Wednesday, September 30, 2009

PER VRF TE TUNNEL

If there is a requirement to have a TE tunnel per VRF, we need to use the BGP-next hop trick.
- Three VPNs are configured on R1(CE1) and R7(CE2).
- Three TE tunnels are created between R2(PE1) and R6(PE6) using the same global Loopback IP.
- VPN1 traffic goes via the TE tunnel CE1-R2-R3-R6-CE2 in both directions
- VPN2 traffic goes via the TE tunnel CE1-R2-R4-R6-CE2 in both directions
- VPN3 traffic goes via the TE tunnel CE1-R2-R5-R6-CE2 in both directions

In case of failure of any one tunnel, traffic will auto switch to any other tunnel. Autroute is used for this purpose on all tunnels + Static route is used to force the respective tunnel when the respective tunnel is up.
BGP next-hop method is used to separate the BGP next-hops per VRF. Three separate Loopbacks have been created. This method has a few disadvantages including the AS_PATH information loss. So kind of not recommended.
Targeted LDP is needed since BGP-NEXT hop is different than TE tunnel IP addr.

Config:
ip vrf VPN1
rd 1:1
route-target export 1:1
route-target import 1:1
bgp next-hop Loopback1-> dedicated Loopback for VPN1; this is used and sent as the BGP next-hop.
!
ip vrf VPN2
rd 1:2
route-target export 1:2
route-target import 1:2
bgp next-hop Loopback2-> dedicated Loopback for VPN1; this is used and sent as the BGP next-hop as well.
!
ip vrf VPN3
rd 1:3
route-target export 1:3
route-target import 1:3
bgp next-hop Loopback3-> dedicated Loopback for VPN1; this is used and sent as the BGP next-hop as well.
!
mpls traffic-eng tunnels
!
interface Tunnel0
description ## TE_VPN1_VIA_P3 ##
ip unnumbered Loopback0 -------------> tunnel using the shared global Loopback
mpls ip
tunnel destination 6.6.6.6 -------------> tunnel using the shared global Loopback
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce -------> other routing optins can be used
tunnel mpls traffic-eng priority 7 7
tunnel mpls traffic-eng bandwidth 500
tunnel mpls traffic-eng path-option 1 explicit name TE_VPN1_VIA_P3
no clns route-cache
!
interface Tunnel1
ip unnumbered Loopback0
mpls ip
tunnel destination 6.6.6.6
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 1 explicit name TE_VPN2_VIA_P4
no clns route-cache
!
interface Tunnel2
ip unnumbered Loopback0
mpls ip
tunnel destination 6.6.6.6
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 1 explicit name TE_VPN3_VIA_P5
no clns route-cache
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip router isis
!
interface Loopback1
ip address 10.254.254.1 255.255.255.255 -> dedicated Loopback for VPN1; this is used and sent as the BGP next-hop as well.
ip router isis
!
interface Loopback2
ip address 11.254.254.1 255.255.255.255 -> dedicated Loopback for VPN2; this is used and sent as the BGP next-hop as well.
ip router isis
!
interface Loopback3
ip address 12.254.254.1 255.255.255.255 -> dedicated Loopback for VPN3; this is used and sent as the BGP next-hop as well.
ip router isis
!
interface Ethernet1/0
ip vrf forwarding VPN1
ip address 10.1.1.2 255.255.255.0
duplex full
no clns route-cache
!
interface Ethernet1/1
ip vrf forwarding VPN2
ip address 11.1.1.2 255.255.255.0
duplex full
no clns route-cache
!
interface Ethernet1/2
ip vrf forwarding VPN3
ip address 12.1.1.2 255.255.255.0
duplex full
no clns route-cache
!
interface Serial2/0
ip address 23.23.23.1 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
serial restart-delay 0
ip rsvp bandwidth 700
!
interface Serial2/1
ip address 24.24.24.1 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
serial restart-delay 0
ip rsvp bandwidth
!
interface Serial2/2
ip address 25.25.25.1 255.255.255.0
ip router isis
mpls traffic-eng tunnels
mpls ip
serial restart-delay 0
ip rsvp bandwidth
!
router ospf 2 vrf VPN1
log-adjacency-changes
redistribute bgp 1 subnets
network 10.0.0.0 0.255.255.255 area 0
!
router ospf 3 vrf VPN2
log-adjacency-changes
redistribute bgp 1 subnets
network 11.0.0.0 0.255.255.255 area 0
!
router ospf 4 vrf VPN3
log-adjacency-changes
redistribute bgp 1 subnets
network 12.0.0.0 0.255.255.255 area 0
!
router isis
net 49.1111.1111.1111.00
metric-style wide
mpls traffic-eng router-id Loopback0
mpls traffic-eng level-1
!
router bgp 1
bgp router-id 1.1.1.1
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 6.6.6.6 remote-as 1
neighbor 6.6.6.6 update-source Loopback0
!
address-family ipv4
neighbor 6.6.6.6 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN3
redistribute ospf 4 vrf VPN3
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf VPN2
redistribute ospf 3 vrf VPN2
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf VPN1
redistribute ospf 2 vrf VPN1
no auto-summary
no synchronization
exit-address-family
!
ip classless
ip route 20.254.254.6 255.255.255.255 Tunnel0 -> static route for the other side's received BGP-Next-hop
ip route 21.254.254.6 255.255.255.255 Tunnel1
ip route 22.254.254.6 255.255.255.255 Tunnel2
!
no ip http server
!
!
ip explicit-path name TE_VPN1_VIA_P3 enable
next-address 23.23.23.3
next-address 36.36.36.6
next-address 6.6.6.6
!
ip explicit-path name TE_VPN2_VIA_P4 enable
next-address 24.24.24.4
next-address 46.46.46.6
next-address 6.6.6.6
!
ip explicit-path name TE_VPN3_VIA_P5 enable
next-address 25.25.25.5
next-address 56.56.56.6
next-address 6.6.6.6

1 comment:

  1. TE Tunnels over 6VPE.
    Command:
    Vrf definition Customer
    Add-family ipv6
    But Here can not BGP next-hop command.
    Can you have different method to transport traffic per VRF by TE tunnels???

    ReplyDelete