Segment Routing Traffic Engineering

In my previous post of Segment Routing: Alternate of LDP and RSVP, already discussed about the advantages of using SR w.r.t LDP. The utmost advantage of using Segment Routing is to steer the traffic which is normally called “Traffic Engineering”.

In case of MPLS we called Traffic Engineering as MPLS-TE but in case of Segment Routing, it could be SR-TE (Segment Routing Traffic Engineering Tunnel. RSVP is required to build the MPLS-TE tunnels along with LDP but in Segment Routing, all you need is the Segment IDs only. It is free from heavy RSVP signaling.

There are different ways to create Segment Routing Traffic Engineering Tunnels:-
1. Manually Create SR-TE tunnel and explicitly define the path. This is equivalent to MPLS-TE tunnel and define explicitly path by giving the next hop addresses.

2. Manually Create SR-TE tunnel but for path computation use PCE (Path Control Element). In this case headend router will become the PCC (Path Computation Client) and some software which sits outside of the network but has full view of topology will become a PCC. PCEP (Path Computation Element Protocol) is used between PCC and PCE. For reference http://tools.ietf.org/html/draft-sivabalan-pce-segment-routing-00

3. Dynamically Create SR-TE tunnel and compute path by using PCE. PCE is having API where user can push the headend and tailend routers information with some kind of SLAs. PCE will dynamically create the tunnel push it to router (PCC). Once this is done, PCC will ask for dynamic path also. For reference http://www.enog.org/presentations/enog-6/201-SR_ENOG.pdf

Click Here To Read Rest Of The Post...

RSVP Tunnels are up but all traffic forwarding is stopped

I found one weird issue during my testing lab where in end to end RSVP-TE was configured and all the customer traffic forwarding was done on those tunnels. But suddenly I found that the traffic started drop but the tunnels were up. Then after deep analysis of FIB and LFIB, I found that the one of the node was advertising label for RSVP TE but the next node was not able to receive that label. After refreshing the labels, everything started work.
Now the question comes, if some of the node start misbehaving with label, in that case my path and resv messages should get dropped or not. I am not sure about it.
But the given post helped me lot to find the RCA.
Missing labels can forward labels somewhere else
How to troubleshoot MPLS VPN?
When and where PHP happens?

Click Here To Read Rest Of The Post...

MPLS IP In MPLS TE Tunnel

I have posted various post of MPLS TE and everytime I receive the question why and when mpls ip is used in TE tunnel. In this post I would like to conclude when, where and why mpls ip is used in TE tunnel.

Scenarios Where MPLS IP Is Used Or Not

1. If the MP-iBGP and Tunnel destinations are different, mpls ip command is required.
2. If the MPLS TE terminates at the egress PE, no ldp/tdp is required.
3. If the MPLS TE terminates before the PE router or egress router, tag switching is required (three labels are used).


Click Here To Read Rest Of The Post...

MPLS TE With Three Labels

We always talk about three labels in MPLS but honestly have never ever seen three labels before this post. Three labels usually not seen in a single service provider domain, routers always have two label stack one for VPNv4 and another is for IGP. But in MPLS TE, we have three label stack and definitely it will lead to problems in case of Fast Ethernet because MTU size will be going to change. But if the core is having Gigabyte Ethernet interfaces then no one will screw the happiness of the network. As described in my previous post, everything is same except the termination of the head end tunnel. Previously it was on Mumbai 1 now it is on Mumbai 2. But the vrf which need to be communicated is at Mumbai 1 router. So simply I was terminating the tunnel one hop previous to the egress router.
Click here to download full article.

Click Here To Read Rest Of The Post...

MPLS TE Per VRF Basics - Part 2

While going from home to office and back to home sometimes on same roads lead an excessive time. Everyone want to reach before time so that need to opt any other alternate path which may be long from the regular one. The same fundamental works in networks also. OSPF,EIGRP and BGP are used to manipulate the change the traffic from one path to another. Like in OSPF cost is used to change the path, in EIGRP metric is used and in BGP many attributes like weight,local preference and as-path are used. The problem with all the protocols is that unequal cost load balancing is not possible except EIGRP supports this feature.
In regular topology of service providers, two links are used one for primary and another is for secondary. Many cases the latter path remains empty and unnecessary increasing the capex of the company. With addition to this, to achieve the SLA parameters for esteemed clients, SP need to reroute the traffic of some VPN on the secondary path. For this PBR is used but its very difficult to add the static routes at each and every router in the hop.
For all the problems MPLS TE is the best optimum solution for reroute the traffic on VPN basics. With this case study, all the VPNs will follow the normal path but the one will follow the secondary path which is not used by anyone.

