MPLS Traffic Engineering Path Link and Node Protection Configuration Guide, Cisco IOS XE Release 3S
Configuring MPLS Traffic Engineering over GRE Tunnel Support
Download this chapter
Configuring MPLS Traffic Engineering over GRE Tunnel SupportConfiguring MPLS Traffic Engineering over GRE Tunnel Support
Download the complete book
MPLS Traffic Engineering Path Link and Node Protection Configuration Guide, Cisco IOS XE Release 3S MPLS Traffic Engineering Path Link and Node Protection Configuration Guide, Cisco IOS XE Release 3S (PDF - 4 MB)
 Feedback

Configuring MPLS Traffic Engineering over GRE Tunnel Support

The MPLS Traffic Engineering (TE) over Generic Routing Encapsulation (GRE) Tunnel Support feature enables applications to establish TE tunnels over virtual interfaces.

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

Prerequisites for Configuring MPLS TE over GRE Tunnel Support

Your network must support the following:

  • Cisco Express Forwarding
  • External data encryptors
  • Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF)
  • IPsec that is enabled on the GRE nodes to implement GRE traffic encryption
  • MPLS TE that is configured on the interface and on GRE tunnels
  • MPLS TE tunnels

Routing loops will result if GRE tunnels and TE tunnels coexist wihin the same routing domain. Create seperate routing domains by either configuring GRE overlay with static routing for GRE packets or using two separate routing processes, one for the GRE overlay and another for TE tunnels.

Restrictions for Configuring MPLS TE Over GRE Tunnel Support

  • The following TE features are not supported over GRE tunnels, so they should not be configured for TE tunnels that may traverse GRE tunnels:
    • Autoroute destinations
    • Automatic bandwidth adjustment
    • Autotunnel primary one-hop tunnels
    • Bidirectional Forwarding Detection (BFD)-triggered FRR
    • Class-Based Tunnel Selection (CBTS)
    • Diff-Serve Aware TE (DS-TE)
    • Explicit path options that identify excluded nodes
    • Interarea/autonomous systems MPLS TE
    • Point-to-multipoint TE
    • Shared Risk Link Groups (SRLGs)
    • Tunnel-Based Admission Control (TBAC)
  • GRE tunnels do not support Cisco nonstop forwarding with stateful switchover (NSF with SSO). If a switchover occurs, traffic loss occurs for TE over GRE, and the TE tunnels are resignaled.

Information About Configuring MPLS TE over GRE Tunnel Support

MPLS TE over GRE Tunnel Support Overview

MPLS TE tunnels provide transport for label switching data through an MPLS network using a path, which is constraint-based, and is not restricted to the IGP shortest cost path. The TE tunnels are usually established over physical links between adjacent routers. However, some applications require establishing TE tunnels over virtual interfaces such as GRE tunnels. Federal Information Processing Standard (FIPS) 140-2 compliance mandates that federal customers require traffic encryption throughout their network infrastructure, which is referred to as Type-I encryption level of security. Type-I encryption environments differentiate between encrypted and unencrypted networks. The encrypted network is the secure part of the network that is in a secure facility, where encryption is not required. The unencrypted network is the unsecured part of the network where traffic encryption is required.

Two common methods of traffic encryption are as follows:

  • External crypto devices
  • Cisco IOS IPsec, which is the encryption embedded into Cisco IOS software

External crypto devices operate in Layer 2 (L2), providing link layer encryption of ATM and SONET traffic. Due to the migration of L2 networks to IP network, there is an increasing adoption of IP crypto devices and IPsec. This transition requires that the traffic encryption happens at the IP layer. The IP-based forwarding of service traffic, such as IP or Layer 3 (L3)/L2 VPN MPLS traffic, is implemented only through GRE tunnels.

