MPLS Te Cisco

Deploying MPLS Traffic
Engineering
Rodrigo Linhares
rlinhare@cisco.com
Consulting Systems Engineering

Latin America Core Technologies Group
© 2001, Cisco Systems, Inc. All rights reserved. 1
What It Is, How It Works, and
How to Use It

Agenda
• How MPLS-TE Works

• Basic Configuration
• Knobs! Knobs! Knobs!
• Deploying and Designing

How MPLS-TE Works
• How MPLS-TE works

What good is MPLS-TE?
Information distribution
Path calculation
Path setup
Forwarding traffic down a tunnel

What Good Is MPLS-TE?
• There are three kinds of networks

1. Those that have plenty of bandwidth
everywhere
2. Those with congestion in some places, but
not in others
3. Those with constant congestion everywhere
• The first kind always evolves into the
second kind!

• MPLS-TE introduces a 4th kind:

1. Those that have plenty of bandwidth everywhere
2. Those with congestion in some places, but not in
others
3. Those with constant congestion everywhere
4. Those that use all of their bandwidth to its maximum
efficiency, regardless of shortest-path routing!
• MPLS-TE can help turn #2 into #4
If you have #1, you probably don’t need MPLS-TE—yet
If you have #3, you’re stuck—you either need more
bandwidth (or less traffic)

What Is MPLS-TE? What Is It Not?
• Multi protocol • Magic problem

label switching— solving labor
traffic engineering substitute which is
totally effortless
This Stuff Takes Work, but It’s Worth It!!!

Information Distribution
• You need a link-state protocol as your IGP

IS-IS or OSPF
• Link-state requirement is only for
MPLS-TE!
Not a requirement for VPNs, etc!

Need for a Link-State Protocol
• Why do I need a link-state protocol?

To make sure info gets flooded
To build a picture of the entire network

The Problem with Shortest-Path
• Some links are DS3, some
are OC-3
Node Next-Hop Cost
B B 10
• Router A has 40Mb of traffic for
C C 10 Route F, 40Mb of traffic for
D C 20 Router G
E B 20
F
G
B
B
30
30
• Massive (44%) packet loss at
Router B->Router E!
• Changing to A->C->D->E
Router B won’t help
Router F
OC-3 OC-3
Router A Router E
DS3 Router G
OC-3
OC-3 DS3
DS3
Router C Router D
What MPLS-TE Address
• Router A sees all links

Node Next-Hop Cost
B B 10 • Router A computes paths
C C 10
D C 20 on properties other than
E
F
B
Tunnel 0
20
30
just shortest cost
G Tunnel 1 30
• No link oversubscribed!
Router B
Router F
OC-3 OC-3
Router A Router E
DS3 Router G
OC-3
OC-3 DS3
DS3
Router C Router D
How MPLS-TE Works

Path calculation
Path setup

• IS-IS
Uses Type 22 TLVs
See draft-ietf-isis-traffic
• OSPF
Uses type 10 (opaque area—local) LSAs
See draft-katz-yeung-ospf-traffic

• IS-IS and OSPF propagate the same

information!
Link identification
TE metric
Bandwidth information (physical, reserveable,
available)
Attribute flags

• TE flooding is local to a single {area|level}

• Inter-{area|level} TE harder, but possible
(think PNNI)

How MPLS-TE Works

Path calculation
Path setup

Path Calculation
• Modified Dijkstra at tunnel head-end

• Often referred to as CSPF
Constrained SPF
• …or PCALC (path calculation)

Path Calculation
• PCALC takes bandwidth,
Node Next-Hop Cost other constraints
B
C
B
C
10
10
into account
D C 20
E B 20 • Paths calculated, resources
F Tunnel 0 30
G Tunnel 1 30 reserved if necessary
• End result: Bandwidth used
Router B more efficiently!
Router F
OC-3 OC-3
Router A Router E
DS3 Router G
OC-3
OC-3 DS3
DS3
Router C Router D
Path Calculation
• What if there’s more than one path that meets the

minimum requirements (bandwidth, etc.)?
• PCALC algorithm:
Find all paths with the lowest IGP cost
Then pick the path with the highest minimum available
bandwidth along the path
Then pick the path with the lowest hop count (not IGP
cost, but hop count)
Then just pick one path at random

