Per-VRF TE Tunnels

Load flash:mpls.te.per.vrf.init.cfg

#IOS-XE
config replace flash:mpls.te.per.vrf.init.cfg

#IOS-XR
configure
load bootflash:mpls.te.per.vrf.init.cfg
commit replace
y

There are two customer VRFs now: “VOICE” and “DATA.”

XRv13 and XRv14 each have one interface and one loopback in each VRF. They are running VRF Lite:

  • VOICE

    • XRv13

      • Lo0= 100.13.13.13/32

    • XRv14

      • Lo0 = 100.14.14.14/32

  • DATA

    • XRv13

      • Lo1= 200.13.13.13/32

    • XRv14

      • Lo1 = 200.14.14.14/32

Configure two bidirectional TE tunnels between CSR8 and XRv11.

  • The Voice TE tunnel should use most direct path between the two PEs.

    • It should reserve 5M of CT1 bandwidth using the MAM model so that this bandwidth is protected.

  • The Data TE tunnel should use the path: CSR8-CSR6-CSR9-CSR10-XR12-XR11.

Answer

Configure DS-TE IETF mode with MAM on at least one path between CSR8 and XR11.

#CSR8
mpls traffic-eng ds-te mode ietf
mpls traffic-eng ds-te bc-model mam
!
int gi2.568
 ip rsvp bandwidth mam max-reservable-bw 1000000 bc0 950000 bc1 50000

#CSR6
mpls traffic-eng ds-te mode ietf
mpls traffic-eng ds-te bc-model mam
!
int gi2.568
 ip rsvp bandwidth mam max-reservable-bw 1000000 bc0 950000 bc1 50000
int gi2.562
 ip rsvp bandwidth mam max-reservable-bw 1000000 bc0 950000 bc1 50000

#XR12
mpls traffic-eng
 ds-te mode ietf
 ds-te bc-model mam
!
rsvp
 interface GigabitEthernet0/0/0/0.512
  bandwidth mam max-reservable-bw 1000000 bc0 950000 bc1 50000
  bandwidth 1000000
 !
 interface GigabitEthernet0/0/0/0.562
  bandwidth mam max-reservable-bw 1000000 bc0 950000 bc1 50000
  bandwidth 1000000

#XR11
mpls traffic-eng
 ds-te mode ietf
 ds-te bc-model mam
!
rsvp
 interface GigabitEthernet0/0/0/0.512
  bandwidth mam max-reservable-bw 1000000 bc0 950000 bc1 50000

Configure TE tunnels and a secondary loopback for DATA VRF.

#CSR8
int lo1
 ip add 8.8.8.9 255.255.255.255
 ip ospf 1 area 0                  ! Not strictly necessary
!
vrf def DATA
 add ipv4
  bgp next-hop Lo1
!
int tun0
 description VOICE_TO_XR11
 tunnel dest 11.11.11.11
 ip unn lo0
 tunnel mode mpls traffic-eng
 tunnel mpls traffic-eng bandwidth 5000 class-type 1
 tunnel mpls traffic-eng priority 0 0
 tunnel mpls traffic-eng autoroute announce
 tunnel mpls traffic-eng path-option 1 dynamic
!
ip explicit-path name CSR8-CSR6-CSR9-CSR10-XR12-XR11
 next-address 6.6.6.6
 next-address 9.9.9.9
 next-address 10.10.10.10
 next-address 12.12.12.12
 next-address 11.11.11.11
!
int tun1
 description DATA_TO_XR11
 ip unn lo0
 tunnel dest 11.11.11.11
 tunnel mode mpls traffic-eng
 tunnel mpls traffic-eng path-option 1 explicit name CSR8-CSR6-CSR9-CSR10-XR12-XR11
!
ip route 11.11.11.12 255.255.255.255 tun1

