5] via 10.1.0.1, 00:37:47, GigabitEthernet2 10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks O 10.2.0.0/30 [110/2] via 10.1.0.1, 00:37:47, GigabitEthernet2 O IA 10.3.0.0/30 [110/3] via 10.1.0.1, 00:37:47, GigabitEthernet2 O IA 10.4.0.0/30 [110/4] via 10.1.0.1, 00:37:47, GigabitEthernet2 O IA 10.5.0.0/30 [110/4] via 10.1.0.1, 00:37:47, GigabitEthernet2 O IA 10.6.0.0/30 [110/5] via 10.1.0.1, 00:37:47, GigabitEthernet2 O IA 10.7.0.0/30 [110/6] via 10.1.0.1, 00:37:47, GigabitEthernet2 R2#show ip route 8.8.8.8 Routing entry for 8.8.8.8/32 Known via "static", distance 1, metric 0 (connected) Routing Descriptor Blocks: * directly connected, via Tunnel10 « PE R2 learns PE R8 Loopback IP through MPLS TE tunnel via directly connected static route Route metric is 0, traffic share count is 1
On the PE router R2 it is visible that the Loopback IP address 8.8.8.8/32 (PE R8) is not displayed among the prefixes learnt via OSPF in the RIB. This is due to the command tunnel mpls traffic-eng autoroute destination issued under the MPLS TE tunnel interface on PE R2 and the explicit path configuration. The same is true on PE R8, where the Loopback IP of PE R2 points to the MPLS TE tunnel as the next-hop.
As an addition to the current OSPF configuration, inter-area prefixes can be filtered to optimize the routing table in each non-backbone area. This is possible because the PE routers only need the single Loopback IP address of the BGP Route Reflector R9 to receive the VPNv4 prefix of each site. All other OSPF prefixes are not necessary on the PE routers in area 1 and area 2. Thus, the following configuration can be applied on the ABR routers R4 and R6.
R4>enable R4#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R4(config)# R4(config)#ip prefix-list PL-PERMIT-BGP-RR permit 9.9.9.9/32 R4(config)# R4(config)#router ospf 10 R4(config-router)#area 1 filter-list prefix PL-PERMIT-BGP-RR in R4(config-router)# R4(config-router)#exit R4(config)#exit R4# ------------------------------------------------------------------- R6>enable R6#configure terminal Enter configuration commands, one per line. End with CNTL/Z. R6(config)# R6(config)#ip prefix-list PL-PERMIT-BGP-RR permit 9.9.9.9/32 R6(config)# R6(config)#router ospf 10 R6(config-router)#area 2 filter-list prefix PL-PERMIT-BGP-RR in R6(config-router)# R6(config-router)#exit R6(config)#exit R6#
After the filter-list is applied on each ABR, the following output is visible on the PE routers. Notice that the routing table on the PE routers is now considerably smaller. Also, note that the PE Loopback IP address is still not displayed in the RIB because it is used as the MPLS TE tunnel next-hop via the explicit path LSP.
R2#show ip route ospf | beg Ga Gateway of last resort is not set 3.0.0.0/32 is subnetted, 1 subnets O 3.3.3.3 [110/2] via 10.1.0.1, 01:03:38, GigabitEthernet2 9.0.0.0/32 is subnetted, 1 subnets O IA 9.9.9.9 [110/5] via 10.1.0.1, 00:10:41, GigabitEthernet2 « Loopback IP of BGP RR 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks O 10.2.0.0/30 [110/2] via 10.1.0.1, 01:03:38, GigabitEthernet2 R2#show ip route 8.8.8.8 Routing entry for 8.8.8.8/32 Known via "static", distance 1, metric 0 (connected) Routing Descriptor Blocks: * directly connected, via Tunnel10 Route metric is 0, traffic share count is 1 R8#show ip route ospf | beg Ga Gateway of last resort is not set 7.0.0.0/32 is subnetted, 1 subnets O 7.7.7.7 [110/2] via 10.7.0.1, 01:03:41, GigabitEthernet2 9.0.0.0/32 is subnetted, 1 subnets O IA 9.9.9.9 [110/5] via 10.7.0.1, 00:07:28, GigabitEthernet2 10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks O 10.6.0.0/30 [110/2] via 10.7.0.1, 01:03:41, GigabitEthernet2 R8#show ip route 2.2.2.2 Routing entry for 2.2.2.2/32 Known via "static", distance 1, metric 0 (connected) Routing Descriptor Blocks: * directly connected, via Tunnel10 Route metric is 0, traffic share count is 1 Host1#trace 192.168.2.1 probe 1 Type escape sequence to abort. Tracing the route to 192.168.2.1 VRF info: (vrf in name/id, vrf out name/id) 1 192.168.1.2 1 msec 2 10.0.1.1 23 msec 3 10.1.0.1 [MPLS: Labels 303/804 Exp 0] 50 msec 4 10.2.0.2 [MPLS: Labels 407/804 Exp 0] 50 msec 5 10.3.0.2 [MPLS: Labels 502/804 Exp 0] 50 msec 6 10.4.0.2 [MPLS: Labels 603/804 Exp 0] 50 msec 7 10.6.0.2 [MPLS: Labels 704/804 Exp 0] 49 msec 8 10.0.2.1 [MPLS: Label 804 Exp 0] 28 msec 9 10.0.2.2 50 msec 10 192.168.2.1 52 msec
How to configure an MPLS TE inter-level tunnel? (IS-IS)
In the following example scenario, IS-IS is configured as the IGP for an MPLS L3VPN backbone network. An IS-IS Level-2 area is used for the Core Layer, and IS-IS Level-1 areas are assigned to the Aggregation Layer. This means that R4 and R6 are IS-IS Level-1/Level-2 routers and advertise only a single default route into ther respective Level-1 areas.