Benefits of MPLS TE over GRE Tunnel Support

The MPLS TE Over GRE Tunnel Support feature enables you to leverage MPLS segmentation capabilities, such as Layer 2 and Layer 3 VPN, on GRE tunnel transport. This feature enables you to deploy MPLS TE to implement explicit path forwarding, FRR, and bandwidth management of traffic over GRE tunnels. Also, this feature helps maintain the TE capabilities currently supported by ATM legacy networks.

How to Configure MPLS TE over GRE Tunnel Support

Configuring Resource Reservation Protocol Bandwidth

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    interface type number

    4.    bandwidth kbps

    5.    ip address ip-address mask

    6.    mpls traffic-eng tunnels

    7.    tunnel source type number

    8.    tunnel destination {host-name | ip-address | ipv6-address}

    9.    ip rsvp bandwidth

    10.    end


DETAILED STEPS
     Command or ActionPurpose
    Step 1 enable


    Example:
    Router> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Router# configure terminal
     

    Enters global configuration mode.

     
    Step 3 interface type number


    Example:
    Router(config)# interface tunnel 0
     

    Configures a tunnel interface and enters interface configuration mode for the specified tunnel interface.

     
    Step 4 bandwidth kbps


    Example:
    Router(config-if)# bandwidth 100000
     

    Sets the total bandwidth for a bandwidth pool.

     
    Step 5 ip address ip-address mask


    Example:
    Router(config-if)# ip address 172.16.0.0 255.255.255.254
     

    Configures a primary IP address for an interface.

     
    Step 6 mpls traffic-eng tunnels


    Example:
    Router(config-if)# mpls traffic-eng tunnels
     

    Enables traffic engineering tunnel signaling on the interface.

     
    Step 7 tunnel source type number


    Example:
    Router(config-if)# tunnel source loopback 1
     

    Configures the source address for the tunnel interface.

     
    Step 8 tunnel destination {host-name | ip-address | ipv6-address}


    Example:
    Router(config-if)# tunnel destination 192.168.1.1
     

    Specifies the destination for a tunnel.

    • The ip-addressargument is the IP address of the host destination expressed in dotted decimal notation.
     
    Step 9 ip rsvp bandwidth


    Example:
    Router(config-if)# ip rsvp bandwidth
     

    Enables RSVP for IP on an interface.

     
    Step 10 end


    Example:
    Router(config-if)# end
     

    (Optional) Exits interface configuration mode and returns to privileged EXEC mode.

     

    Configuring an MPLS TE Tunnel

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    interface tunnel number

      4.    ip unnumbered type number

      5.    tunnel destination {host-name | ip-address | ipv6-address}

      6.    mpls traffic-eng tunnels

      7.    tunnel mpls traffic-eng priority setup-priority [hold-priority]

      8.    tunnel mpls traffic-eng bandwidth kbps

      9.    tunnel mpls traffic-eng path-option number dynamic

      10.    tunnel mpls traffic-eng fast-reroute

      11.    end


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 enable


      Example:
      Router> enable
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.
       
      Step 2 configure terminal


      Example:
      Router# configure terminal
       

      Enters global configuration mode.

       
      Step 3 interface tunnel number


      Example:
      Router(config)# interface tunnel 10
       

      Configures a tunnel interface and enters interface configuration mode for the specified tunnel interface.

       
      Step 4 ip unnumbered type number


      Example:
      Router(config-if)# ip unnumbered loopback 0
       

      Assigns an IP address to the tunnel interface.

      • An MPLS TE tunnel interface should be unnumbered because it represents a unidirectional link.
       
      Step 5 tunnel destination {host-name | ip-address | ipv6-address}


      Example:
      Router(config-if)# tunnel destination 192.168.2.2
       

      Specifies the destination for a tunnel.

      • The ip-address argument is the IP address of the host destination expressed in dotted decimal notation.
       
      Step 6 mpls traffic-eng tunnels


      Example:
      Router(config-if)# mpls traffic-eng tunnels
       

      Enables traffic engineering tunnel signaling on the interface.

