Cart
In this post we look at a way to configure an MPLS VPN without using LDP. Instead we can use RSVP to exchange labels and build MPLS tunnels between each PE router. The key thing to remember here is that the tunnels must be fully meshed since they are each unidirectional.
The above topology shows physical connections and logical addressing. IS-IS is running in the P network and loopbacks have been advertised. A VPNv4 session is already established between PE1 and PE2.
The first thing we need to do is enable MPLS traffic engineering on each router in the provider cloud. Here is a look at PE1, configure the other routers similarly:
mpls traffic-eng tunnels ! interface Serial1/0 mpls traffic-eng tunnels ! router isis metric-style wide mpls traffic-eng router-id Loopback0 mpls traffic-eng level-1
Now we can build the following tunnel on PE1 to PE4. Remember to include the autoroute announce option so the tail end is learned through the tunnel.
interface Tunnel4 ip unnumbered Loopback0 tunnel destination 10.1.1.4 tunnel mode mpls traffic-eng tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng path-option 1 dynamic
Build a similar tunnel on PE2 pointing back to PE1. On PE1, let’s verify that LDP is not running and that we still have a label-stacked CEF entry for CE2′s loopback of 192.168.0.2.
PE1#sho mpls ldp ne
PE1#
PE1#sho ip cef vrf VPNA 192.168.0.2
192.168.0.2/32, version 15, epoch 0
0 packets, 0 bytes
tag information set
local tag: VPN-route-head
fast tag rewrite with Tu4, point2point, tags imposed: {20 22}
via 10.1.1.4, 0 dependencies, recursive
next hop 10.1.1.4, Tunnel4 via 10.1.1.4/32
valid adjacency
tag rewrite with Tu4, point2point, tags imposed: {20 22}
PE1#sho ip bgp vpnv4 vrf VPNA 192.168.0.2 | inc labels
mpls labels in/out nolabel/22
PE1#sho mpls traffic-eng tunn | inc Label
InLabel : -
OutLabel : Serial1/0, 20
Label 22 is the inner label learned from PE2 while label 20 is the label used to reach PE2 through the TE tunnel. Ping from CE1 to CE2:
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds: Packet sent with a source address of 192.168.0.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 140/181/228 ms CE1#
Excellent! It becomes a little trickier when the tunnels do not end at the PE, in a future post we will look at the consequences of such a scenario.
Regards, Bryan (Post by Bryan Bartik)