To create an inter-level MPLS TE tunnel between the PE router R2 and PE R8 an explicit path (ERO) is configured with the IS-IS L1/L2 routers being loose ERO hops. This solution works without the need to redistribute routes from the Level-2 IS-IS area into the Level-1 area, or in other words no IS-IS route leaking is configured.
Configuration:
R2 (PE)
R2#show run | sec ^mpls mpls label range 200 299 mpls traffic-eng tunnels R2#show run | sec ^vrf vrf definition Gold rd 65100:1 ! address-family ipv4 route-target export 65100:1 route-target import 65100:2 exit-address-family R2#show run int Lo10 | sec int interface Loopback10 ip address 2.2.2.2 255.255.255.255 R2#show run int Gi1 | sec int interface GigabitEthernet1 description ** to CE R1 ** no ip address negotiation auto no mop enabled no mop sysid R2#show run int Gi1.10 | sec int interface GigabitEthernet1.10 description ** to CE R1 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.1.1 255.255.255.252 R2#show run int Gi2 | sec int interface GigabitEthernet2 description ** to R3 ** ip address 10.1.0.2 255.255.255.252 ip router isis negotiation auto mpls traffic-eng tunnels no mop enabled no mop sysid isis circuit-type level-1 isis network point-to-point ip rsvp bandwidth 100 50 R2#show run int Tu10 | sec int interface Tunnel10 description ** MPLS TE inter-level tunnel to PE R8 ** ip unnumbered Loopback10 tunnel mode mpls traffic-eng tunnel destination 8.8.8.8 tunnel mpls traffic-eng autoroute destination tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng bandwidth 50 tunnel mpls traffic-eng path-option 10 explicit name EXAMPLE-PATH R2#show run | sec ^ip exp ip explicit-path name EXAMPLE-PATH enable index 1 next-address 3.3.3.3 index 2 next-address loose 4.4.4.4 index 3 next-address 5.5.5.5 index 4 next-address loose 6.6.6.6 index 5 next-address 7.7.7.7 index 6 next-address 8.8.8.8 R2#show run | sec ^router router isis net 49.0010.0000.0000.0002.00 is-type level-1 advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 mpls traffic-eng router-id Loopback10 mpls traffic-eng level-1 router bgp 65100 bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 9.9.9.9 remote-as 65100 neighbor 9.9.9.9 update-source Loopback10 ! address-family vpnv4 neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community extended exit-address-family ! address-family ipv4 vrf Gold network 10.0.1.0 mask 255.255.255.252 neighbor 10.0.1.2 remote-as 65001 neighbor 10.0.1.2 activate exit-address-family
R8 (PE)
R8#show run | sec ^mpls mpls label range 800 899 mpls traffic-eng tunnels R8#show run | sec ^vrf vrf definition Gold rd 65100:2 ! address-family ipv4 route-target export 65100:2 route-target import 65100:1 exit-address-family R8#show run int Lo10 | sec int interface Loopback10 ip address 8.8.8.8 255.255.255.255 R8#show run int Gi1 | sec int interface GigabitEthernet1 description ** to CE R10 ** no ip address negotiation auto no mop enabled no mop sysid R8#show run int Gi1.10 | sec int interface GigabitEthernet1.10 description ** to CE R10 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.2.1 255.255.255.252 R8#show run int Gi2 | sec int interface GigabitEthernet2 description ** to R7 ** ip address 10.7.0.2 255.255.255.252 ip router isis negotiation auto mpls traffic-eng tunnels no mop enabled no mop sysid isis circuit-type level-1 isis network point-to-point ip rsvp bandwidth 100 50 R8#show run int Tu10 | sec int interface Tunnel10 description ** MPLS TE inter-level tunnel to PE R2 ** ip unnumbered Loopback10 tunnel mode mpls traffic-eng tunnel destination 2.2.2.2 tunnel mpls traffic-eng autoroute destination tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng bandwidth 50 tunnel mpls traffic-eng path-option 10 explicit name EXAMPLE-PATH R8#show run | sec ^ip exp ip explicit-path name EXAMPLE-PATH enable index 1 next-address 7.7.7.7 index 2 next-address loose 6.6.6.6 index 3 next-address 5.5.5.5 index 4 next-address loose 4.4.4.4 index 5 next-address 