MPLS Traffic Engineering Fundamentals in L3VPN Architecture
Table of Contents
Jump to section:
- • What is MPLS Traffic Engineering?
- • What is the advantage of MPLS TE?
- • What is the disadvantage of MPLS TE?
- • What are the main components of MPLS TE?
- • How to configure intra-area MPLS TE tunnel? (OSPF)
- • How to configure intra-level MPLS TE tunnel? (IS-IS)
- • Three methods to route traffic into the MPLS TE tunnel
- • Configuring explicit path (ERO) with MPLS TE
- • Packet capture of MPLS TE tunnel negotiation
- • Download section
- What is MPLS Traffic Engineering? ‹
- What is the advantage of MPLS TE? ‹
- What is the disadvantage of MPLS TE? ‹
- What are the main components of MPLS TE? ‹
- How to configure intra-area MPLS TE tunnel? (OSPF) ‹
- How to configure intra-level MPLS TE tunnel? (IS-IS) ‹
- Three methods to route traffic into the MPLS TE tunnel ‹
- Configuring explicit path (ERO) with MPLS TE ‹
- Packet capture of MPLS TE tunnel negotiation ‹
- Download section ‹
What is MPLS Traffic Engineering?
MPLS Traffic Engineering offers numerous capabilities to label switched networks such as a flexible path control mechanism and end-to-end resource allocation for dedicated data streams. MPLS TE also offers a Fast Reroute (FRR) mechanism tailored to various failure scenarios including link protection and node protection. MPLS TE is configured using virtual tunnel interfaces.
What is the advantage of MPLS TE?
- Compared to Label Distribution Protocol (LDP), MPLS TE provides methods for traffic engineering based on path control that is independent from the IGP. Meanwhile, LDP can only rely on path information calculated by the underlying IGP OSPF or IS-IS.
- Each MPLS TE tunnel can have different capabilities (constraints) such as low latency or high bandwidth. In an MPLS L3VPN architecture a customer VRF can be configured to use a particular MPLS TE tunnel based on application requirements. This provides granular control over network resources in the MPLS backbone, and is not possible with LDP.
- MPLS TE also provides fast reroute (FRR) features not available with LDP. This includes link protection, node protection and even automatic backup tunnels to improve failover time in case of a backbone network outage.
What is the disadvantage of MPLS TE?
- Compared to Label Distribution Protocol (LDP), MPLS TE requires more configuration tasks such as the tunnel interface, path definition, and FRR configurations. In a large service provider backbone network a PE router may have tens or hundreds of MPLS TE tunnels with different configurations. This can also lead to more errors and complex network changes.
- MPLS TE is less scalable than LDP because of the configurations required and the system resources consumed by the RSVP periodic refresh and reoptimization mechanisms. In other words, RSVP is a soft state protocol which makes it consume more resources than LDP. However to benefit from both protocols, service provider architectures can combine LDP and MPLS TE in a single backbone by creating separate domains.
What are the main components of MPLS TE?
The following list describes important aspects and terminology used with MPLS Traffic Engineering (TE) tunnels.
| Terminology | Description |
|---|---|
| RSVP TE and MPLS TE | MPLS Traffic Engineering uses the Resource Reservation Protocol (RSVP) for Label Switched Path (LSP) signaling and tunnel setup. RSVP is an independent transport layer protocol originally developed for the integrated services QoS model to reserve network resources based on specific traffic flow requirements. RSVP was further developed to support Traffic Engineering in MPLS networks. For this reason, RSVP TE and MPLS TE now refer to the same technology. |
| Tunnel head-end and tail-end | Traffic sent from the CE router to the neighboring PE router will enter the MPLS TE tunnel. The tunnel starting point on the PE router is called the tunnel head-end. At the other end of the MPLS TE tunnel there is also a PE device, and that is the tunnel tail-end. Since MPLS TE tunnels are unidirectional, the tunnel head-end and tail-end are important differentiators. |
| MPLS TE extension | MPLS Traffic Engineering relies on the IGP in the underlay transport network. The IGP is either OSPF or IS-IS. These two protocols have received developements (protocol extensions) to support MPLS Traffic Engineering as shown in the following captures. |
How to configure intra-area MPLS TE tunnel? (OSPF)
In the following example topology, an MPLS Layer-3 VPN Service Provider network is configured with BGP AS 65100. A Label Switched Path (LSP) is created between PE router R2 and PE R6 with MPLS Traffic Engineering tunnels. An MPLS TE tunnel is unidirectional, a single tunnel interface is configured on each PE router. The IGP OSPF is enabled with the MPLS Traffic Engineering extension, and the interfaces on each router along the LSP are also enabled for MPLS TE and for RSVP.