How MPLS-TE Works

Path calculation
Path setup

Path Setup
• Cisco MPLS-TE uses RSVP

• RFC2205, plus
draft-ietf-mpls-rsvp-lsp-tunnel (RSVP-TE)
• Once the path is calculated, it is handed
to RSVP
• RSVP uses PATH and RESV messages to
request an LSP along the calculated path

Path Setup
• PATH message: “Can I have 40Mb along this path?”

• RESV message: “Yes, and here’s the label to use”
• LFIB is set up along each hop
= PATH messages
= RESV messages
Router B
Router F
Router A Router E
Router G
Router C Router D
How MPLS-TE Works

Path calculation
Path setup

Forwarding Traffic Down a Tunnel
• There are three ways traffic can be

forwarded down a TE tunnel
Auto-route
Static routes
Policy routing
• With the first two, MPLS-TE gets you
unequal cost load balancing

Auto-Route
• Auto-route = “Use the tunnel as a

directly connected link for SPF
purposes”
• This is not the CSPF (for path
determination), but the regular IGP
SPF (route determination)

Auto-Route
This Is the Physical Topology
Router B
Router F
Router H
Router A Router E
Router G
Router C Router D Router I

Auto-Route
• This is Router A’s logical topology

• By default, other routers don’t see
the tunnel!
Router B
Router F
Router H
Router A Router E
Tunnel1 Router G

Auto-Route
• Router A’s routing

Node Next-Hop Cost table, built via
B B 10
C C 10 auto-route
D C 20
E B 20
F B 30 • Everything “behind”
G Tunnel 1 30
H
I
Tunnel 1 40
40
the tunnel is routed
Tunnel 1
via the tunnel
Router B
Router F
Router H
Router A Router E
Tunnel1 Router G

Unequal Cost Load Balancing
• IP routing has equal-cost load balancing,

but not unequal cost*
• MPLS-TE does unequal cost load
balancing, using 16 hash buckets for next-
hop, shared in rough proportion to
configured tunnel bandwidth or load-share
value
*EIGRP Has ‘Variance’, but That’s Not As Flexible

Unequal Cost: Example
Router F
Router A 40MB Router E
Router G
20MB
gsr1#show ip route 192.168.1.8

Routing entry for 192.168.1.8/32
Known via "isis", distance 115, metric 83, type level-2
Redistributing via isis
Last update from 192.168.1.8 on Tunnel0, 00:00:21 ago
Routing Descriptor Blocks:
* 192.168.1.8, from 192.168.1.8, via Tunnel0
Route metric is 83, traffic share count is 2
192.168.1.8, from 192.168.1.8, via Tunnel1
Route metric is 83, traffic share count is 1

Unequal Cost: Example
Router F
Router G
20MB
gsr1#sh ip cef 192.168.1.8 internal

………
Load distribution: 0 1 0 1 0 1 0 1 0 1 0 0 0 0 0 0 (refcount 1)
Hash OK Interface Address Packets Tags imposed
1 Y Tunnel0 point2point 0 {23}
………
Note That the Load Distribution

Is 11:5—Very Close to 2:1, but Not Quite!