Introduction
The topology is hypothetical model of service provider cloud which servers the MPLS VPN services its customers. New Delhi 2 router is acting as RR and New Delhi1, Hyderabad and Mumbai 1 are acting as PE. All the routers are part of area 0. New Delhi1 ,Hyderabad and Mumbai1 routers are serving two vpns one is TEST and another is TEST1. By default from New Delhi 1 to Mumbai 1 the traffic is routed via directly connected link between the two. But for some specific requirement of vpn TEST, its traffic will follow the new path New Delhi1 → Hyderabad → Mumbai 2 → Mumbai 1.


Basic Topology

Figure 1

MPLS TE
To achieve the objective MPLS TE is used with static routes and RSVP is used for reserving the bandwidth of 200 Kbps on per interfaces.

How to achieve the objective

Now SP want to change the traffic of VRF TEST via Delhi1 → Hyderabadhttp://www.blogger.com/img/blank.gif → Mumbai 2 → Mumbai 1.. To acomplish the task TE tunnel is created. With TE a bgp next-hop attribute is used with in the vrf and a static route is imposed on the headend router for this loopback. By doing this all the VRF TEST routes will come with the new loopback instead of MP-iBGP loopback as next hop. The static route will forward the traffic within the tunnel where the destination will be the new loopback.
MPLS TE tunnels are unidirectional. So new loopback is created at Mumbai1.


Click here to download full article.

Required Configuration

Configuration at Mumbai 1

ip vrf TEST
rd 65500:1
route-target export 65500:1
route-target import 65500:1
bgp next-hop Loopback500
!
ip vrf TEST1
rd 65500:2
route-target export 65500:2
route-target import 65500:2
!
mpls traffic-eng tunnels
!
interface Loopback500
Description ### This loopback will become the next-hop for vrf TEST ###
ip address 172.16.100.100 255.255.255.255
ip ospf 1 area 0
!


Configuration at Delhi 1

ip vrf TEST
rd 65500:1
route-target export 65500:1
route-target import 65500:1
!
ip vrf TEST1
rd 65500:2
route-target export 65500:2
route-target import 65500:2
!
mpls traffic-eng tunnels
!
interface Tunnel100
ip unnumbered Loopback0
mpls ip
tunnel destination 172.16.100.3
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 1 explicit name TEST
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
!
ip explicit-path name TEST enable
next-address 172.16.1.9
next-address 172.16.1.14
next-address 172.16.1.26
!
ip route 172.16.100.100 255.255.255.255 Tunnel100


Configuration is required at every router which is participating in MPLS TE

router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0

Interfaces which are part of MPLS TE

mpls traffic-eng tunnels
ip rsvp bandwidth 200 200


Outputs

Figure 2

Figure 2 depicted the output of show ip cef vrf TEST command which is explicitly states that 172.16.100.100 is used as next hop which is loopback 500 on Mumbai 1. 32 is the IG label and 33 is the vpnv4 label. So throughout the path IGP label will be changed.


Figure 3

The above figure 3 depicted that tunnel 100 is using label 32 for outgoing with serial 0/0 as outgoing interface. At Hyderabad end this 32 should be the local label and have mapped some outgoing label for forwarding.


Figure 4
Output of figure 4 is used for cross verifying the outputs captured in Figure 3


Figure 5

Figure 5 depicts the output of local label 32 which is used in figure 3 as outgoing. After reaching hyderabd PE 32 becomes the local label and swapped with 29. Next output depicts that Mumbai 2 is having 29 as local label and pop tag is used for PHP.



Figure 6

Figure 6 depicts that 29 is used as local and further PHP is used for Mumbai 1.



Figure 7

Figure 7 depicts that vrf TEST is following the alternate path.



Figure 8 depicts that vrf TEST1 is following the directly connected path.