RSVP stands for Resource Reservation Protocol, and it is the control plane of MPLS TE. RSVP signals an LSP between the MPLS TE tunnel endpoints. This is why RSVP is enabled on the PE routers and also on R3, R4, and R5. Note that R8 is an out-of-band BGP Route Reflector and does not forward MPLS label switched traffic between the two sites. Thus, MPLS TE or RSVP are not enabled on the RR R8.
Configuration:
R2 (PE)
R2#show run | sec ^mpls mpls label range 200 299 mpls traffic-eng tunnels R2#show run | sec ^vrf vrf definition Gold rd 65100:1 ! address-family ipv4 route-target export 65100:1 route-target import 65100:2 exit-address-family R2#show run int Lo10 | sec int interface Loopback10 ip address 2.2.2.2 255.255.255.255 R2#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R3 ** ip address 10.1.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R2#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R1 ** no ip address duplex auto speed auto media-type rj45 R2#show run int Gi0/0.10 | sec int interface GigabitEthernet0/0.10 description ** to CE R1 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.1.1 255.255.255.252 R2#show run int Tu10 | sec int interface Tunnel10 description ** MPLS TE tunnel to PE R6 ** ip unnumbered Loopback10 tunnel mode mpls traffic-eng tunnel destination 6.6.6.6 tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng bandwidth 50 tunnel mpls traffic-eng path-option 10 dynamic no routing dynamic R2#show run | sec ^router router ospf 10 mpls traffic-eng router-id Loopback10 mpls traffic-eng area 0 router-id 2.2.2.2 network 2.2.2.2 0.0.0.0 area 0 network 10.1.0.0 0.0.0.3 area 0 router bgp 65100 bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 8.8.8.8 remote-as 65100 neighbor 8.8.8.8 update-source Loopback10 ! address-family vpnv4 neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community extended exit-address-family ! address-family ipv4 vrf Gold network 10.0.1.0 mask 255.255.255.252 neighbor 10.0.1.2 remote-as 65001 neighbor 10.0.1.2 activate exit-address-family
R6 (PE)
R6#show run | sec ^mpls mpls label range 600 699 mpls traffic-eng tunnels R6#show run | sec ^vrf vrf definition Gold rd 65100:2 ! address-family ipv4 route-target export 65100:2 route-target import 65100:1 exit-address-family R6#show run int Lo10 | sec int interface Loopback10 ip address 6.6.6.6 255.255.255.255 R6#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R5 ** ip address 10.4.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R6#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R7 ** no ip address duplex auto speed auto media-type rj45 R6#show run int Gi0/0.10 | sec int interface GigabitEthernet0/0.10 description ** to CE R7 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.2.1 255.255.255.252 R6#show run int Tu10 | sec int interface Tunnel10 description ** MPLS TE tunnel to PE R2 ** ip unnumbered Loopback10 tunnel mode mpls traffic-eng tunnel destination 2.2.2.2 tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng bandwidth 50 tunnel mpls traffic-eng path-option 10 dynamic no routing dynamic R6#show run | sec ^router router ospf 10 mpls traffic-eng router-id Loopback10 mpls traffic-eng area 0 router-id 6.6.6.6 network 6.6.6.6 0.0.0.0 area 0 network 10.4.0.0 0.0.0.3 area 0 router bgp 65100 bgp router-id 6.6.6.6 bgp log-neighbor-changes neighbor 8.8.8.8 remote-as 65100 neighbor 8.8.8.8 update-source Loopback10 ! address-family vpnv4 neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community extended exit-address-family ! address-family ipv4 vrf Gold network 10.0.2.0 mask 255.255.255.252 neighbor 10.0.2.2 remote-as 65002 neighbor 10.0.2.2 activate exit-address-family