#XR11
int Lo1
 ip add 11.11.11.12/32
!
router ospf 1
 area 0
  int Lo1
!
route-policy VPNV4_NEXTHOP
  if extcommunity rt matches-any (2:2) then
    set next-hop 11.11.11.12
  endif
  pass
end-policy
!
router bgp 132
 af-group AF_VPNV4 address-family vpnv4 unicast
  route-policy VPNV4_NEXTHOP out
!
int tunnel-te0
 description VOICE_TO_CSR8
 dest 8.8.8.8
 ip unn lo0
 autoroute announce
 signalled-bandwidth 5000 class-type 1
 priority 0 0
 path-option 1 dynamic
!
explicit-path name XR11-XR12-CSR10-CSR9-CSR6-CSR8
 index 1 next-address 12.12.12.12
 index 2 next-address 10.10.10.10
 index 3 next-address 9.9.9.9
 index 4 next-address 6.6.6.6
 index 5 next-address 8.8.8.8
!
int tunnel-te1
 description DATA_TO_CSR8
 dest 8.8.8.8
 ip unn lo0
 path-option 1 explicit name XR11-XR12-CSR10-CSR9-CSR6-CSR8
!
router static add ipv4 uni
 8.8.8.9/32 tunnel-te1

Explanation

DS-TE is covered in a separate lab, so we won’t go into its details here.

For TE tunnels that you want to use on a per-VRF basis, you must use a separate loopback. We configure Lo1 for this purpose on CSR8 and XR11:

#CSR8
int lo1
 ip add 8.8.8.9 255.255.255.255
 ip ospf 1 area 0

#XR11
int Lo1
 ip add 11.11.11.12/32
!
router ospf 1
 area 0
  int Lo1

Next, we need to configure these loopbacks as the VPNv4 nexthop for the routes exported from the DATA VRF. This is simple to do on IOS-XE, using a built-in command just for this purpose, but it requires an RPL on IOS-XR.

#CSR8
vrf def DATA
 add ipv4
  bgp next-hop Lo1

#XR11
route-policy VPNV4_NEXTHOP
  if extcommunity rt matches-any (2:2) then
    set next-hop 11.11.11.12
  endif
  pass
end-policy
!
router bgp 132
 af-group AF_VPNV4 address-family vpnv4 unicast
  route-policy VPNV4_NEXTHOP out

You may need to clear BGP VPNv4 routes. You should now see that VOICE routes are learned via Lo0 as usual, and the DATA routes have a BGP nexthop of Lo1.

Finally, we must configure the TE tunnels. This is no different than before, however you need to watch out for the TE tunnel destination. The destination is not an IP address, it is a TE RID. So if you try to build the DATA TE tunnel with a destination of Lo1, the tunnel cannot be resolved. Instead, we build both TE tunnels destined to the Lo0 address, and then use a static route to steer traffic destined for the Lo1 address out the appropriate TE tunnel.

#CSR8
int tun0
 description VOICE_TO_XR11
 tunnel dest 11.11.11.11
 tunnel mpls traffic-eng autoroute announce
!
int tun1
 description DATA_TO_XR11
 tunnel dest 11.11.11.11
!
ip route 11.11.11.12 255.255.255.255 tun1

#XR11
int tunnel-te0
 description VOICE_TO_CSR8
 dest 8.8.8.8
 autoroute announce
!
int tunnel-te1
 description DATA_TO_CSR8
 dest 8.8.8.8
!
router static add ipv4 uni
 8.8.8.9/32 tunnel-te1

Note that if you accidentally build the TE tunnel to the Lo1 address, you can verify the issue multiple ways. One way is to use “show mpls traffic-eng topology path destination <Lo1 address>.” This will run PCALC on the router and give you the following error:

#CSR8
int tun10
 description DATA_TO_XR11_TEST
 ip unn lo0
 tunnel dest 11.11.11.12
 tunnel mode mpls traffic-eng
 tunnel mpls traffic-eng path-option 1 dynamic

Additionally, we can debug path errors while the router tries to calculate the tunnel as well:

#CSR8
debug mpls traffic-eng path errors
debug mpls traffic-eng path lookup
!
int tun10
 shut
 no shut

Verification

Traffic between XR13 and XR14 in the VOICE VRF should take the most direct path:

Traffic between XR13 and XR14 in the DATA VRF should take the “long” path:

In summary, per-VRF TE tunnels are not a new configuration. You configure multiple TE tunnels as usual. The difference is that you set the BGP nexthop different per VRF. You then must steer the traffic to the different loopback to the appropriate TE tunnel based on a static route.

PreviousRDM w/ FRR TroubleshootingNextTactical TE Issues

Last updated