Monday, August 17, 2009

MPLS TE Per VRF Basics - Part 2



While going from home to office and back to home sometimes on same roads lead an excessive time. Everyone want to reach before time so that need to opt any other alternate path which may be long from the regular one. The same fundamental works in networks also. OSPF,EIGRP and BGP are used to manipulate the change the traffic from one path to another. Like in OSPF cost is used to change the path, in EIGRP metric is used and in BGP many attributes like weight,local preference and as-path are used. The problem with all the protocols is that unequal cost load balancing is not possible except EIGRP supports this feature.
In regular topology of service providers, two links are used one for primary and another is for secondary. Many cases the latter path remains empty and unnecessary increasing the capex of the company. With addition to this, to achieve the SLA parameters for esteemed clients, SP need to reroute the traffic of some VPN on the secondary path. For this PBR is used but its very difficult to add the static routes at each and every router in the hop.
For all the problems MPLS TE is the best optimum solution for reroute the traffic on VPN basics. With this case study, all the VPNs will follow the normal path but the one will follow the secondary path which is not used by anyone.

Introduction
The topology is hypothetical model of service provider cloud which servers the MPLS VPN services its customers. New Delhi 2 router is acting as RR and New Delhi1, Hyderabad and Mumbai 1 are acting as PE. All the routers are part of area 0. New Delhi1 ,Hyderabad and Mumbai1 routers are serving two vpns one is TEST and another is TEST1. By default from New Delhi 1 to Mumbai 1 the traffic is routed via directly connected link between the two. But for some specific requirement of vpn TEST, its traffic will follow the new path New Delhi1 → Hyderabad → Mumbai 2 → Mumbai 1.


Basic Topology

Figure 1

MPLS TE
To achieve the objective MPLS TE is used with static routes and RSVP is used for reserving the bandwidth of 200 Kbps on per interfaces.

How to achieve the objective

Now SP want to change the traffic of VRF TEST via Delhi1 → Hyderabadhttp://www.blogger.com/img/blank.gif → Mumbai 2 → Mumbai 1.. To acomplish the task TE tunnel is created. With TE a bgp next-hop attribute is used with in the vrf and a static route is imposed on the headend router for this loopback. By doing this all the VRF TEST routes will come with the new loopback instead of MP-iBGP loopback as next hop. The static route will forward the traffic within the tunnel where the destination will be the new loopback.
MPLS TE tunnels are unidirectional. So new loopback is created at Mumbai1.


Click here to download full article.

Required Configuration

Configuration at Mumbai 1

ip vrf TEST
rd 65500:1
route-target export 65500:1
route-target import 65500:1
bgp next-hop Loopback500
!
ip vrf TEST1
rd 65500:2
route-target export 65500:2
route-target import 65500:2
!
mpls traffic-eng tunnels
!
interface Loopback500
Description ### This loopback will become the next-hop for vrf TEST ###
ip address 172.16.100.100 255.255.255.255
ip ospf 1 area 0
!


Configuration at Delhi 1

ip vrf TEST
rd 65500:1
route-target export 65500:1
route-target import 65500:1
!
ip vrf TEST1
rd 65500:2
route-target export 65500:2
route-target import 65500:2
!
mpls traffic-eng tunnels
!
interface Tunnel100
ip unnumbered Loopback0
mpls ip
tunnel destination 172.16.100.3
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 1 explicit name TEST
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
!
ip explicit-path name TEST enable
next-address 172.16.1.9
next-address 172.16.1.14
next-address 172.16.1.26
!
ip route 172.16.100.100 255.255.255.255 Tunnel100


Configuration is required at every router which is participating in MPLS TE

router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0

Interfaces which are part of MPLS TE

mpls traffic-eng tunnels
ip rsvp bandwidth 200 200


Outputs

Figure 2

Figure 2 depicted the output of show ip cef vrf TEST command which is explicitly states that 172.16.100.100 is used as next hop which is loopback 500 on Mumbai 1. 32 is the IG label and 33 is the vpnv4 label. So throughout the path IGP label will be changed.


Figure 3

The above figure 3 depicted that tunnel 100 is using label 32 for outgoing with serial 0/0 as outgoing interface. At Hyderabad end this 32 should be the local label and have mapped some outgoing label for forwarding.