R1 (CE)
R1#show run | sec ^vrf vrf definition Gold rd 1:1 ! address-family ipv4 exit-address-family R1#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to PE R2 ** no ip address duplex auto speed auto media-type rj45 R1#show run int Gi0/1.10 | sec int interface GigabitEthernet0/1.10 description ** to PE R2 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.1.2 255.255.255.252 R1#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to Host1 ** no ip address duplex auto speed auto media-type rj45 R1#show run int Gi0/0.1 | sec int interface GigabitEthernet0/0.1 description ** to Host1 in VRF Gold (VLAN 1) ** encapsulation dot1Q 1 native vrf forwarding Gold ip address 192.168.1.2 255.255.255.0 R1#show run | sec ^router router bgp 65001 bgp router-id 1.1.1.1 bgp log-neighbor-changes ! address-family ipv4 vrf Gold network 192.168.1.0 neighbor 10.0.1.1 remote-as 65100 neighbor 10.0.1.1 activate exit-address-family
R7 (CE)
R7#show run | sec ^vrf vrf definition Gold rd 1:1 ! address-family ipv4 exit-address-family R7#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to PE R6 ** no ip address duplex auto speed auto media-type rj45 R7#show run int Gi0/1.10 | sec int interface GigabitEthernet0/1.10 description ** to PE R6 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.2.2 255.255.255.252 R7#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to Host2 ** no ip address duplex auto speed auto media-type rj45 R7#show run int Gi0/0.1 | sec int interface GigabitEthernet0/0.1 description ** to Host2 in VRF Gold (VLAN 1) ** encapsulation dot1Q 1 native vrf forwarding Gold ip address 192.168.2.2 255.255.255.0 R7#show run | sec ^router router bgp 65002 bgp router-id 7.7.7.7 bgp log-neighbor-changes ! address-family ipv4 vrf Gold network 192.168.2.0 neighbor 10.0.2.1 remote-as 65100 neighbor 10.0.2.1 activate exit-address-family
R8 (BGP RR)
R8#show run int Lo10 | sec int interface Loopback10 ip address 8.8.8.8 255.255.255.255 R8#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R4 ** ip address 10.5.0.2 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 R8#show run | sec ^router router ospf 10 router-id 8.8.8.8 network 8.8.8.8 0.0.0.0 area 0 network 10.5.0.0 0.0.0.3 area 0 router bgp 65100 bgp router-id 8.8.8.8 bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 65100 neighbor 2.2.2.2 update-source Loopback10 neighbor 6.6.6.6 remote-as 65100 neighbor 6.6.6.6 update-source Loopback10 ! address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community extended neighbor 2.2.2.2 route-reflector-client neighbor 6.6.6.6 activate neighbor 6.6.6.6 send-community extended neighbor 6.6.6.6 route-reflector-client exit-address-family
R3
R3#show run | sec ^mpls mpls label range 300 399 mpls traffic-eng tunnels R3#show run int Lo10 | sec int interface Loopback10 ip address 3.3.3.3 255.255.255.255 R3#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to PE R2 ** ip address 10.1.0.2 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R3#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R4 ** ip address 10.2.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R3#show run | sec ^router router ospf 10 mpls traffic-eng router-id Loopback10 mpls traffic-eng area 0 router-id 3.3.3.3 network 3.3.3.3 0.0.0.0 area 0 network 10.1.0.0 0.0.0.3 area 0 network 10.2.0.0 0.0.0.3 area 0
R4