Static Routing
RtrA(config)#ip route H.H.H.H

255.255.255.255 Tunnel1
Router B
Router F
Router H
Router A Router E
Router G

Static Routing
• Router H is known via

Node Next-Hop Cost the tunnel
B B 10
C C 10
D C 20 • Router G is not routed
E B 20
F B 30 to over the tunnel, even
G B 30
H
I
Tunnel 1 40
40
though it’s the
B
tunnel tail!
Router B
Router F
Router H
Router A Router E
Router G
Tunnel1

Static Routing
Router F
Router G
20MB
gsr1(config)#ip route 1.2.3.4 255.255.255.255 192.168.1.11

gsr1#sh ip cef 1.2.3.4
………
Load distribution: 0 1 0 1 0 1 0 1 0 1 0 0 0 0 0 0 (refcount 1)
Hash OK Interface Address Packets Tags imposed
………
Static Routes Inherit Unequal Cost Load-Sharing

When Recursing through a Tunnel

Policy Routing
RtrA(config-if)#ip policy route-map set-tunnel

RtrA(config)#route-map set-tunnel
RtrA(config-route-map)#match ip address 101
RtrA(config-route-map)#set interface Tunnel1
Router B
Router F
Router H
Router A Router E
Router G
Tunnel1

Policy Routing
Node Next-Hop Cost • Routing table isn’t affected

B B 10
C C 10 by policy routing
D C 20
E
F
B
B
20
30
• Need (12.0(16)ST or 12.2T)
G B 30 or higher for ‘set interface
H
I
B
B
40
40 tunnel’ to work
Router B
Router F
Router H
Router A Router E
Router G
Tunnel1

Forwarding Traffic down a Tunnel
• You can use any combination of auto-

route, static routes, or PBR
• …But simple is better unless you have a
good reason
• Recommendation: Either auto-route or
statics to BGP next-hops, depending on
your needs

Agenda
• Prerequisites

Basic Midpoint/Tail Configuration
(globally)
ip cef {distributed}
mpls traffic-eng tunnels
(per interface)
mpls traffic-eng tunnels

(if IGP = OSPF)

router ospf <x>
mpls traffic-eng router-id
Loopback0
mpls traffic-eng area <y>

(if IGP = IS-IS)

router isis <x>
mpls traffic-eng router-id
Loopback0
mpls traffic-eng level-{1,2}
metric-style wide

Basic Head-End Configuration
• Head-end needs the 4–5 ‘mid/tail’

lines
• But wait—there’s more!

• Create the tunnel interface

interface Tunnel0
ip unnumbered Loopback0
tunnel mode mpls traffic-eng
tunnel source Loopback0
tunnel destination <tunnel endpoint>
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 10 dynamic

• Total configuration:
1 line globally
1 line per interface
2 lines if OSPF
3 lines if IS-IS
+ 7 lines per tunnel at head-end
Not really much to the basic configuration

Agenda
• Prerequisites

Knobs! Knobs! Knobs!
• Influencing the path selection

• Auto-bandwidth
• Fast reroute
• DiffServ-Aware Traffic Engineering


Bandwidth
Priority
Administrative weight
Attributes and affinity

Bandwidth
ip rsvp bandwidth <x>
• Per-interface command
• X = amount of reservable BW, in K
• Default: X=75% of link bandwidth

Bandwidth
tunnel mpls traffic-eng

bandwidth <Kb>
• Per-tunnel command
• Tunnel default: 0 Kb

Priority
tunnel mpls traffic-eng <S> {H}
• Configured on tunnel interface

• S = setup priority (0–7)
• H = holding priority (0–7)
• Lower number is more important, or better

Administrative Weight
mpls traffic-eng administrative-

weight <X>
• X = 0–4,294,967,295
• Gives a metric that be considered for use instead
of the IGP metric
• This can be used as a per-tunnel
delay-sensitive metric for doing VoIP TE

Delay-Sensitive Metric with
Administrative Weight
tunnel mpls traffic-eng path-

selection metric {te|igp}
• Configure admin weight = interface delay

• Configure VoIP tunnels to use TE metric to
calculate the path cost (see the PCALC
algorithm earlier in these slides)

Attributes and Affinity
mpls traffic-eng attribute-

flags <0x0-0xFFFFFFFF>

tunnel mpls traffic-eng affinity

<0x0-0xFFFFFFFF> {mask <0x0-
0xFFFFFFFF>}
• Mask is a collection of do-care bits
• ‘affinity 0x2 mask 0xA’means ‘I care
about bits 1 and 3 (with the values 2 and
8); bit 1 must be set, bit 3 must be 0’

• Q: How should I use link attributes?

• A: To exclude some links from
consideration by some tunnels
• …So give a satellite link an attribute of
0x2, and any VoIP tunnels can be
configured with ‘affinity 0x0
mask 0x2’


• Auto-bandwidth
• Fast reroute

Auto-Bandwidth
tunnel mpls traffic-eng auto-bw ?
collect-bw Just collect Bandwidth info on this tunnel
frequency Frequency to change tunnel BW
max-bw Set the Maximum Bandwidth for auto-bw on this tunnel
min-bw Set the Minimum Bandwidth for auto-bw on this tunnel
<cr>
• Periodically changes tunnel BW reservation
based on traffic out tunnel
• Timers are tunable to make auto-bandwidth more
or less sensitive


• Auto-bandwidth
• Fast reroute

Fast Reroute
• In an IP network, a link failure causes several

seconds of outage
Thing Dependency Time

Media- and
Link Failure Detection Platform-specific ~μsecs (POS + APS)
IGP Timers, Network

Information
Size, Collective ~5–30 sec
Propagation
Router Load
Route Recalculation LSDB Size, CPU Load ~1–3 sec

Fast Reroute
• In an MPLS network, there’s more work to be

done, so a (slightly) longer outage happens

Media- and
Link Failure Detection Platform-specific ~Usecs (POS + APS)
IGP Timers, Network

Information
Size, Collective ~5–30 sec
Propagation
Router Load
Route Recalculation LSDB Size, CPU Load ~1–3 sec
Network Size,
New LSP Setup ~5–10 sec
CPU Load

Three Kinds of Fast Reroute
• Link protection
• Node protection
• Path protection

Link Protection
• TE Tunnel A -> B -> D -> E
Router A Router B Router D Router E
Router C

Link Protection
• B has a pre-provisioned backup tunnel to the other

end of the protected link (Router D)
• B relies on the fact that D is using global label space
Router C

Link Protection
• B -> D link fails, A -> E tunnel is encapsulated in

B -> D tunnel
• Backup tunnel is used until A can re-compute tunnel
path as A -> B -> C -> D -> E (10–30 seconds or so)
Router C

Link Protection
• On tunnel head-end:
tunnel mpls traffic-eng fast-reroute
• On protected link:
mpls traffic-eng backup-path <backup-tunnel>
Node Protection
• Solution: protect tunnel to the hop past the

protected link
Router A Router B Router D Router E Router F

Path Protection
• Path protection: Multiple tunnels from TE head

to tail, across diverse paths
Router A Router B Router D Router E Router F

Path vs. Local Protection
Local (Link/Node) Protection

Media- and
Link Failure Detection ~Usecs (POS + APS)
Platform-specific
Local Switch-over to RP->
~Few msec or less
Protect Tunnel Communication Time
Path Protection
Media- and
Link Failure Detection ~Usecs (POS + APS)
Platform-specific
IGP Timers, Network
Information
Size, Collective ~5–30+ sec
Propagation
Router Load
Head-end Switch-over Network Size, ~Msec
to Protect LSP CPU Load


• Auto-bandwidth
• Fast reroute

DiffServ-Aware Traffic Engineering
• MPLS can advertise and reserve

bandwidth on a link
• Works great, but what if you send a mix of
LLQ (EF) and BE traffic down a TE tunnel?
• Need some way to differentiate and
reserve LLQ (EF) bandwidth on a link

Router A
Router E
Router C
Router G
Router B Router D Router F
• 100MB reservable on C<->E, with a 30MB LLQ/EF (QoS Config)

• 2 tunnels across C<->E link
• 40MB each tunnel
• What happen as when both tunnels send 20MB of VoIP traffic?

30MB LLQ - 40MB EF traffic = 10MB not LLQ’d!
Router A
Router E
Router C
Router G
Router B Router D Router F
• Problem: Only one pool on an interface, no way

to differentiate what types of traffic are carried!
• Solution: Advertise more than one pool!

ip rsvp bandwidth <x> sub-pool <y>

• ‘this link has available bandwidth of X, Y of
which is in a sub-pool’
• Not quite two pools, really—no sense in
withholding bandwidth from global availability if
it’s not in use
• …Which means sub-pool tunnels need to have a
better priority than non-sub-pool tunnels

tunnel mpls traffic-eng bandwidth

<x> sub-pool
• ‘This tunnel wants to reserve X Kbps from
a sub-pool’
• Sub-pool bandwidth is looked at instead
of global pool bandwidth
• If sub-pool bandwidth is not available,
tunnel won’t come up

Agenda
• Prerequisites

Deploying and Designing
• Deployment methodologies
• Scalability
• Management
• Security

Deployment Methodologies
• Two ways to deploy MPLS-TE

As needed to clear up congestion
Full mesh between a set of routers
• Both methods are valid, both have their
pros and cons

As Needed
Case Study: A Large US ISP
Router A
Router B Router C
• All links are OC12
• A has consistent 700MB to
send to C
• ~100MB constantly dropped!
Router D Router E

As Needed
• Solution: Multiple tunnels, unequal cost

load sharing!
Router A
Router B Router C
• Tunnels with bandwidth in 3:1
(12:4) ratio
• 25% of traffic sent the long way
• 75% sent the short way
• No out-of-order packet issues—
CEF’s normal per-flow hashing
is used!
Router D Router E

As Needed
• From Router A’s perspective,

topology is:
Router A
Router B Router C
Router D Router E

As Needed
• As needed—Easy, quick, but hard to track

over time
• Easy to forget why a tunnel is in place
• Inter-node BW requirements may change,
tunnels may be working around issues
that no longer exist

Full Mesh
• Put a full mesh of TE tunnels

between routers
• Initially deploy tunnels with 0 bandwidth
(some folks deploy full mesh just to get
router-to-router (pop-to-pop) traffic matrix)
• Watch tunnel interface statistics, see how much
bandwidth you are using between router pairs
Tunnels are interfaces—use IF-MIB!
Make sure that tunnel <= network BW

Full Mesh
• Physical topology is:

Router A
Router B Router C
Router D Router E

Full Mesh
• Logical topology is*
*Each link is actually 2 unidirectional tunnels
• Total of 20 tunnels in this network
Router A
Router B Router C
Router D Router E

Full Mesh
• Things to remember with full mesh

N routers, N*(N-1) tunnels
Routing protocols not run over TE tunnels—
unlike an ATM/FR full mesh!
Tunnels are unidirectional—this is a
good thing
…Can have different bandwidth reservations
in two different directions

• Scalability
• Management
• Security

Scalability
How Many Tunnels on a Router?
Number Number Number

Code of Head-End of Mid-Points of Tail-End
Tunnels Tunnels
12.0ST 600 10,000 5,000
• Tests were done on a GSR

• RSP4, RSP8, VXR300, VXR400 will be similar

Scalability
http://www.cisco.com/univercd/cc/td/doc/p
roduct/software/ios120/120newft/120limit/1
20st/120st14/scalable.htm
• Or just search CCO for “Scalability
Enhancements for MPLS Traffic
Engineering”

• Scalability
• Management
• Security

Traffic Engineering MIBs
• Interfaces MIB
• MPLS-TE-MIB
• CISCO-TE-MIB
• MPLS-DS-TE-MIB

TunnelVision
• Need a tool to help manage TE LSPs?