       
      Step 7 tunnel mpls traffic-eng priority setup-priority [hold-priority]


      Example:
      Router(config-if)# tunnel mpls traffic-eng priority 7 7
       

      Configures the setup and reservation priority for the tunnel.

       
      Step 8 tunnel mpls traffic-eng bandwidth kbps


      Example:
      Router(config-if)# tunnel mpls traffic-eng bandwidth 10
       

      Configures the bandwidth required for the tunnel.

       
      Step 9 tunnel mpls traffic-eng path-option number dynamic


      Example:
      Router(config-if)# tunnel mpls traffic-eng path-option 10 dynamic
       

      Configures the path option for the tunnel.

       
      Step 10 tunnel mpls traffic-eng fast-reroute


      Example:
      Router(config-if)# tunnel mpls traffic-eng fast-reroute
       

      Enables an MPLS TE tunnel to use an established backup tunnel in the event of a link or node failure.

       
      Step 11 end


      Example:
      Router(config-if)# end
       

      (Optional) Exits interface configuration mode and returns to privileged EXEC mode.

       

      Configuring an MPLS TE Tunnel over GRE

      SUMMARY STEPS

        1.    enable

        2.    configure terminal

        3.    interface tunnel number

        4.    ip unnumbered loopback number

        5.    tunnel destination ip-address

        6.    tunnel mpls traffic-eng autoroute announce

        7.    tunnel mpls traffic-eng

        8.    tunnel mpls traffic-eng path-option number dynamic

        9.    end


      DETAILED STEPS
         Command or ActionPurpose
        Step 1 enable


        Example:
        Router> enable
         

        Enables privileged EXEC mode.

        • Enter your password if prompted.
         
        Step 2 configure terminal


        Example:
        Router# configure terminal
         

        Enters global configuration mode.

         
        Step 3 interface tunnel number


        Example:
        Router(config)# interface tunnel 100
         

        Configures an interface type and enters interface configuration mode

         
        Step 4 ip unnumbered loopback number


        Example:
        Router(config-if)# ip unnumbered loopback 0
         

        Assigns an IP address to the tunnel interface.

        • An MPLS TE tunnel interface should be unnumbered because it represents a unidirectional link.
         
        Step 5 tunnel destination ip-address


        Example:
        Router(config-if)# tunnel destination 10.255.1.2
         

        Specifies the destination for a tunnel.

        • The ip-address argument is the IP address of the host destination expressed in dotted decimal notation.
         
        Step 6 tunnel mpls traffic-eng autoroute announce


        Example:
        Router(config-if)# tunnel mpls traffic-eng autoroute announce
         

        Specifies that the IGP should use the tunnel in its enhanced shortest path first (SPF) calculation.

         
        Step 7 tunnel mpls traffic-eng


        Example:
        Router(config-if)# tunnel mpls traffic-eng
         

        Sets the encapsulation mode of the tunnel to MPLS TE.

         
        Step 8 tunnel mpls traffic-eng path-option number dynamic


        Example:
        Router(config-if)# tunnel mpls traffic-eng path-option 10 dynamic
         

        Configures a path option for the MPLS TE tunnel.

        • If you specify the dynamic keyword, the Cisco IOS software checks both the physical bandwidth of the interface and the available TE bandwidth to make sure that the requested amount of bandwidth does not exceed the physical bandwidth of any link.
         
        Step 9 end


        Example:
        Router(config-if)# end
         

        (Optional) Exits interface configuration mode and returns to privileged EXEC mode.

         

        Configuration Examples for MPLS TE Over GRE Tunnel Support

        Example Configuring MPLS TE Over GRE Tunnel Support

        The following example shows how to configure MPLS TE over a GRE tunnel between two routers: Router 1 and Router 2. The first loopback interface is used for router identification, and the other for reachability. One OSPF is used for TE and the other for reachability.

