# Tunneling LDP inside RSVP

Load **mpls.te.ldp.tunneling.init.cfg**

```
#IOS-XE
config replace flash:mpls.te.ldp.tunneling.init.cfg

#IOS-XR
configure
load bootflash:mpls.te.ldp.tunneling.init.cfg
commit replace
y
```

The basic IP addresses, L3VPN between XRv14 and XRv13, ISIS, RSVP, and MPLS-TE has been pre-configured.

There is currently a TE tunnel between CSR9 and CSR10 that goes via CSR2. This is bidirectional. CSR8 and XRv11 have been modified via ISIS metric to use CSR9 and CSR10 as the bestpath to CSR8/XRv11.

Make the necessary configuration changes so that XRv14 and XRv13 can ping each other in their L3VPN. Do not add any additional TE tunnels.

## Answer <a href="#a9b18bd0-feaa-48fb-a221-4f4264a95286" id="a9b18bd0-feaa-48fb-a221-4f4264a95286"></a>

First we must enable LDP between CSR8↔CSR9 and CSR10↔XRv11:

```
#CSR8, CSR9
int gi2.589
 mpls ip

#CSR10
int gi2.501
 mpls ip

#XRv11
mpls ldp
 interface GigabitEthernet0/0/0/0.501
```

You may think we have an end-to-end LSP between CSR8 and XRv11 at this point, however the L3VPN traffic is not working. Here’s what happens:

* CSR8 pushes a label stack of { < CSR9’s label for XRv11> < VPN label> }
* CSR9 pops the top label and pushes the TE label: { < TE label to CSR10 > < VPN label > }
* CSR2 pops the top label and delivers to CSR10 with just { \<VPN label> }
* CSR10 drops the traffic

To solve this, we must run LDP within the TE tunnel, between CSR9 and CSR10. Then CSR9 will need to push two labels: the TE tunnel label and the LDP label for XRv11 learned from CSR10. Both functions are enabled simply by enabling LDP on the tunnel interface.

```
#CSR9, CSR10
int tun0
 mpls ip
```

An LDP adjacency between CSR9 and CSR10 will come up. This is a targetted session. LDP is not actually running over the tunnel. Instead think of this as enabling LDP functionality on the tunnel. A targetted session is established, and the router will push the TE tunnel endpoint’s LDP label onto traffic forwarded down the tunnel.

Now the label stack outgoing from CSR9 looks like this: { \<TE label> \<CSR10’s LDP label for XRv11> \<VPN label> }

Traffic between XRv13 and XRv14 is working:

<div align="left"><figure><img src="/files/DqYvfjAaHD4WWld10bBS" alt=""><figcaption></figcaption></figure></div>

<div align="left"><figure><img src="/files/kx3qntZPTZmTiBh543HR" alt=""><figcaption></figcaption></figure></div>

The **mpls ip** command on a TE tunnel instructs the router to form a targetted LDP session with the tunnel destination, and to push the tunnel destination’s LDP label as a second label when forwarding traffic through the RSVP tunnel. (The top label is the RSVP label learned from the downstream RSVP peer as usual).

## Conclusion <a href="#id-11fa9dfe-9e54-405a-82e3-8e356e016ad4" id="id-11fa9dfe-9e54-405a-82e3-8e356e016ad4"></a>

TE tunnels might be isolated to only the core between P routers. This could be done to provide FRR within the core, and help with scalability, because now you are not forming a full mesh of tunnels between all PE routers. However, you need to tunnel LDP within the TE tunnels so that the label is not prematurely popped, exposing the VPN label too early, which blackholes traffic.

## Further Reading <a href="#id-380da2e6-e0b7-49b7-ab18-81236cb6540a" id="id-380da2e6-e0b7-49b7-ab18-81236cb6540a"></a>

<https://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/29828-mplsvpnte.html>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ccie-sp.gitbook.io/ccie-spv5.1-labs/labs/mpls-te/tunneling-ldp-inside-rsvp.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.