MPLS TE Tunnel Protection

Created: Feb 14, 2020 23:09:27Latest reply: Feb 17, 2020 14:47:02 180 4 0 0
  Rewarded HiCoins: 0 (problem resolved)

Hello,

I'm working on this lab in last two weeks and the goal I want to achieve is the following:

  • VLAN10 traffic = primary path: CE1-PE1-PE4-PE3-CE4

                                   backup path: CE1-PE1-PE2-PE3-CE4

I want to create a seperate protect tunnel for VLAN 10 and VLAN 11.

If a working link fails, traffic switches to a protect tunnel quickly with minimizing traffic interruptions.


I'm new to MPLS and learning on the fly.

Would this config work? I want that only VLAN 10 to be protected.


MPLS


#

sysname PE1

#

vcmp role silent

#

vlan batch 10

#

lnp disable

#

mpls lsr-id 1.1.2.9

mpls

 mpls te

 mpls rsvp-te

 mpls te cspf

#

mpls l2vpn

#

vsi test static

 pwsignal ldp

  vsi-id 2

  peer 1.1.4.9

#

explicit-path hotstandby-path

 next hop 172.1.1.1

 next hop 172.4.1.1

 next hop 1.1.4.9

#

explicit-path pri-path

 next hop 172.3.1.2

 next hop 172.2.1.2

 next hop 1.1.4.9

#

lsp-attribute lsp_attribute_hotstandby

 explicit-path hotstandby-path

 hop-limit 12

 commit

#

lsp-attribute lsp_attribute_pri

 explicit-path pri-path

 commit

#

mpls ldp

 loop-detect

 outbound peer all split-horizon

#

mpls ldp remote-peer 1.1.4.9

 remote-ip 1.1.4.9

#

interface Vlanif10

 l2 binding vsi test

#

interface XGigabitEthernet0/0/1

 port link-type dot1q-tunnel

 port default vlan 10

#

interface XGigabitEthernet0/0/22

 undo portswitch

 mtu 9216

 ip address 172.1.1.2 255.255.255.252

 ospf mtu-enable

 ospf network-type p2p

 mpls

 mpls te

 mpls rsvp-te

 mpls ldp

#

interface XGigabitEthernet0/0/24

 undo portswitch

 mtu 9216

 ip address 172.3.1.1 255.255.255.252

 ospf mtu-enable

 ospf network-type p2p

 mpls

 mpls te

 mpls rsvp-te

 mpls ldp

#

interface LoopBack1

 ip address 1.1.2.9 255.255.255.255

#

interface Tunnel1

 ip address unnumbered interface LoopBack1

 tunnel-protocol mpls te

 destination 1.1.4.9

 mpls te tunnel-id 100

 mpls te primary-lsp-constraint lsp-attribute lsp_attribute_pri

 mpls te hotstandby-lsp-constraint 1 lsp-attribute lsp_attribute_hotstandby

 mpls te record-route

 mpls te commit

#

ospf 1 router-id 1.1.2.9

 opaque-capability enable

 area 0.0.0.0

  network 1.1.2.9 0.0.0.0

  network 172.1.1.0 0.0.0.255

  network 172.3.1.0 0.0.0.255

  mpls-te enable

#





  • x
  • convention:

Featured Answers

Recommended answer

LuizPuppin
MVE Created Feb 16, 2020 15:02:38 Helpful(1) Helpful(1)

@mokenned

I already use this config on a lab with L2VC. I think that is the config that you need.

