RE: OT: how to filter out several VPNs from a MPLS backbone

From: Ravi Ramaswamy \(raramasw\) (raramasw@cisco.com)
Date: Sat Mar 25 2006 - 19:22:14 GMT-3

Assuming the picture is like this

PE1 --- P1 ---- P2 ------ PE2
| |
|--------------------------------|

And that PE1 and PE2 "backdoor" link is also in the global space, then
why not simply disable tag-switching on the backdoor link? It will
never be used for VPN traffic between PE1 and PE2.

Ravi Ramaswamy, Cisco Systems Inc.
Advanced Services Central Engg
(732) 261 3814

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Reinhold Fischer
Sent: Friday, March 24, 2006 4:26 PM
To: sheherezada@gmail.com
Cc: Cisco certification; comserv@groupstudy.com
Subject: Re: OT: how to filter out several VPNs from a MPLS backbone
backup path

On Fri, Mar 24, 2006 at 12:50:28PM +0200, sheherezada@gmail.com wrote:
> Hi all,
>
> I have four routers linked in a row, let's say A-B-C-D, and a lower
> bandwidth backup link between A and D. I have just added MPLS and set
> up several VPNs, but I don't want all VPNs to generate traffic on the
> backup link when it comes up. Any idea of how to do it?
>
> Thanks,
>
> Mihai
>

Hi Mihai,

here is a possible solution. I have put also the CCIE SP list on CC
since this is more a topic for there...

- create a second loopback interface on the pe-routers.

- add your second loopback interface into your igp so it is reachable

- filter your LDP so it is not assigning and distributing any labels
for this second loopback

- change the next-hop ip-address that bgp will advertise for the
  VPN that you do not want to have on the low-bandwidth backup link

  Example> Assuming Lo1 is the Loopback where you are not distributing
labels
  for:
!
 ip vrf TWO
 rd 2:1
 route-target export 2:1
 route-target import 2:1
 bgp next-hop Loopback1
!

- at this point this VPN will not work anymore, because you have no
  LSP to the new Loopbacks

- enable MPLS Traffic Engineering, use the new loopback ip as router-id
  for mpls traffic engineering

- build mpls-te tunnels between the new loopback addresses. Use an
  explicit path that excludes the ip addresses of the low-bandwidth
  backup link.

- at this point the VPN will work again. LSPs are provided through
  MPLS-TE. As soon as the main link between your PE routers goes
  down the MPLS-TE Tunnel will also go down because they are not
  allowed to signal a path through your low-bandwidth link.

hope the explanation is not too confusing.

regards

reinhold

This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:40 GMT-3