3.3.3.3 index 6 next-address 2.2.2.2 R8#show run | sec ^router router isis net 49.0020.0000.0000.0008.00 is-type level-1 advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 mpls traffic-eng router-id Loopback10 mpls traffic-eng level-1 router bgp 65100 bgp router-id 8.8.8.8 bgp log-neighbor-changes neighbor 9.9.9.9 remote-as 65100 neighbor 9.9.9.9 update-source Loopback10 ! address-family vpnv4 neighbor 9.9.9.9 activate neighbor 9.9.9.9 send-community extended exit-address-family ! address-family ipv4 vrf Gold network 10.0.2.0 mask 255.255.255.252 neighbor 10.0.2.2 remote-as 65002 neighbor 10.0.2.2 activate exit-address-family
R4 (L1/L2)
R4#show run | sec ^mpls mpls label range 400 499 mpls traffic-eng tunnels R4#show run int Lo10 | sec int interface Loopback10 ip address 4.4.4.4 255.255.255.255 R4#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R3 ** ip address 10.2.0.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls traffic-eng tunnels isis circuit-type level-1 isis network point-to-point ip rsvp bandwidth 100 50 R4#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R5 ** ip address 10.3.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls traffic-eng tunnels isis circuit-type level-2-only isis network point-to-point ip rsvp bandwidth 100 50 R4#show run | sec ^router router isis mpls traffic-eng router-id Loopback10 mpls traffic-eng level-1 mpls traffic-eng level-2 net 49.0010.0000.0000.0004.00 advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10
R6 (L1/L2)
R6#show run | sec ^mpls mpls label range 600 699 mpls traffic-eng tunnels R6#show run int Lo10 | sec int interface Loopback10 ip address 6.6.6.6 255.255.255.255 R6#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R7 ** ip address 10.6.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls traffic-eng tunnels isis circuit-type level-1 isis network point-to-point ip rsvp bandwidth 100 50 R6#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R5 ** ip address 10.4.0.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls traffic-eng tunnels isis circuit-type level-2-only isis network point-to-point ip rsvp bandwidth 100 50 R6#show run | sec ^router router isis mpls traffic-eng router-id Loopback10 mpls traffic-eng level-1 mpls traffic-eng level-2 net 49.0020.0000.0000.0006.00 advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10
R9 (BGP RR)
R9#show run int Lo10 | sec int interface Loopback10 ip address 9.9.9.9 255.255.255.255 R9#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R5 ** ip address 10.5.0.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 isis circuit-type level-2-only isis network point-to-point R9#show run | sec ^router router isis net 49.0005.0000.0000.0009.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65100 bgp router-id 9.9.9.9 bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 65100 neighbor 2.2.2.2 update-source Loopback10 neighbor 8.8.8.8 remote-as 65100 neighbor 8.8.8.8 update-source Loopback10 ! address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community extended neighbor 2.2.2.2 route-reflector-client neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community extended neighbor 8.8.8.8 route-reflector-client exit-address-family
R3
R3#show run | sec ^mpls mpls label range 300 399 mpls traffic-eng tunnels R3#show run int Lo10 | sec int interface Loopback10 ip address 3.3.3.3 255.255.255.255 R3#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to PE R2 ** ip address 10.1.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls traffic-eng tunnels isis circuit-type level-1 isis network point-to-point ip rsvp bandwidth 100 50 R3#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to ABR R4 ** ip address 10.2.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls traffic-eng tunnels isis circuit-type level-1 isis network point-to-point ip rsvp bandwidth 100 50 R3#show run | sec ^router router isis mpls traffic-eng router-id Loopback10 mpls traffic-eng level-1 net 49.0010.0000.0000.0003.00 is-type level-1 advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10