R4#show run | sec ^mpls mpls label range 400 499 mpls traffic-eng tunnels R4#show run int Lo10 | sec int interface Loopback10 ip address 4.4.4.4 255.255.255.255 R4#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R3 ** ip address 10.2.0.2 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R4#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R5 ** ip address 10.3.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 mpls traffic-eng tunnels ip rsvp bandwidth 100 50 R4#show run int Gi0/2 | sec int interface GigabitEthernet0/2 description ** to BGP RR R8 ** ip address 10.5.0.1 255.255.255.252 ip ospf network point-to-point duplex auto speed auto media-type rj45 R4#show run | sec ^router router ospf 10 mpls traffic-eng router-id Loopback10 mpls traffic-eng area 0 router-id 4.4.4.4 network 4.4.4.4 0.0.0.0 area 0 network 10.2.0.0 0.0.0.3 area 0 network 10.3.0.0 0.0.0.3 area 0 network 10.5.0.0 0.0.0.3 area 0
Host1
Host1#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R1 ** ip address 192.168.1.1 255.255.255.0 duplex auto speed auto media-type rj45 Host1#show run | sec ^ip route ip route 0.0.0.0 0.0.0.0 192.168.1.2
R2#show mpls traffic-eng tunnels brief Signalling Summary: LSP Tunnels Process: running Passive LSP Listener: running RSVP Process: running Forwarding: enabled Periodic reoptimization: every 3600 seconds, next in 3453 seconds Periodic FRR Promotion: Not Running Periodic auto-bw collection: every 300 seconds, next in 153 seconds TUNNEL NAME DESTINATION UP IF DOWN IF STATE/PROT ** MPLS TE tunnel to PE R6 *... 6.6.6.6 - Gi0/1 up/up « MPLS TE tunnel is up ** MPLS TE tunnel to PE R2 *... 2.2.2.2 Gi0/1 - up/up Displayed 1 (of 1) heads, 0 (of 0) midpoints, 1 (of 1) tails R2#show mpls traffic-eng tunnels summary Signalling Summary: LSP Tunnels Process: running Passive LSP Listener: running RSVP Process: running Forwarding: enabled Head: 1 interfaces, 1 active signalling attempts, 1 established « Information about tunnel signalling 1 activations, 0 deactivations 0 SSO recovery attempts, 0 SSO recovered Midpoints: 0, Tails: 1 Periodic reoptimization: every 3600 seconds, next in 3360 seconds Periodic FRR Promotion: Not Running Periodic auto-bw collection: every 300 seconds, next in 60 seconds Host1#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 49/50/52 ms « Host1 (Site 1) can reach Host2 (Site 2) Host1#trace 192.168.2.1 probe 1 Type escape sequence to abort. Tracing the route to 192.168.2.1 VRF info: (vrf in name/id, vrf out name/id) 1 192.168.1.2 2 msec 2 10.0.1.1 23 msec 3 10.1.0.2 [MPLS: Labels 301/601 Exp 0] 49 msec « MPLS label stack is used 4 10.2.0.2 [MPLS: Labels 400/601 Exp 0] 49 msec 5 10.3.0.2 [MPLS: Labels 500/601 Exp 0] 49 msec 6 10.0.2.1 [MPLS: Label 601 Exp 0] 26 msec « PE router R6 assigns VPN Service Label 7 10.0.2.2 48 msec 8 192.168.2.1 49 msec Host2#trace 192.168.1.1 probe 1 Type escape sequence to abort. Tracing the route to 192.168.1.1 VRF info: (vrf in name/id, vrf out name/id) 1 192.168.2.2 2 msec 2 10.0.2.1 23 msec 3 10.4.0.2 [MPLS: Labels 501/201 Exp 0] 48 msec 4 10.3.0.1 [MPLS: Labels 401/201 Exp 0] 50 msec 5 10.2.0.1 [MPLS: Labels 300/201 Exp 0] 48 msec 6 10.0.1.1 [MPLS: Label 201 Exp 0] 27 msec « PE router R2 assigns VPN Service Label 7 10.0.1.2 48 msec 8 192.168.1.1 50 msec
How to configure intra-level MPLS TE tunnel? (IS-IS)
In the following example scenario, the L3VPN MPLS network is configured with the IGP IS-IS, and the MPLS TE protocol extension is used to create a Traffic Engineering tunnel between PE R2 and PE R6. With IS-IS it is important that the wide metric-style is used, otherwise the MPLS TE protocol extension cannot be enabled. A single IS-IS Level-2 area is configured in the MPLS backbone, and as a result the MPLS TE tunnel is called intra-level.
