04-01-2012 01:07 PM
Hello...
I am trying to push traffic onto an LSP thats mutiple paths created as below.
interface Tunnel3080
ip unnumbered Loopback0
tunnel destination 10.253.253.136
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 11 explicit name CTel-C32-CGx-CSnf-Cwil
tunnel mpls traffic-eng path-option 12 explicit name CTel-CGlb-C1275-CMar-CWil
tunnel mpls traffic-eng path-option protect 11 explicit name CTel-CGlb-C1275-CMar-CWil
ip explicit-path name CTel-CGlb-C1275-CMar-CWil enable
next-address 10.254.0.241
next-address 10.254.0.242
next-address 10.254.0.2
next-address 10.254.1.82
next-address 10.254.13.1
ip explicit-path name CTel-C32-CGx-CSnf-Cwil enable
next-address 10.254.0.242
next-address 10.254.0.241
next-address 10.254.0.2
next-address 10.254.1.82
next-address 10.254.13.1
Traffic is coming in from an interface vlan 503; and is going to lets say 10.11.1.2.
I've an ACL as below to catch the traffic into an ACL.
ip access-list extended TOS9TrafficTo10-11-1
10 permit ip 10.32.21.2 10.11.1.2 tos 9
I tried with below to direct the traffic onto an above tunnel LSP.
route-map BO_LA permit 10
match ip address TOS9TrafficTo10-11-1
set interface Tunnel3080
and then applied the map to the interface as below...
interface vlan 503
ip policy route-map BO_LA
Its not working.. and need some assistance.. I know route maps are not the solution here as they're used for routes and not the actual traffic, I believe. Is there any other solution.
-Tarkesh
04-01-2012 01:21 PM
Tarkesh,
This should actually work because a route-map can also be used for policy-based routing and not just for routing information manipulation. I am in fact surprised that your configuration has no effect. The first thing coming to my mind here: is the interface Vlan503 the incoming interface for this traffic you want to send via specific MPLS TE tunnels? Is the traffic actually routed, i.e. passing through the Vlan503, or is it simply switched within VLAN 503?
Also, how do you know your configuration has no effect?
There is an option of class-based tunnel selection for ingress traffic, however, that feature is supported only on selected platforms. You can read (much) more here:
http://www.cisco.com/en/US/docs/ios/mpls/configuration/guide/mp_te_tun_select.html
04-01-2012 02:17 PM
VLAN503 is the interface from which traffic is coming in, and I want that traffic to ride over the Tunnel. VLAN 503 is the SVI interface with an IP address /30, so its actually routed. The router with the other end of that /30 is actually has a static route that forces the traffic to this router.
I noticed that the tunnel is not increasing any packets when I do show inter tunnel 3080 or show inter traff eng tunnels tunnel 3080 accounting.
also when I do show route-map, the packets are not matched...for some reason..
For now, I have a static route for that destination pointing to the tunnel; however its directing all the traffic and not only ToS9 traffic. Lets say if I want to direct ToS11 traffic to some other tunnel, I can't do that righ tnow.
??? I'll look into that class-based tunnel selection.
04-01-2012 03:04 PM
Hi Tarkesh,
Just a quick test: if you removed the tos 9 from your ACL and left it in this form:
ip access-list extended TOS9TrafficTo10-11-1
10 permit ip host 10.32.21.2 host 10.11.1.2
would the traffic start flowing via the MPLS TE tunnel? Of course, such ACL would apply to all traffic from 10.32.21.2 to 10.11.1.2. The point of my test is to verify whether the policy-based routing is working at all.
Best regards,
Peter
04-03-2012 02:04 PM
I tried with no ToS.. and i think it works.. the ping doesn't work but when I do traceroutes the route-map shows the matches, and traceroute goes using the path I have in the tunnel.
So.. without ToS it works, but there is no point.. as I wanted to send two flows with same source address and same destination with two different ToS bits inserted so that they can be diverse using the Tunnels (LSPs). I'll try doing it with the DSCP values.
Any other Idea? Thanks in advance.
04-04-2012 05:16 AM
Hi Tarkesh,
I was just about to suggest using DSCP. Please give it a try and let me know.
Best regards,
Peter
04-09-2012 07:08 AM
HI Tarkesh,
Just curious. how did you go with using dscp? Any luck?
Regards, Kishore
05-09-2012 01:14 PM
Sorry guys.. I didn't get a chance to test this as they pulled the routers off the lab. I can't do it in the production network.
Let me know if anyone of you happened to do so. I"ll try to to test it when I get a chance or get my lab router back.
-TK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide