EoMPLS inside VRF possible?

paulanfoo · ‎02-03-2012

I'm trying to only mpls what I need to mpls and nothing else.

Here's the idea:

interface te1/1

ip address x.x

mtu 9000

...etc..

interface te1/1.50

encap dot1q 50

ip address x.x.x.x

mpls ip

vrf forwarding VRF2

..etc..

Mpls only running on te1/1.50 and not te1/1

Te1/1.50 is in a VRF instance, running ldp inside of it which reduces the labels that the router assigns (because apparently there's no way to make mpls and ldp ONLY assign labels to what you want to run mpls with, unless there's some command to get rid of it from assigning labels to everything in the IGP)

Anyways, I DO NOT want to run mpls on te1/1, or on the main routing instance on the router at all. I want it and the labels to stay inside a VRF so that only mpls traffic goes over te1/1.50 and absolutely no mpls traffic on te1/1 main interface.

I want to use l2circuits (xconnect) inside of this.

Using a Sup720, Is this possible?

The reason for this is that when I enable MPLS on te1/1 , it encapsulates (routes that are sourced from routers behind the directly connected) and doesn't encapsulate routes sourced from the neighbor, even if I have no xconnects or anything set it seems to push labels onto things going to certain destinations in the IGP (with the label it assigned for that IP next hop).

If there was a way to change that default behaviour where it doesn't encapsulate IP packets at all, unless I specifically run a xconnect, that would work.

Very basic configuration, but it's driving me crazy, it's a mixture of juniper and cisco equipment. I was thinking of running another ospf area on the ciscos and using another loopback and setting ldp to peer with that , but you can't have multiple loopbacks on junipers in the same routing instance.

Kishore Chennupati · ‎02-04-2012

Hi Paul,

interface te1/1

ip address x.x

mtu 9000

...etc..

interface te1/1.50

encap dot1q 50

ip address x.x.x.x

mpls ip

vrf forwarding VRF2

..etc..

you cannot assign an ip address to the main interface and then assign sub-interfaces and ip addresses to them.

Te1/1.50 is in a VRF instance, running ldp inside of it which reduces the labels that the router assigns (because apparently there's no way to make mpls and ldp ONLY assign labels to what you want to run mpls with, unless there's some command to get rid of it from assigning labels to everything in the IGP)

you can definetly limit the label allocation and also advertising them using the MPLS conditional adveritsement. see below link for more info

http://www.packetpundit.com/blog/wordpress/2011/06/22/mpls-ldp-conditional-label-advertisement/

I want to use l2circuits (xconnect) inside of this.

Using a Sup720, Is this possible?

If you want to run L2 ckts you need L2 interfaces or L2 vlans.

Why dont you put your network diagram or something so that we can better understand what you are trying to achieve here

HTH

Kishore

paulanfoo · ‎02-04-2012

Let me rephrase what I want to do.

I want to have the main interface pass IP traffic ONLY. (te1/1)

and I want the subinterface to pass MPLS traffic ONLY. LDP will run on

the subinterface.

I've already tested this, and it works with l2 circuits, the problem is

that without a VRF, the IGP will either

route the loopback over te1/1 or te1/1.50 which means ALL traffic to

that router can only go over one of these

links at a time. I want to simulate having two independent links to

another router, one for mpls, one for non mpls.

My testing indicated that routing all traffic through te1/1 works with

l2circuit to the junipers.

Routing ALL traffic through te1/1.50 (IGP cost being lower) works.

What I can't do is get it to send MPLS traffic only over .50 even if

mpls/ldp is only enabled on .50 it doesn't seem

to have any sense that it needs to use that path for the MPLS because

the loopback of the adjacent router in the IGP

has the best path out te1/1 and not te1/1.50. LDP obviously doesn't

know that an interface is or isn't mpls able.

If I had a cisco environment only, what I'd do is create another ospf

area, only put the .50 interfaces in that ospf area

create a loopback1 , use that as the router id for the other area..

Basically have another set of loopbacks and another

instance of OSPF just for the MPLS. But I cannot do this due to Juniper

not supporting this type of configuration.

So I want to create a VRF , and run an instance of ospf/ldp inside of

it, and create l2 circuits but it doesn't seem to be

working because mpls seems to be based on 'global' and not per vrf

configuration for l2 circuit xconnect.

I could be wrong but in my testing I couldn't get it to work. Could be

the juniper end also. Getting Juniper to operate with Cisco is

a pain in certain circumstances like this.

I know about the conditional label advertisement to neighbors. I simply

do not want the device to even assign labels unless I tell

it to. I don't want to have to build an access list for everything I

want to advertise to a neighbor, instead I want to build a list

of what labels it will create and send and use. Right now it creates a

label for every single adjacency in CEF and also looks like

every /32 in the IGP if I am not mistaken.

Paul

Vaibhava Varma · ‎02-04-2012

Hi Paul

Why don't you run MPLS-TE with explicit path between new set of loopbacks for MPLS between the two rourters using TE1/1.50 as explicit path and it willprovide you an MPLS Switched Path of your desire.

Regards

Varma

Kishore Chennupati · ‎02-05-2012

Hi Paul,

Pardon my questions and allow me to understand you. I will also question and answer at the same time. Correct me wherever I am wrong.

1. So, do you want to use VRF or not?.

you can but then your xconnect cannot be binded with the VRF as you rightly mentioned on cisco IOS. atleast this is what i saw.Apparently, junipers and ALU can do it.

2. Is your only concern that you want to have a MPLS switched path on .50 sub-int? without using vrf?

you could do this as varma mentioned create a TE and use explicit path via the .50 sub-int

3.Do you intend to switch your L2 traffic across the MPLS path or via the IP path?

If MPLS path then you can use "preferred-path interface " under the PW class and use the TE Tunnel as the preffered interface in this way all your L2ckt traffic will use this TE tunnel interface which in turn uses the .50 interface to transit out.

Would I be right in my understanding?

HTH

Kishore

paulanfoo · ‎02-05-2012

I don't have to use VRF, but the goal is to make this work in a network

of routers, so it will have dynamic routing. If i set a preffered path

to .50

and then .50 goes down, it needs another mpls capable path to take to

reroute. Would in this case be advisable to use tunnels? I'm not exactly

sure how to set that up.

The network will have an IP path, and a separate MPLS path (since not

all routers will support MPLS, i need to make a vrf, or tunnels to

insure that

it doesn't try and send traffic through the non enabled mpls path)

Kishore Chennupati · ‎02-06-2012

Hi Paul,

Even if you use the VRF and the interface and .50 goes down . you would still need redundancy.

MPLS offers a concept called FRR( fast re route). which means you can have primay and back up tunnel and failover under 50ms.

Anyway, in your case you want to have .50 as MPLS path and the explicit path is the way to go.

HTH

Kishore

paulanfoo · ‎02-06-2012

Is there a way to specify it as the best path as 'default' without

creating tunnels or making anything more complex?

And what if I have two mpls paths out of this router , can I specify

multiple preferred paths?

I haven't been working with MPLS very long, but it definitely has some

great use.

Would you suggest using a tunnel instead of doing the xconnect direct to

the router? I'm not entirely sure how the tunnel works (it's a logical

xconnect

unidirectional from one router to another?). The tunnel would still

require a mpls path, or is it encapsulated in something like GRE that

can go over

the IP network?

Thanks for your help

Vaibhava Varma · ‎02-04-2012

Hey Kishore

"you cannot assign an ip address to the main interface and then assign sub-interfaces and ip addresses to them"

This is very much possible in Cisco IOS.I have done it several times myself for customer requirements.

Regards

Varma

Kishore Chennupati · ‎02-05-2012

Hi Varma, sorry dont know what was on my mind when i was typing that reply. However, i admit that i havent really used it in any scenario. where i use both the ip address on the main and the sub int as well. well i know a simple implementaiton could be a router on a stick thing..but can you PM where you have used it

Rgs, Kishore

paulanfoo · ‎02-06-2012

Replying to my own post to explain some more why I was thinking to use a VRF.

When you run LDP on an interface, it simply exchanges labels with the other routers running LDP, regardless of what interfaces they connect with.

So for example, we have

Router A,B,C,D

All routers connect to one another A-B A-C A-D B-C B-D C-D. If one of these routers doesn't support MPLS, and the IGP happens to choose that router as a best path to the loopback of our destination mpls router, it breaks mpls.

MPLS/LDP don't keep track of what interface. LDP sends a label to the loopback like 1.1.1.1, and the IGP determines the best path to 1.1.1.1. Imagine this with 50 routers instead of 4.

Without using tunnels, or forcing the MPLS path, I'd like to create a VRF that has an IGP that only runs on the interfaces that support MPLS. This would greatly simplify the config. I'm not that fond of tunnels.

It just doesn't seem to work with l2 xconnects inside VRF. Our hardware is all Juniper MX based and SUP720 based.