Configuration:
R2 (PE)
R2#show run | sec ^mpls mpls label range 200 299 mpls traffic-eng tunnels R2#show run | sec ^vrf vrf definition Gold rd 65100:1 ! address-family ipv4 route-target export 65100:1 route-target import 65100:2 exit-address-family R2#show run int Lo10 | sec int interface Loopback10 ip address 2.2.2.2 255.255.255.255 R2#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R3 ** ip address 10.1.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls traffic-eng tunnels isis circuit-type level-2-only isis network point-to-point ip rsvp bandwidth 100 50 R2#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R1 ** no ip address duplex auto speed auto media-type rj45 R2#show run int Gi0/0.10 | sec int interface GigabitEthernet0/0.10 description ** to CE R1 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.1.1 255.255.255.252 R2#show run int Tu10 | sec int interface Tunnel10 description ** MPLS TE tunnel to PE R6 ** ip unnumbered Loopback10 tunnel mode mpls traffic-eng tunnel destination 6.6.6.6 tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng bandwidth 50 tunnel mpls traffic-eng path-option 10 dynamic no routing dynamic R2#show run | sec ^router router isis mpls traffic-eng router-id Loopback10 mpls traffic-eng level-2 net 49.0010.0000.0000.0002.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65100 bgp router-id 2.2.2.2 bgp log-neighbor-changes neighbor 8.8.8.8 remote-as 65100 neighbor 8.8.8.8 update-source Loopback10 ! address-family vpnv4 neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community extended exit-address-family ! address-family ipv4 vrf Gold network 10.0.1.0 mask 255.255.255.252 neighbor 10.0.1.2 remote-as 65001 neighbor 10.0.1.2 activate exit-address-family
R6 (PE)
R6#show run | sec ^mpls mpls label range 600 699 mpls traffic-eng tunnels R6#show run | sec ^vrf vrf definition Gold rd 65100:2 ! address-family ipv4 route-target export 65100:2 route-target import 65100:1 exit-address-family R6#show run int Lo10 | sec int interface Loopback10 ip address 6.6.6.6 255.255.255.255 R6#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R5 ** ip address 10.4.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls traffic-eng tunnels isis circuit-type level-2-only isis network point-to-point ip rsvp bandwidth 100 50 R6#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to CE R7 ** no ip address duplex auto speed auto media-type rj45 R6#show run int Gi0/0.10 | sec int interface GigabitEthernet0/0.10 description ** to CE R7 in VRF Gold ** encapsulation dot1Q 10 vrf forwarding Gold ip address 10.0.2.1 255.255.255.252 R6#show run int Tu10 | sec int interface Tunnel10 description ** MPLS TE tunnel to PE R2 ** ip unnumbered Loopback10 tunnel mode mpls traffic-eng tunnel destination 2.2.2.2 tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng bandwidth 50 tunnel mpls traffic-eng path-option 10 dynamic no routing dynamic R6#show run | sec ^router router isis mpls traffic-eng router-id Loopback10 mpls traffic-eng level-2 net 49.0010.0000.0000.0006.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65100 bgp router-id 6.6.6.6 bgp log-neighbor-changes neighbor 8.8.8.8 remote-as 65100 neighbor 8.8.8.8 update-source Loopback10 ! address-family vpnv4 neighbor 8.8.8.8 activate neighbor 8.8.8.8 send-community extended exit-address-family ! address-family ipv4 vrf Gold network 10.0.2.0 mask 255.255.255.252 neighbor 10.0.2.2 remote-as 65002 neighbor 10.0.2.2 activate exit-address-family
R8 (BGP RR)
R8#show run int Lo10 | sec int interface Loopback10 ip address 8.8.8.8 255.255.255.255 R8#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R4 ** ip address 10.5.0.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 isis circuit-type level-2-only isis network point-to-point R8#show run | sec ^router router isis net 49.0010.0000.0000.0008.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10 router bgp 65100 bgp router-id 8.8.8.8 bgp log-neighbor-changes neighbor 2.2.2.2 remote-as 65100 neighbor 2.2.2.2 update-source Loopback10 neighbor 6.6.6.6 remote-as 65100 neighbor 6.6.6.6 update-source Loopback10 ! address-family vpnv4 neighbor 2.2.2.2 activate neighbor 2.2.2.2 send-community extended neighbor 2.2.2.2 route-reflector-client neighbor 6.6.6.6 activate neighbor 6.6.6.6 send-community extended neighbor 6.6.6.6 route-reflector-client exit-address-family
R3