#
mpls lsr-id 10.2.255.1
mpls
mpls te
lsp-trigger all
mpls rsvp-te
mpls te cspf
undo ttl propagate public
undo ttl expiration pop
#
mpls l2vpn
#
explicit-path PE--07
next hop 172.16.100.2
next hop 172.16.100.6
next hop 10.100.0.22
next hop 10.2.255.7
#
explicit-path PE-07.01
next hop 10.100.0.2
next hop 10.100.0.6
next hop 10.100.0.10
next hop 10.100.0.14
next hop 10.100.0.22
next hop 10.2.255.7
#
explicit-path ROTA-01-DOWN
next hop 10.100.0.2
next hop 10.100.0.6
next hop 10.100.0.10
next hop 10.100.0.14
next hop 10.2.255.5
#
mpls ldp
graceful-restart
#
interface Vlanif10
description VSI-CE-CLIENTE
mtu 9000
mpls l2vc 10.2.255.5 100 tunnel-policy PE-05 raw
#
interface Vlanif20
description TESTE-CLIENTE-PE-07
mtu 9000
mpls l2vc 10.2.255.7 88 tunnel-policy PE-07
#
interface XGigabitEthernet0/0/1
undo portswitch
description CNX-PE02-ROTA.01
mtu 9000
ip address 10.100.0.1 255.255.255.252
ospf network-type p2p
ospf ldp-sync
mpls
mpls te
mpls rsvp-te
mpls ldp
#
interface XGigabitEthernet0/0/2
description TRUNK-ROUTER-BGP
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 828
#
interface XGigabitEthernet0/0/15
undo portswitch
description CNX-PE04-ROTA.02
mtu 9000
ip address 172.16.100.1 255.255.255.252
ospf network-type p2p
ospf ldp-sync
mpls
mpls te
mpls rsvp-te
mpls ldp
#
interface XGigabitEthernet0/0/24
undo portswitch
description CNX-PE07-ROTA.03
mtu 9000
ip address 172.16.100.9 255.255.255.252
ospf network-type p2p
mpls
mpls te
mpls rsvp-te
mpls ldp
#
interface LoopBack0
ip address 10.2.255.1 255.255.255.255
#
interface Tunnel100
description ROTA-01-DOWN
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 10.2.255.5
mpls te tunnel-id 100
mpls te path explicit-path ROTA-01-DOWN
mpls te igp shortcut ospf
mpls te igp metric absolute 1
mpls te commit
#
interface Tunnel200
description DOWN-PE-07-ROTA.02
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 10.2.255.7
mpls te tunnel-id 200
mpls te record-route
mpls te path explicit-path PE-07.01
mpls te path explicit-path PE--07 secondary
mpls te backup hot-standby mode revertive wtr 15
mpls te backup ordinary best-effort
mpls te igp shortcut ospf
mpls te igp metric absolute 1
mpls te reserved-for-binding
mpls te commit
#
ospf 1 router-id 10.2.255.1
import-route direct
import-route static
opaque-capability enable
graceful-restart
enable traffic-adjustment advertise
area 0.0.0.0
network 10.2.255.1 0.0.0.0
network 10.100.0.0 0.0.0.3
network 10.100.0.252 0.0.0.3
network 172.16.100.0 0.0.0.3
network 172.16.100.8 0.0.0.3
mpls-te enable
#
tunnel-policy PE-05
tunnel select-seq cr-lsp lsp load-balance-number 1
#
tunnel-policy PE-07
tunnel binding destination 10.2.255.7 te Tunnel200
#
return
  • x
  • convention:

I%20have%2020%20years%20working%20with%20telecom%20market.%20On%20all%20this%20time%20I%20worked%20always%20in%20great%20projects.%20The%20biggest%20was%20the%202014%20World%20Cup%20Command%20and%20Control%20Centre%2C%20where%20I%20was%20the%20Soluction%20Architect%20and%20Implementation%20Manager%20of%20Network%20and%20security%20Solution.%0AI%20work%20with%20Huawei%20s%20products%20to%20ISP%20Market%20since%202015%20and%20in%202017%20started%20to%20present%20trainnings%20customized%20to%20this%20market%2C%20focused%20in%20BGP%20and%20MPLS%20solution.%20I%20had%20more%20than%20400%20students%20and%20more%20than%20100%20ISP%20on%20my%20classes%20on%20last%2018%20mounths.
All Answers
DDSN
DDSN Admin Created Feb 15, 2020 02:53:52 Helpful(0) Helpful(0)

Hi mokenned,

For how to configure MPLS TE protection, please refer to  Example For Configuring CR-LSP hot standby

I hope it helps.

  • x
  • convention:

mokenned
mokenned Created Feb 15, 2020 14:08:49 Helpful(0) Helpful(0)

Hi,
Thanks for reply.
I tested the CR-LSP Hot standby configuration and it is working.
But I want to create a predefine preferred primary and backup path per VSI.

Let's says:
Primary path:
CE2 - PE4 - PE1 - PE2 - CE3
CE1 - PE1 - PE2 - PE3 - CE4

  • x
  • convention:

LuizPuppin
LuizPuppin MVE Created Feb 16, 2020 15:02:38 Helpful(1) Helpful(1)

@mokenned

I already use this config on a lab with L2VC. I think that is the config that you need.