        Router 1

        configure terminal
no logging console
mpls traffic-eng tunnels
interface Loopback 0
 ip address 172.16.1.1 255.255.255.255
 no shutdown
!
interface Loopback 1
 ip address 10.255.1.1 255.255.255.0
 no shutdown
!
interface gigabitethernet 1/1
 ip address 172.16.1.1 255.255.255.255
 ip rsvp bandwidth 100000
 no shutdown
!
router ospf 172
 router-id 172.16.1.1
 network 172.16.0.0 0.0.255.255 area 0
 mpls traffic-eng router-id Loopback 0
 mpls traffic-eng area 0
 no shutdown
!
router ospf 10
 router-id 10.255.1.1
 network 10.255.0.0 0.0.255.255 area 0
 no shutdown
!
interface Tunnel l0
bandwidth 20000
 ip address 172.16.0.1 255.255.255.252
 mpls traffic-eng tunnels
 keepalive 10 3
 tunnel source Loopback 1
 tunnel destination 10.255.1.2
 ip rsvp bandwidth 15000 sub-pool 5000
!
!
interface tunnel 100 
ip unnumbered loopback 0
tunnel mode mpls traffic-eng
tunnel destination 192.168.10.10
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 10 dynamic
!
end
Router 2
configure terminal
no logging console
mpls traffic-eng tunnels
interface Loopback 0
 ip address 172.16.1.2 255.255.255.255
 no shutdown
!
interface Loopback 1
 ip address 10.255.1.2 255.255.255.255
 no shutdown
!
interface gigabitethernet 1/1
 ip address 10.255.0.2 255.255.255.252
 ip rsvp bandwidth 100000
 no shutdown
!
router ospf 172
 router-id 172.16.1.2
 network 172.16.0.0 0.0.255.255 area 0
 mpls traffic-eng router-id Loopback 0
 mpls traffic-eng area 0
 no shutdown
!
router ospf 10
 router-id 10.255.1.2
 network 10.255.0.0 0.0.255.255 area 0
 no shutdown
!
!
interface Tunnel0 
bandwidth 20000
 ip address 172.16.0.2 255.255.255.252
 mpls traffic-eng tunnels
 keepalive 10 3
 tunnel source Loopback 1
 tunnel destination 10.255.1.1
 ip rsvp bandwidth 15000 sub-pool 5000
!
!
interface tunnel 100 
ip unnumbered loopback 0
tunnel mode mpls traffic-eng
tunnel destination 172.16.1.1
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 10 dynamic
!
end

        Additional References

        Related Documents

        Related Topic

        Document Title

        Cisco IOS commands

        Cisco IOS Master Commands List, All Releases

        MPLS commands

        Cisco IOS Multiprotocol Label Switching Command Reference

        Standards

        Standard

        Title

        FIPS 140-2

        Security Requirements for Cryptographic Modules.

        MIBs

        MIB

        MIBs Link

        MPLS-TE-STD-MIB

        To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

        http:/​/​www.cisco.com/​go/​mibs

        RFCs

        RFC

        Title

        RFC 3812

        MPLS TE Management Information Base (MIB)

        Technical Assistance

        Description

        Link

        The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

        http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

        Feature Information for MPLS TE Over GRE Tunnel Support

        The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

        Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

        Table 1 Feature Information for MPLS TE over GRE Tunnel Support

        Feature Name

        Releases

        Feature Information

        MPLS TE over GRE Tunnel Support

        Cisco IOS XE Release 3.3S

        15.2(1)T

        The MPLS TE over GRE Tunnel Support feature enables applications to establish traffic engineering tunnels over virtual interfaces.

        The following commands were introduced or modified: mpls traffic-eng tunnels, tunnel mpls traffic-eng autoroute announce. tunnel mpls traffic-eng bandwidth, tunnel mpls traffic-eng fast-reroute, tunnel mpls traffic-eng path-option, tunnel mpls traffic-eng priority.