Figure 4
Output of figure 4 is used for cross verifying the outputs captured in Figure 3


Figure 5

Figure 5 depicts the output of local label 32 which is used in figure 3 as outgoing. After reaching hyderabd PE 32 becomes the local label and swapped with 29. Next output depicts that Mumbai 2 is having 29 as local label and pop tag is used for PHP.



Figure 6

Figure 6 depicts that 29 is used as local and further PHP is used for Mumbai 1.



Figure 7

Figure 7 depicts that vrf TEST is following the alternate path.



Figure 8 depicts that vrf TEST1 is following the directly connected path.

Delhi1#sh conf
Using 3218 out of 129016 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Delhi1
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf TEST
rd 65500:1
route-target export 65500:1
route-target import 65500:1
!
ip vrf TEST1
rd 65500:2
route-target export 65500:2
route-target import 65500:2
!
mpls traffic-eng tunnels
!!
interface Loopback0
ip address 172.16.100.1 255.255.255.255
ip ospf 1 area 0
!
interface Loopback100
ip vrf forwarding TEST
ip address 192.168.1.1 255.255.255.255
!
interface Loopback200
ip vrf forwarding TEST1
ip address 192.168.1.1 255.255.255.255
interface Tunnel100
ip unnumbered Loopback0
mpls ip
tunnel destination 172.16.100.3
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 1 explicit name TEST
no routing dynamic
!
interface Serial0/0
ip address 172.16.1.10 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
ip rsvp bandwidth 200 200
!
interface Serial0/1
ip address 172.16.1.30 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial0/2
ip address 172.16.1.33 255.255.255.252
ip ospf cost 1
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
ip rsvp bandwidth 200 200
!
interface Serial0/3
ip address 172.16.1.42 255.255.255.252
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
router-id 172.16.100.1
log-adjacency-changes
!
router bgp 65500
no synchronization
bgp router-id 172.16.100.1
bgp log-neighbor-changes
neighbor 172.16.100.2 remote-as 65500
neighbor 172.16.100.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 172.16.100.2 activate
neighbor 172.16.100.2 send-community both
exit-address-family
!
address-family ipv4 vrf TEST1
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf TEST
redistribute connected
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
ip route 172.16.100.100 255.255.255.255 Tunnel100
!
!
!
ip explicit-path name TEST enable
next-address 172.16.1.9
next-address 172.16.1.14
next-address 172.16.1.26
!
mpls ldp router-id Loopback0 force
!
control-plane
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
End






mum1#sh configuration
Using 3288 out of 129016 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname mum1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf TEST
rd 65500:1
route-target export 65500:1
route-target import 65500:1
bgp next-hop Loopback500
!
ip vrf TEST1
rd 65500:2
route-target export 65500:2
route-target import 65500:2
!
mpls traffic-eng tunnels
!
interface Loopback0
ip address 172.16.100.3 255.255.255.255
ip ospf 1 area 0
!
interface Loopback100
ip vrf forwarding TEST
ip address 192.168.1.3 255.255.255.255
!
interface Loopback200
ip vrf forwarding TEST1
ip address 192.168.1.3 255.255.255.255
!
interface Loopback500
ip address 172.16.100.100 255.255.255.255
ip ospf 1 area 0
!
interface Tunnel100
ip unnumbered Loopback0
mpls ip
tunnel destination 172.16.100.1
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 1 explicit name TEST
!
interface Serial0/0
ip address 172.16.1.6 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
no fair-queue
ip rsvp bandwidth 200 200
ip rsvp resource-provider none
!
interface Serial0/1
ip address 172.16.1.29 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial0/2
ip address 172.16.1.26 255.255.255.252
ip ospf cost 1
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
no fair-queue
ip rsvp bandwidth 200 200
!
interface Serial0/3
ip address 172.16.1.45 255.255.255.252
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
router-id 172.16.100.3
log-adjacency-changes
!
router bgp 65500
no synchronization
bgp router-id 172.16.100.3
bgp log-neighbor-changes
neighbor 172.16.100.2 remote-as 65500
neighbor 172.16.100.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 172.16.100.2 activate
neighbor 172.16.100.2 send-community both
exit-address-family
!
address-family ipv4 vrf TEST1
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf TEST
redistribute connected
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
!
ip explicit-path name TEST enable
next-address 172.16.1.25
next-address 172.16.1.13
next-address 172.16.1.10
!
!
ip access-list standard LOOP
deny 172.16.100.100
permit 172.16.100.0 0.0.0.255 log
!
!
mpls ldp router-id Loopback0 force
!
control-plane
!