Delhi1#sh conf
Using 3218 out of 129016 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Delhi1
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf TEST
rd 65500:1
route-target export 65500:1
route-target import 65500:1
!
ip vrf TEST1
rd 65500:2
route-target export 65500:2
route-target import 65500:2
!
mpls traffic-eng tunnels
!!
interface Loopback0
ip address 172.16.100.1 255.255.255.255
ip ospf 1 area 0
!
interface Loopback100
ip vrf forwarding TEST
ip address 192.168.1.1 255.255.255.255
!
interface Loopback200
ip vrf forwarding TEST1
ip address 192.168.1.1 255.255.255.255
interface Tunnel100
ip unnumbered Loopback0
mpls ip
tunnel destination 172.16.100.3
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 1 explicit name TEST
no routing dynamic
!
interface Serial0/0
ip address 172.16.1.10 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
ip rsvp bandwidth 200 200
!
interface Serial0/1
ip address 172.16.1.30 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial0/2
ip address 172.16.1.33 255.255.255.252
ip ospf cost 1
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
ip rsvp bandwidth 200 200
!
interface Serial0/3
ip address 172.16.1.42 255.255.255.252
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
router-id 172.16.100.1
log-adjacency-changes
!
router bgp 65500
no synchronization
bgp router-id 172.16.100.1
bgp log-neighbor-changes
neighbor 172.16.100.2 remote-as 65500
neighbor 172.16.100.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 172.16.100.2 activate
neighbor 172.16.100.2 send-community both
exit-address-family
!
address-family ipv4 vrf TEST1
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf TEST
redistribute connected
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
ip route 172.16.100.100 255.255.255.255 Tunnel100
!
!
!
ip explicit-path name TEST enable
next-address 172.16.1.9
next-address 172.16.1.14
next-address 172.16.1.26
!
mpls ldp router-id Loopback0 force
!
control-plane
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
End






mum1#sh configuration
Using 3288 out of 129016 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname mum1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf TEST
rd 65500:1
route-target export 65500:1
route-target import 65500:1
bgp next-hop Loopback500
!
ip vrf TEST1
rd 65500:2
route-target export 65500:2
route-target import 65500:2
!
mpls traffic-eng tunnels
!
interface Loopback0
ip address 172.16.100.3 255.255.255.255
ip ospf 1 area 0
!
interface Loopback100
ip vrf forwarding TEST
ip address 192.168.1.3 255.255.255.255
!
interface Loopback200
ip vrf forwarding TEST1
ip address 192.168.1.3 255.255.255.255
!
interface Loopback500
ip address 172.16.100.100 255.255.255.255
ip ospf 1 area 0
!
interface Tunnel100
ip unnumbered Loopback0
mpls ip
tunnel destination 172.16.100.1
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 1 explicit name TEST
!
interface Serial0/0
ip address 172.16.1.6 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
no fair-queue
ip rsvp bandwidth 200 200
ip rsvp resource-provider none
!
interface Serial0/1
ip address 172.16.1.29 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial0/2
ip address 172.16.1.26 255.255.255.252
ip ospf cost 1
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
no fair-queue
ip rsvp bandwidth 200 200
!
interface Serial0/3
ip address 172.16.1.45 255.255.255.252
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
router-id 172.16.100.3
log-adjacency-changes
!
router bgp 65500
no synchronization
bgp router-id 172.16.100.3
bgp log-neighbor-changes
neighbor 172.16.100.2 remote-as 65500
neighbor 172.16.100.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 172.16.100.2 activate
neighbor 172.16.100.2 send-community both
exit-address-family
!
address-family ipv4 vrf TEST1
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf TEST
redistribute connected
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
!
ip explicit-path name TEST enable
next-address 172.16.1.25
next-address 172.16.1.13
next-address 172.16.1.10
!
!
ip access-list standard LOOP
deny 172.16.100.100
permit 172.16.100.0 0.0.0.255 log
!
!
mpls ldp router-id Loopback0 force
!
control-plane
!

line con 0
line aux 0
line vty 0 4
login
!
!
end

mum1#$



hyd#sh conf
Using 3000 out of 129016 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname hyd
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
ip vrf TEST
rd 65500:1
route-target export 65500:1
route-target import 65500:1
!
ip vrf TEST1
rd 65500:2
route-target export 65500:2
route-target import 65500:2
!
mpls traffic-eng tunnels
!
!
interface Loopback0
ip address 172.16.100.6 255.255.255.255
ip ospf 1 area 0
!
interface Loopback100
ip vrf forwarding TEST
ip address 192.168.1.6 255.255.255.255
!
interface Loopback200
ip vrf forwarding TEST1
ip address 192.168.1.6 255.255.255.255
!
!
interface Serial0/0
ip address 172.16.1.9 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
no fair-queue
ip rsvp bandwidth 200 200
!
interface Serial0/1
ip address 172.16.1.13 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
ip rsvp bandwidth 200 200
!
interface Serial0/2
ip address 172.16.1.17 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial0/3
no ip address
serial restart-delay 0
!
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
router-id 172.16.100.6
log-adjacency-changes
!
router bgp 65500
no synchronization
bgp router-id 172.16.100.6
bgp log-neighbor-changes
neighbor 172.16.100.2 remote-as 65500
neighbor 172.16.100.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 172.16.100.2 activate
neighbor 172.16.100.2 send-community both
exit-address-family
!
address-family ipv4 vrf TEST1
redistribute connected
no synchronization
exit-address-family
!
address-family ipv4 vrf TEST
redistribute connected
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
!
!
!
ip explicit-path name AHM enable
next-address 172.16.1.10
next-address 172.16.1.34
next-address 172.16.1.1
!
!