#
mpls lsr-id 10.2.255.1
mpls
mpls te
lsp-trigger all
mpls rsvp-te
mpls te cspf
undo ttl propagate public
undo ttl expiration pop
#
mpls l2vpn
#
explicit-path PE--07
next hop 172.16.100.2
next hop 172.16.100.6
next hop 10.100.0.22
next hop 10.2.255.7
#
explicit-path PE-07.01
next hop 10.100.0.2
next hop 10.100.0.6
next hop 10.100.0.10
next hop 10.100.0.14
next hop 10.100.0.22
next hop 10.2.255.7
#
explicit-path ROTA-01-DOWN
next hop 10.100.0.2
next hop 10.100.0.6
next hop 10.100.0.10
next hop 10.100.0.14
next hop 10.2.255.5
#
mpls ldp
graceful-restart
#
interface Vlanif10
description VSI-CE-CLIENTE
mtu 9000
mpls l2vc 10.2.255.5 100 tunnel-policy PE-05 raw
#
interface Vlanif20
description TESTE-CLIENTE-PE-07
mtu 9000
mpls l2vc 10.2.255.7 88 tunnel-policy PE-07
#
interface XGigabitEthernet0/0/1
undo portswitch
description CNX-PE02-ROTA.01
mtu 9000
ip address 10.100.0.1 255.255.255.252
ospf network-type p2p
ospf ldp-sync
mpls
mpls te
mpls rsvp-te
mpls ldp
#
interface XGigabitEthernet0/0/2
description TRUNK-ROUTER-BGP
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 828
#
interface XGigabitEthernet0/0/15
undo portswitch
description CNX-PE04-ROTA.02
mtu 9000
ip address 172.16.100.1 255.255.255.252
ospf network-type p2p
ospf ldp-sync
mpls
mpls te
mpls rsvp-te
mpls ldp
#
interface XGigabitEthernet0/0/24
undo portswitch
description CNX-PE07-ROTA.03
mtu 9000
ip address 172.16.100.9 255.255.255.252
ospf network-type p2p
mpls
mpls te
mpls rsvp-te
mpls ldp
#
interface LoopBack0
ip address 10.2.255.1 255.255.255.255
#
interface Tunnel100
description ROTA-01-DOWN
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 10.2.255.5
mpls te tunnel-id 100
mpls te path explicit-path ROTA-01-DOWN
mpls te igp shortcut ospf
mpls te igp metric absolute 1
mpls te commit
#
interface Tunnel200
description DOWN-PE-07-ROTA.02
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 10.2.255.7
mpls te tunnel-id 200
mpls te record-route
mpls te path explicit-path PE-07.01
mpls te path explicit-path PE--07 secondary
mpls te backup hot-standby mode revertive wtr 15
mpls te backup ordinary best-effort
mpls te igp shortcut ospf
mpls te igp metric absolute 1
mpls te reserved-for-binding
mpls te commit
#
ospf 1 router-id 10.2.255.1
import-route direct
import-route static
opaque-capability enable
graceful-restart
enable traffic-adjustment advertise
area 0.0.0.0
network 10.2.255.1 0.0.0.0
network 10.100.0.0 0.0.0.3
network 10.100.0.252 0.0.0.3
network 172.16.100.0 0.0.0.3
network 172.16.100.8 0.0.0.3
mpls-te enable
#
tunnel-policy PE-05
tunnel select-seq cr-lsp lsp load-balance-number 1
#
tunnel-policy PE-07
tunnel binding destination 10.2.255.7 te Tunnel200
#
return
  • x
  • convention:

I%20have%2020%20years%20working%20with%20telecom%20market.%20On%20all%20this%20time%20I%20worked%20always%20in%20great%20projects.%20The%20biggest%20was%20the%202014%20World%20Cup%20Command%20and%20Control%20Centre%2C%20where%20I%20was%20the%20Soluction%20Architect%20and%20Implementation%20Manager%20of%20Network%20and%20security%20Solution.%0AI%20work%20with%20Huawei%20s%20products%20to%20ISP%20Market%20since%202015%20and%20in%202017%20started%20to%20present%20trainnings%20customized%20to%20this%20market%2C%20focused%20in%20BGP%20and%20MPLS%20solution.%20I%20had%20more%20than%20400%20students%20and%20more%20than%20100%20ISP%20on%20my%20classes%20on%20last%2018%20mounths.
mitchell.peixer
mitchell.peixer Created Feb 17, 2020 14:47:02 Helpful(0) Helpful(0)

Hello friend


You can do it by using L2VC, without VSI


--- PE1:

tunnel-policy pe3vlan10

tunnel binding destination 1.1.4.9 te Tunnel1


XG 0/0/1 (lets clean the interface)

port link-type trunk

port trunk pvid vlan 1


XG 0/0/1.10 (yes, create a subinterface)

dot1q termination vid 10

mpls l2vc 1.1.4.9 10 tunnel-policy pe3vlan10


Tunnel1

mpls te path explicit-path pri-path

mpls te path explicit-path hotstandby-path secondary

mpls te backup hot-standby


--- PE3:

tunnel-policy pe1vlan10

tunnel binding destination 1.1.2.9 te Tunnel1


XG 0/0/1 (lets clean the interface)

port link-type trunk

port trunk pvid vlan 1

 

XG 0/0/1.10 (yes, create a subinterface)

dot1q termination vid 10

mpls l2vc 1.1.4.9 10 tunnel-policy pe3vlan10


Tunnel1

mpls te path explicit-path pri-path

mpls te path explicit-path hotstandby-path secondary

mpls te backup hot-standby


---


Using subinterface you can bind a vlan tag to tunnel-policy where you join the tunnel to a explict-path


No tunnel select is needed on the tunnel-policy since hotstandby already able you to use dual path configuration


You can use the following line to check the Tunnel stats:

display mpls te tunnel-interface Tunnel 1


And use the following tracerts to check the paths:

tracert lsp te Tunnel 1

tracert lsp te Tunnel 1 hot-standby


I hope that all the lines matchs, I particularly dont use eNSP I preffer the S6720 as Lab :)


  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

My Followers

Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login