There are two customer VRFs now: “VOICE” and “DATA.”
XRv13 and XRv14 each have one interface and one loopback in each VRF. They are running VRF Lite:
VOICE
XRv13
Lo0= 100.13.13.13/32
XRv14
Lo0 = 100.14.14.14/32
DATA
XRv13
Lo1= 200.13.13.13/32
XRv14
Lo1 = 200.14.14.14/32
Configure two bidirectional TE tunnels between CSR8 and XRv11.
The Voice TE tunnel should use most direct path between the two PEs.
It should reserve 5M of CT1 bandwidth using the MAM model so that this bandwidth is protected.
The Data TE tunnel should use the path: CSR8-CSR6-CSR9-CSR10-XR12-XR11.
Answer
Configure DS-TE IETF mode with MAM on at least one path between CSR8 and XR11.
#CSR8
mpls traffic-eng ds-te mode ietf
mpls traffic-eng ds-te bc-model mam
!
int gi2.568
ip rsvp bandwidth mam max-reservable-bw 1000000 bc0 950000 bc1 50000
#CSR6
mpls traffic-eng ds-te mode ietf
mpls traffic-eng ds-te bc-model mam
!
int gi2.568
ip rsvp bandwidth mam max-reservable-bw 1000000 bc0 950000 bc1 50000
int gi2.562
ip rsvp bandwidth mam max-reservable-bw 1000000 bc0 950000 bc1 50000
#XR12
mpls traffic-eng
ds-te mode ietf
ds-te bc-model mam
!
rsvp
interface GigabitEthernet0/0/0/0.512
bandwidth mam max-reservable-bw 1000000 bc0 950000 bc1 50000
bandwidth 1000000
!
interface GigabitEthernet0/0/0/0.562
bandwidth mam max-reservable-bw 1000000 bc0 950000 bc1 50000
bandwidth 1000000
#XR11
mpls traffic-eng
ds-te mode ietf
ds-te bc-model mam
!
rsvp
interface GigabitEthernet0/0/0/0.512
bandwidth mam max-reservable-bw 1000000 bc0 950000 bc1 50000
Configure TE tunnels and a secondary loopback for DATA VRF.
#CSR8
int lo1
ip add 8.8.8.9 255.255.255.255
ip ospf 1 area 0 ! Not strictly necessary
!
vrf def DATA
add ipv4
bgp next-hop Lo1
!
int tun0
description VOICE_TO_XR11
tunnel dest 11.11.11.11
ip unn lo0
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng bandwidth 5000 class-type 1
tunnel mpls traffic-eng priority 0 0
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 1 dynamic
!
ip explicit-path name CSR8-CSR6-CSR9-CSR10-XR12-XR11
next-address 6.6.6.6
next-address 9.9.9.9
next-address 10.10.10.10
next-address 12.12.12.12
next-address 11.11.11.11
!
int tun1
description DATA_TO_XR11
ip unn lo0
tunnel dest 11.11.11.11
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 1 explicit name CSR8-CSR6-CSR9-CSR10-XR12-XR11
!
ip route 11.11.11.12 255.255.255.255 tun1
#XR11
int Lo1
ip add 11.11.11.12/32
!
router ospf 1
area 0
int Lo1
!
route-policy VPNV4_NEXTHOP
if extcommunity rt matches-any (2:2) then
set next-hop 11.11.11.12
endif
pass
end-policy
!
router bgp 132
af-group AF_VPNV4 address-family vpnv4 unicast
route-policy VPNV4_NEXTHOP out
!
int tunnel-te0
description VOICE_TO_CSR8
dest 8.8.8.8
ip unn lo0
autoroute announce
signalled-bandwidth 5000 class-type 1
priority 0 0
path-option 1 dynamic
!
explicit-path name XR11-XR12-CSR10-CSR9-CSR6-CSR8
index 1 next-address 12.12.12.12
index 2 next-address 10.10.10.10
index 3 next-address 9.9.9.9
index 4 next-address 6.6.6.6
index 5 next-address 8.8.8.8
!
int tunnel-te1
description DATA_TO_CSR8
dest 8.8.8.8
ip unn lo0
path-option 1 explicit name XR11-XR12-CSR10-CSR9-CSR6-CSR8
!
router static add ipv4 uni
8.8.8.9/32 tunnel-te1
Explanation
DS-TE is covered in a separate lab, so we won’t go into its details here.
For TE tunnels that you want to use on a per-VRF basis, you must use a separate loopback. We configure Lo1 for this purpose on CSR8 and XR11:
#CSR8
int lo1
ip add 8.8.8.9 255.255.255.255
ip ospf 1 area 0
#XR11
int Lo1
ip add 11.11.11.12/32
!
router ospf 1
area 0
int Lo1
Next, we need to configure these loopbacks as the VPNv4 nexthop for the routes exported from the DATA VRF. This is simple to do on IOS-XE, using a built-in command just for this purpose, but it requires an RPL on IOS-XR.
#CSR8
vrf def DATA
add ipv4
bgp next-hop Lo1
#XR11
route-policy VPNV4_NEXTHOP
if extcommunity rt matches-any (2:2) then
set next-hop 11.11.11.12
endif
pass
end-policy
!
router bgp 132
af-group AF_VPNV4 address-family vpnv4 unicast
route-policy VPNV4_NEXTHOP out
You may need to clear BGP VPNv4 routes. You should now see that VOICE routes are learned via Lo0 as usual, and the DATA routes have a BGP nexthop of Lo1.
Finally, we must configure the TE tunnels. This is no different than before, however you need to watch out for the TE tunnel destination. The destination is not an IP address, it is a TE RID. So if you try to build the DATA TE tunnel with a destination of Lo1, the tunnel cannot be resolved. Instead, we build both TE tunnels destined to the Lo0 address, and then use a static route to steer traffic destined for the Lo1 address out the appropriate TE tunnel.
#CSR8
int tun0
description VOICE_TO_XR11
tunnel dest 11.11.11.11
tunnel mpls traffic-eng autoroute announce
!
int tun1
description DATA_TO_XR11
tunnel dest 11.11.11.11
!
ip route 11.11.11.12 255.255.255.255 tun1
#XR11
int tunnel-te0
description VOICE_TO_CSR8
dest 8.8.8.8
autoroute announce
!
int tunnel-te1
description DATA_TO_CSR8
dest 8.8.8.8
!
router static add ipv4 uni
8.8.8.9/32 tunnel-te1
Note that if you accidentally build the TE tunnel to the Lo1 address, you can verify the issue multiple ways. One way is to use “show mpls traffic-eng topology path destination <Lo1 address>.” This will run PCALC on the router and give you the following error:
#CSR8
int tun10
description DATA_TO_XR11_TEST
ip unn lo0
tunnel dest 11.11.11.12
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 1 dynamic
Additionally, we can debug path errors while the router tries to calculate the tunnel as well:
#CSR8
debug mpls traffic-eng path errors
debug mpls traffic-eng path lookup
!
int tun10
shut
no shut
Verification
Traffic between XR13 and XR14 in the VOICE VRF should take the most direct path:
Traffic between XR13 and XR14 in the DATA VRF should take the “long” path:
In summary, per-VRF TE tunnels are not a new configuration. You configure multiple TE tunnels as usual. The difference is that you set the BGP nexthop different per VRF. You then must steer the traffic to the different loopback to the appropriate TE tunnel based on a static route.