!
mpls ldp router-id Loopback0 force
!
control-plane
!

line con 0
line aux 0
line vty 0 4
login
!
!
end

hyd#





delhi2#sh conf
Using 2248 out of 129016 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname delhi2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$qNJk$HN7mwD3RnxWfCHCSmG/QG1
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
mpls traffic-eng tunnels
!
interface Loopback0
ip address 172.16.100.2 255.255.255.255
ip ospf 1 area 0
!
interface Serial0/0
ip address 172.16.1.37 255.255.255.252
ip ospf cost 50
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
serial restart-delay 0
no fair-queue
!
interface Serial0/1
ip address 172.16.1.2 255.255.255.252
ip ospf cost 60
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
ip rsvp bandwidth 200 200
!
interface Serial0/2
ip address 172.16.1.34 255.255.255.252
ip ospf cost 1
ip ospf 1 area 0
mpls label protocol ldp
mpls ip
mpls traffic-eng tunnels
serial restart-delay 0
ip rsvp bandwidth 200 200
!
interface Serial0/3
no ip address
serial restart-delay 0
!
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
router-id 172.16.100.2
log-adjacency-changes
!
router bgp 65500
no synchronization
bgp router-id 172.16.100.2
bgp log-neighbor-changes
neighbor 172.16.100.1 remote-as 65500
neighbor 172.16.100.1 update-source Loopback0
neighbor 172.16.100.3 remote-as 65500
neighbor 172.16.100.3 update-source Loopback0
neighbor 172.16.100.6 remote-as 65500
neighbor 172.16.100.6 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 172.16.100.1 activate
neighbor 172.16.100.1 send-community both
neighbor 172.16.100.1 route-reflector-client
neighbor 172.16.100.3 activate
neighbor 172.16.100.3 send-community both
neighbor 172.16.100.3 route-reflector-client
neighbor 172.16.100.6 activate
neighbor 172.16.100.6 send-community both
neighbor 172.16.100.6 route-reflector-client
exit-address-family
!
ip http server
no ip http secure-server
!
mpls ldp router-id Loopback0 force
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
end


Click Here To Read Rest Of The Post...

MPLS TE Per VRF Basics

Service Providers are looking to divert some vpns traffic on redundant part so as so utilize the links and provide priority to delay sensitive traffic. MPLS TE is the best tool to use this.
Click here to download full article.

Click Here To Read Rest Of The Post...

Explicit Route Object

Signaling of MPLS is covered in my previous post. In this post I will be covering the functionality of Explicit Route Object aka ERO. MPLS TE builds in two ways one is with the help of dynamic process and another way is to establish is statically. In latter case ERO is used. ERO is having two parts one is Loose and another is Strict. Loose means from headend to tailend which is not directly connected and Strict means a directly connetced. Most of cases we use ERO and specifiy the next hop address but the problem occurs when multiple paths are available. For multiple path selction we require CSPF which will be explained in next post.


Click Here To Read Rest Of The Post...

Path Resv Messages

I wrote in the previous post about traffic engineering, how it could help to utilize the secondary link in case when primary link is congested. MPLS TE is used set up the tunnels from headend to tailend routers. Intermediate routers are only responsible to forward the tarffic. MPLS TE uses RSVP signalling which is aka Resource Reservation Protocol. It uses two messages to acomplaish this signaling: Path Messages & Resv Messages.

R1--R2---R3

According to the picture, R1 wants to set up the an MPLS TE with R3. R1 sends the path messages along the path to reserve the resources. If the requested resources are not available than router sends a message back to the requested router which is ingress router and it look for the another path. If another path is not available then in that case it would fail to establish the MPLE TE. MPLS TE signaling always flow from ingress router to egress router with path messages and labels distribution occured from egress to ingress with resv messages.

Click Here To Read Rest Of The Post...

Traffic Engineering - Wonderful Gift

A general problem of empty secondary link is faced in service provider cloud. The primary link is runnnig out of bandwidth and secondary link is running as empty. If the tarffic works on load share or load balance form, customers might face the application issues. This situation is only overcome by traffic engineering.
Cisco provides the RSVP to implement traffic engineering tunnels but an another method is also there which is CRLDP which is not supported by cisco.
So next time when crunch of bandwidth is faced, implement traffic engineering in cloud.
Click Here To Read Rest Of The Post...