From: sheherezada@gmail.com
Date: Mon Mar 27 2006 - 06:42:42 GMT-3
Hi all,
Many thanks for your input. The original requirement was indeed to
allow certain VPNs on the backup link (but not all of them). BTW, all
routers were PE.
I'll go play around with the Reinhold's solution.
Thanks again,
Mihai
On 3/26/06, Ravi Ramaswamy (raramasw) <raramasw@cisco.com> wrote:
>
>
> Hi - I agree with you. I guess I was not reading the question
> correctly.
>
> It depends on the topology in the core. If the backup link became the
> best IGP path to the BGP NH PE, then clearly that link won't be used if
> tag-switching is enabled, but then VPN traffic won't flow at all. I
> guess the requirement is VPN traffic should flow, but not on the backup
> link.
>
> You could try and assign a higher IGP metric to the backup link, in
> which case VPN traffic will not flow across this backup link. However,
> if there a topology change in the core, you will end up with the same
> issue above.
>
> (In general, if some link in the IGP path from PE to PE has
> tag-switching disabled, then VPN traffic will be forwarded into the
> core, and be dropped at that P router).
>
> The TE approach to force the LSP to bypass the backup link is the best
> approach....
>
>
>
> -----Original Message-----
> From: Olopade Olorunloba [mailto:lolopade@ipnxnigeria.net]
> Sent: Saturday, March 25, 2006 6:57 PM
> To: Ravi Ramaswamy (raramasw); 'Reinhold Fischer'; sheherezada@gmail.com
> Cc: 'Cisco certification'; comserv@groupstudy.com
> Subject: RE: OT: how to filter out several VPNs from a MPLS backbone
> backup path
>
> Disabling MPLS on the link between the 2 PEs will not stop them from
> trying
> to use the link. The path the MPLS VPN traffic takes is determined by
> the
> path the IGP has for the BGP next-hop of that MPLS VPN. If the IGP,
> therefore thinks the BGP next-hop should be reached across the backdoor
> link
> (on which you have disabled MPLS). It will try and send the traffic
> across
> the link, but will not be successful.
>
> I will rather go with the other suggestion of using MPLS TE tunnels. The
> important thing to note is that the path the MPLS VPN traffic takes is
> the
> path you to reach the BGP next-hop. And MPLS TE, are your best tools to
> use
> to determine which path a traffic should take.
>
> Regards.
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Ravi
> Ramaswamy (raramasw)
> Sent: 25 March 2006 23:22
> To: Reinhold Fischer; sheherezada@gmail.com
> Cc: Cisco certification; comserv@groupstudy.com
> Subject: RE: OT: how to filter out several VPNs from a MPLS backbone
> backup
> path
>
> Assuming the picture is like this
>
> PE1 --- P1 ---- P2 ------ PE2
> | |
> |--------------------------------|
>
> And that PE1 and PE2 "backdoor" link is also in the global space, then
> why not simply disable tag-switching on the backdoor link? It will
> never be used for VPN traffic between PE1 and PE2.
>
> Ravi Ramaswamy, Cisco Systems Inc.
> Advanced Services Central Engg
> (732) 261 3814
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Reinhold Fischer
> Sent: Friday, March 24, 2006 4:26 PM
> To: sheherezada@gmail.com
> Cc: Cisco certification; comserv@groupstudy.com
> Subject: Re: OT: how to filter out several VPNs from a MPLS backbone
> backup path
>
> On Fri, Mar 24, 2006 at 12:50:28PM +0200, sheherezada@gmail.com wrote:
> > Hi all,
> >
> > I have four routers linked in a row, let's say A-B-C-D, and a lower
> > bandwidth backup link between A and D. I have just added MPLS and set
> > up several VPNs, but I don't want all VPNs to generate traffic on the
> > backup link when it comes up. Any idea of how to do it?
> >
> > Thanks,
> >
> > Mihai
> >
>
> Hi Mihai,
>
> here is a possible solution. I have put also the CCIE SP list on CC
> since this is more a topic for there...
>
> - create a second loopback interface on the pe-routers.
>
> - add your second loopback interface into your igp so it is reachable
>
> - filter your LDP so it is not assigning and distributing any labels
> for this second loopback
>
> - change the next-hop ip-address that bgp will advertise for the
> VPN that you do not want to have on the low-bandwidth backup link
>
> Example> Assuming Lo1 is the Loopback where you are not distributing
> labels
> for:
> !
> ip vrf TWO
> rd 2:1
> route-target export 2:1
> route-target import 2:1
> bgp next-hop Loopback1
> !
>
> - at this point this VPN will not work anymore, because you have no
> LSP to the new Loopbacks
>
> - enable MPLS Traffic Engineering, use the new loopback ip as router-id
> for mpls traffic engineering
>
> - build mpls-te tunnels between the new loopback addresses. Use an
> explicit path that excludes the ip addresses of the low-bandwidth
> backup link.
>
> - at this point the VPN will work again. LSPs are provided through
> MPLS-TE. As soon as the main link between your PE routers goes
> down the MPLS-TE Tunnel will also go down because they are not
> allowed to signal a path through your low-bandwidth link.
>
> hope the explanation is not too confusing.
>
> regards
>
> reinhold
>
> _____________________________________________________________________
> Subscription information: http://www.groupstudy.com/list/comserv.html
>
> _____________________________________________________________________
> Subscription information: http://www.groupstudy.com/list/comserv.html
This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:40 GMT-3