R3#show run | sec ^mpls mpls label range 300 399 mpls traffic-eng tunnels R3#show run int Lo10 | sec int interface Loopback10 ip address 3.3.3.3 255.255.255.255 R3#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to PE R2 ** ip address 10.1.0.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls traffic-eng tunnels isis circuit-type level-2-only isis network point-to-point ip rsvp bandwidth 100 50 R3#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R4 ** ip address 10.2.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls traffic-eng tunnels isis circuit-type level-2-only isis network point-to-point ip rsvp bandwidth 100 50 R3#show run | sec ^router router isis mpls traffic-eng router-id Loopback10 mpls traffic-eng level-2 net 49.0010.0000.0000.0003.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10
R4
R4#show run | sec ^mpls mpls label range 400 499 mpls traffic-eng tunnels R4#show run int Lo10 | sec int interface Loopback10 ip address 4.4.4.4 255.255.255.255 R4#show run int Gi0/0 | sec int interface GigabitEthernet0/0 description ** to R3 ** ip address 10.2.0.2 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls traffic-eng tunnels isis circuit-type level-2-only isis network point-to-point ip rsvp bandwidth 100 50 R4#show run int Gi0/1 | sec int interface GigabitEthernet0/1 description ** to R5 ** ip address 10.3.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 mpls traffic-eng tunnels isis circuit-type level-2-only isis network point-to-point ip rsvp bandwidth 100 50 R4#show run int Gi0/2 | sec int interface GigabitEthernet0/2 description ** to BGP RR R8 ** ip address 10.5.0.1 255.255.255.252 ip router isis duplex auto speed auto media-type rj45 isis circuit-type level-2-only isis network point-to-point R4#show run | sec ^router router isis mpls traffic-eng router-id Loopback10 mpls traffic-eng level-2 net 49.0010.0000.0000.0004.00 is-type level-2-only advertise passive-only metric-style wide log-adjacency-changes passive-interface Loopback10
R2#show mpls traffic-eng tunnels brief Signalling Summary: LSP Tunnels Process: running Passive LSP Listener: running RSVP Process: running Forwarding: enabled Periodic reoptimization: every 3600 seconds, next in 2984 seconds Periodic FRR Promotion: Not Running Periodic auto-bw collection: every 300 seconds, next in 284 seconds TUNNEL NAME DESTINATION UP IF DOWN IF STATE/PROT ** MPLS TE tunnel to PE R6 *... 6.6.6.6 - Gi0/1 up/up « MPLS TE tunnel is up ** MPLS TE tunnel to PE R2 *... 2.2.2.2 Gi0/1 - up/up Displayed 1 (of 1) heads, 0 (of 0) midpoints, 1 (of 1) tails R2#show ip route isis | begin Ga Gateway of last resort is not set 3.0.0.0/32 is subnetted, 1 subnets i L2 3.3.3.3 [115/10] via 10.1.0.2, 00:11:53, GigabitEthernet0/1 4.0.0.0/32 is subnetted, 1 subnets i L2 4.4.4.4 [115/20] via 10.1.0.2, 00:11:53, GigabitEthernet0/1 5.0.0.0/32 is subnetted, 1 subnets i L2 5.5.5.5 [115/30] via 10.1.0.2, 00:11:53, GigabitEthernet0/1 6.0.0.0/32 is subnetted, 1 subnets i L2 6.6.6.6 [115/40] via 6.6.6.6, 00:11:49, Tunnel10 « Because of autoroute announce feature MPLS TE tunnel is part of IS-IS topology 8.0.0.0/32 is subnetted, 1 subnets i L2 8.8.8.8 [115/30] via 10.1.0.2, 00:10:38, GigabitEthernet0/1 R2#show ip bgp vpnv4 rd 65100:2 192.168.2.0 BGP routing table entry for 65100:2:192.168.2.0/24, version 5 « Site 2 BGP VPNv4 prefix Paths: (1 available, best #1, no table) Flag: 0x100 Not advertised to any peer Refresh Epoch 1 65002 6.6.6.6 (metric 40) (via default) from 8.8.8.8 (8.8.8.8) « PE R6 originates this prefix Origin IGP, metric 0, localpref 100, valid, internal, best Extended Community: RT:65100:2 « Route Target export value added by PE R6 Originator: 6.6.6.6, Cluster list: 8.8.8.8 mpls labels in/out nolabel/601 « VPN Service Label added by PE R6 rx pathid: 0, tx pathid: 0x0 Host1#trace 192.168.2.2 probe 1 Type escape sequence to abort. Tracing the route to 192.168.2.2 VRF info: (vrf in name/id, vrf out name/id) 1 192.168.1.2 2 msec 2 10.0.1.1 24 msec 3 10.1.0.2 [MPLS: Labels 301/601 Exp 0] 48 msec « MPLS label stack is used 4 10.2.0.2 [MPLS: Labels 401/601 Exp 0] 48 msec 5 10.3.0.2 [MPLS: Labels 501/601 Exp 0] 48 msec 6 10.0.2.1 [MPLS: Label 601 Exp 0] 26 msec 7 10.0.2.2 49 msec R8#show ip bgp vpnv4 all sum | beg Ne Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2.2.2.2 4 65100 17 19 5 0 0 00:09:43 2 « BGP RR receives routes from the PE router 6.6.6.6 4 65100 16 18 5 0 0 00:09:44 2 R8#show ip bgp vpnv4 all | beg Ne « The following BGP VPNv4 routes are received on the BGP RR Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 65100:1 *>i 10.0.1.0/30 2.2.2.2 0 100 0 i *>i 192.168.1.0 2.2.2.2 0 100 0 65001 i Route Distinguisher: 65100:2 *>i 10.0.2.0/30 6.6.6.6 0 100 0 i *>i 192.168.2.0 6.6.6.6 0 100 0 65002 i
Three methods to route traffic into the MPLS TE tunnel
When traffic from Site 1 arrives at the MPLS TE tunnel head-end on the PE R2 it is instructed to choose the TE tunnel to reach its next-hop. This also needs to be applied on PE R6 towards PE R2. Three different methods of configuration can be used.