line con 0
line aux 0
line vty 0 4
login
!
!
end

mum1#$



hyd#sh conf
Using 3000 out of 129016 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname hyd
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf TEST
rd 65500:1
route-target export 65500:1
route-target import 65500:1
!
ip vrf TEST1
rd 65500:2
route-target export 65500:2
route-target import 65500:2
!
mpls traffic-eng tunnels
!
!
interface Loopback0
ip address 172.16.100.6 255.255.255.255
ip ospf 1 area 0
!
interface Loopback100
ip vrf forwarding TEST
ip address 192.168.1.6 255.255.255.255
!
interface Loopback200
ip vrf forwarding TEST1
ip address 192.168.1.6 255.255.255.255
!
!
interface Serial0/0
ip address 172.16.1.9 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
no fair-queue
ip rsvp bandwidth 200 200
!
interface Serial0/1
ip address 172.16.1.13 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
ip rsvp bandwidth 200 200
!
interface Serial0/2
ip address 172.16.1.17 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial0/3
no ip address
serial restart-delay 0
!
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
router-id 172.16.100.6
log-adjacency-changes
!
router bgp 65500
no synchronization
bgp router-id 172.16.100.6
bgp log-neighbor-changes
neighbor 172.16.100.2 remote-as 65500
neighbor 172.16.100.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 172.16.100.2 activate
neighbor 172.16.100.2 send-community both
exit-address-family
!
address-family ipv4 vrf TEST1
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf TEST
redistribute connected
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
!
!
!
ip explicit-path name AHM enable
next-address 172.16.1.10
next-address 172.16.1.34
next-address 172.16.1.1
!
!

!
mpls ldp router-id Loopback0 force
!
control-plane
!

line con 0
line aux 0
line vty 0 4
login
!
!
end

hyd#





delhi2#sh conf
Using 2248 out of 129016 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname delhi2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$qNJk$HN7mwD3RnxWfCHCSmG/QG1
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
mpls traffic-eng tunnels
!
interface Loopback0
ip address 172.16.100.2 255.255.255.255
ip ospf 1 area 0
!
interface Serial0/0
ip address 172.16.1.37 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
serial restart-delay 0
no fair-queue
!
interface Serial0/1
ip address 172.16.1.2 255.255.255.252
ip ospf cost 60
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
ip rsvp bandwidth 200 200
!
interface Serial0/2
ip address 172.16.1.34 255.255.255.252
ip ospf cost 1
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
ip rsvp bandwidth 200 200
!
interface Serial0/3
no ip address
serial restart-delay 0
!
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
router-id 172.16.100.2
log-adjacency-changes
!
router bgp 65500
no synchronization
bgp router-id 172.16.100.2
bgp log-neighbor-changes
neighbor 172.16.100.1 remote-as 65500
neighbor 172.16.100.1 update-source Loopback0
neighbor 172.16.100.3 remote-as 65500
neighbor 172.16.100.3 update-source Loopback0
neighbor 172.16.100.6 remote-as 65500
neighbor 172.16.100.6 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 172.16.100.1 activate
neighbor 172.16.100.1 send-community both
neighbor 172.16.100.1 route-reflector-client
neighbor 172.16.100.3 activate
neighbor 172.16.100.3 send-community both
neighbor 172.16.100.3 route-reflector-client
neighbor 172.16.100.6 activate
neighbor 172.16.100.6 send-community both
neighbor 172.16.100.6 route-reflector-client
exit-address-family
!
ip http server
no ip http secure-server
!
mpls ldp router-id Loopback0 force
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
end

People who read this post also read :



4 comments:

Adrian Loaiza said...

Hi, can you reload the graphics with more resolution?

Anonymous said...

Plz post the diagram with more resolution and with download option

Shivlu Jain said...

its done please check.

Adrian Loaiza said...

Many thanks!