R5
R5#show run | sec ^mpls mpls label range 500 599 mpls traffic-eng tunnels R5#show run int Lo10 | sec int interface Loopback10 ip address 5.5.5.5 255.255.255.255 R5#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to ABR R4 ** ip address 10.3.0.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls traffic-eng tunnels isis circuit-type level-2-only isis network point-to-point ip rsvp bandwidth 100 50 R5#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to ABR R6 ** ip address 10.4.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls traffic-eng tunnels isis circuit-type level-2-only isis network point-to-point ip rsvp bandwidth 100 50 R5#show run | sec ^router router isis mpls traffic-eng router-id Loopback10 mpls traffic-eng level-2 net 49.0005.0000.0000.0005.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10
R2#show mpls traffic-eng tunnels brief Signalling Summary: LSP Tunnels Process: running Passive LSP Listener: running RSVP Process: running Forwarding: enabled auto-tunnel: p2p Disabled (0), id-range:62336-64335 Periodic reoptimization: every 3600 seconds, next in 1017 seconds Periodic FRR Promotion: Not Running Periodic auto-bw collection: every 300 seconds, next in 117 seconds SR tunnel max label push: 13 primary path labels (13 repair path labels) P2P TUNNELS/LSPs: TUNNEL NAME DESTINATION UP IF DOWN IF STATE/PROT ** MPLS TE inter-level tunne... 8.8.8.8 - Gi2 up/up « MPLS TE tunnel is up ** MPLS TE inter-level tunne... 2.2.2.2 Gi2 - up/up Displayed 1 (of 1) heads, 0 (of 0) midpoints, 1 (of 1) tails P2MP TUNNELS: Displayed 0 (of 0) P2MP heads P2MP SUB-LSPS: Displayed 0 P2MP sub-LSPs: 0 (of 0) heads, 0 (of 0) midpoints, 0 (of 0) tails R2#show ip route isis | beg Ga Gateway of last resort is 10.1.0.1 to network 0.0.0.0 i*L1 0.0.0.0/0 [115/20] via 10.1.0.1, 00:54:13, GigabitEthernet2 « Only default route received from IS-IS L1/L2 router 3.0.0.0/32 is subnetted, 1 subnets i L1 3.3.3.3 [115/10] via 10.1.0.1, 00:59:13, GigabitEthernet2 4.0.0.0/32 is subnetted, 1 subnets i L1 4.4.4.4 [115/20] via 10.1.0.1, 00:56:24, GigabitEthernet2 R8#show ip route isis | beg Ga Gateway of last resort is 10.7.0.1 to network 0.0.0.0 i*L1 0.0.0.0/0 [115/20] via 10.7.0.1, 00:54:28, GigabitEthernet2 6.0.0.0/32 is subnetted, 1 subnets i L1 6.6.6.6 [115/20] via 10.7.0.1, 00:55:41, GigabitEthernet2 7.0.0.0/32 is subnetted, 1 subnets i L1 7.7.7.7 [115/10] via 10.7.0.1, 00:59:08, GigabitEthernet2 R5#show ip route isis | beg Ga « IS-IS Level-2 (backbone) routers receive all the routes Gateway of last resort is not set 2.0.0.0/32 is subnetted, 1 subnets i L2 2.2.2.2 [115/30] via 10.3.0.1, 00:54:45, GigabitEthernet0/0 3.0.0.0/32 is subnetted, 1 subnets i L2 3.3.3.3 [115/20] via 10.3.0.1, 00:54:45, GigabitEthernet0/0 4.0.0.0/32 is subnetted, 1 subnets i L2 4.4.4.4 [115/10] via 10.3.0.1, 00:54:45, GigabitEthernet0/0 6.0.0.0/32 is subnetted, 1 subnets i L2 6.6.6.6 [115/10] via 10.4.0.2, 00:54:45, GigabitEthernet0/1 7.0.0.0/32 is subnetted, 1 subnets i L2 7.7.7.7 [115/20] via 10.4.0.2, 00:54:45, GigabitEthernet0/1 8.0.0.0/32 is subnetted, 1 subnets i L2 8.8.8.8 [115/30] via 10.4.0.2, 00:54:45, GigabitEthernet0/1 9.0.0.0/32 is subnetted, 1 subnets i L2 9.9.9.9 [115/10] via 10.5.0.2, 00:53:14, GigabitEthernet0/2 Host1#trace 192.168.2.1 probe 1 Type escape sequence to abort. Tracing the route to 192.168.2.1 VRF info: (vrf in name/id, vrf out name/id) 1 192.168.1.2 1 msec 2 10.0.1.1 23 msec 3 10.1.0.1 [MPLS: Labels 300/802 Exp 0] 49 msec « MPLS label stack used to reach from Host1 (Site 1) to Host2 (Site 2) 4 10.2.0.2 [MPLS: Labels 400/802 Exp 0] 50 msec 5 10.3.0.2 [MPLS: Labels 500/802 Exp 0] 50 msec 6 10.4.0.2 [MPLS: Labels 600/802 Exp 0] 50 msec 7 10.6.0.2 [MPLS: Labels 701/802 Exp 0] 51 msec 8 10.0.2.1 [MPLS: Label 802 Exp 0] 30 msec « VPN Service Label assigned by PE R8 9 10.0.2.2 58 msec 10 192.168.2.1 53 msec