- With the autoroute announce feature using the command tunnel mpls traffic-eng autoroute announce under the tunnel interface, the IS-IS (or OSPF) process is instructed to include the MPLS TE tunnel in its path calculation towards the tail-end PE router. Thus, the TE tunnel is used to reach the Loopback IP address of the other PE router.
- With policy-based routing (PBR) configured on the PE routers an access-list (ACL) specifies traffic between Site 1 and Site 2. The ACL is attached to a route-map which instructs the selected traffic to use the MPLS TE tunnel as the next-hop interface. The route-map is attached to the CE-facing interface on each PE router.
- With a static route configured on the PE routers pointing to the BGP next-hop IP address that should be reachable through the MPLS TE tunnel. This means, on PE R2 the static route ip route 6.6.6.6 255.255.255.255 Tunnel10 is configured. The IP address 6.6.6.6/32 is the Loopback address of PE R6. This is also configured vice versa on PE R6 pointing to the Loopback address of PE R2.
Configuring explicit path (ERO) with MPLS TE
The path that the MPLS TE tunnel should take to reach the tail-end PE router can be configured using an Explicit Route Object (ERO). This means, a hop-by-hop list of MPLS backbone routers can be configured as a static path. When the list is ready, the MPLS TE tunnel interface can be configured to choose the explicit path (static list) instead of using a dynamic option based on the IGP best-path calculation. The following is an example configuration applied on PE R2 and on PE R6.
R2#show run | sec ^ip explicit ip explicit-path name EXAMPLE-PATH enable next-address 3.3.3.3 next-address 4.4.4.4 next-address 5.5.5.5 next-address 6.6.6.6 R2#show run int Tu10 | sec int interface Tunnel10 description ** MPLS TE tunnel to PE R6 ** ip unnumbered Loopback10 tunnel mode mpls traffic-eng tunnel destination 6.6.6.6 tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng bandwidth 50 tunnel mpls traffic-eng path-option 10 explicit name EXAMPLE-PATH no routing dynamic ------------------------------------------------------------------- R6#show run | sec ^ip explicit ip explicit-path name EXAMPLE-PATH enable next-address 5.5.5.5 next-address 4.4.4.4 next-address 3.3.3.3 next-address 2.2.2.2 R6#show run int Tu10 | sec int interface Tunnel10 description ** MPLS TE tunnel to PE R2 ** ip unnumbered Loopback10 tunnel mode mpls traffic-eng tunnel destination 2.2.2.2 tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng priority 1 1 tunnel mpls traffic-eng bandwidth 50 tunnel mpls traffic-eng path-option 10 explicit name EXAMPLE-PATH no routing dynamic
Packet capture of MPLS TE tunnel negotiation
Two messages are used during MPLS TE tunnel setup, and are periodically transmitted after an MPLS TE tunnel is established. These messages are sent by the RSVP protocol and are called the Path message and Resv message.
The Path message defines the Label Switched Path (LSP) along which traffic will be tunneled. This path is dynamically calculated by the IGP or is defined through static configuration. The Path message is sent from the tunnel head-end (ingress PE) towards the tail-end. If MPLS TE Fast Reroute is configured, it will also be signalled in the Path message. In reply, the Resv message confirms reservation of these resources.
These periodic signaling packets make RSVP a soft-state protocol, ensuring that the status of the MPLS TE tunnel is regularly refreshed and maintained. As visible, it is the PE routers that request the resources between each other through the RSVP protocol.
Also, each RSVP TE tunnel requires this keepalive mechanism which can consume considerable system resources if several hundred tunnels are terminated on a single device. If an LSP becomes unavailable due to a network failure, RSVP uses the Path Tear, Resv Tear and Path Error messages to remove an existing resource reservation. These messages are shown below.