• TunnelVision (server and client
component, will run on Solaris and
Windows 2000)
• Not a network modeling tool!
Use WANDL, Orchestream, MakeSys, Opnet,
and others

TunnelVision
• Cisco is also working with an external

partner to add protection path calculation
• The partner has world-class algorithm
development experience
• TunnelVision will feed topology to this
tool, tool will calculate backup paths

• Scalability
• Management
• Security

Security
• MPLS-TE is not enabled on externally facing

interfaces
• Biggest security risk is spoofed RSVP
Hacker would have to know a lot about your topography to
do anything
RSVP authentication exists (rfc2747), not yet implemented,
on the radar
• If you’re concerned about spoofed RSVP, then add

RSVP to the ACLs you probably already use to stop
spoofed BGP, OSPF, etc.
• uRPF also helps here

Conclusion
Basically, TE helps you to optimize

your network resources utilization,
provide a better quality of service
and enhance the network and
services availability.

Obrigado!

MPLS Te Cisco

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

MPLS Te Cisco

Diunggah oleh

Hak Cipta:

Format Tersedia

Deploying MPLS Traffic

Consulting Systems Engineering

© 2001, Cisco Systems, Inc. All rights reserved. 2

• How MPLS-TE Works

© 2001, Cisco Systems, Inc. All rights reserved. 3

• How MPLS-TE works

© 2001, Cisco Systems, Inc. All rights reserved. 4

• There are three kinds of networks

© 2001, Cisco Systems, Inc. All rights reserved. 5

• MPLS-TE introduces a 4th kind:

© 2001, Cisco Systems, Inc. All rights reserved. 6

What Is MPLS-TE? What Is It Not?

• Multi protocol • Magic problem

This Stuff Takes Work, but It’s Worth It!!!

© 2001, Cisco Systems, Inc. All rights reserved. 7

• You need a link-state protocol as your IGP

© 2001, Cisco Systems, Inc. All rights reserved. 8

• Why do I need a link-state protocol?

© 2001, Cisco Systems, Inc. All rights reserved. 9

• Router A sees all links

• How MPLS-TE works

© 2001, Cisco Systems, Inc. All rights reserved. 12

© 2001, Cisco Systems, Inc. All rights reserved. 13

• IS-IS and OSPF propagate the same

© 2001, Cisco Systems, Inc. All rights reserved. 14

• TE flooding is local to a single {area|level}

© 2001, Cisco Systems, Inc. All rights reserved. 15

• How MPLS-TE works

© 2001, Cisco Systems, Inc. All rights reserved. 16

• Modified Dijkstra at tunnel head-end

© 2001, Cisco Systems, Inc. All rights reserved. 17

• What if there’s more than one path that meets the

© 2001, Cisco Systems, Inc. All rights reserved. 19

• How MPLS-TE works

© 2001, Cisco Systems, Inc. All rights reserved. 20

• Cisco MPLS-TE uses RSVP

© 2001, Cisco Systems, Inc. All rights reserved. 21

• PATH message: “Can I have 40Mb along this path?”

• How MPLS-TE works

© 2001, Cisco Systems, Inc. All rights reserved. 23

• There are three ways traffic can be

© 2001, Cisco Systems, Inc. All rights reserved. 24

• Auto-route = “Use the tunnel as a

© 2001, Cisco Systems, Inc. All rights reserved. 25

This Is the Physical Topology

Router C Router D Router I

© 2001, Cisco Systems, Inc. All rights reserved. 26

• This is Router A’s logical topology

Router C Router D Router I

© 2001, Cisco Systems, Inc. All rights reserved. 27

• Router A’s routing

Router C Router D Router I

© 2001, Cisco Systems, Inc. All rights reserved. 28

• IP routing has equal-cost load balancing,

*EIGRP Has ‘Variance’, but That’s Not As Flexible

Router A 40MB Router E

gsr1#show ip route 192.168.1.8

© 2001, Cisco Systems, Inc. All rights reserved. 30

Router A 40MB Router E

gsr1#sh ip cef 192.168.1.8 internal

Note That the Load Distribution

© 2001, Cisco Systems, Inc. All rights reserved. 31

RtrA(config)#ip route H.H.H.H