Get Unlimited Access to 800 Cisco Lessons Now Get $1 Trial
You are here: Home » MPLS

MPLS TE Policy Based Routing (PBR)

As we have seen in the MPLS TE configuration lesson, no traffic is forwarded down an MPLS Traffic Engineering (TE) tunnel by default. It’s similar to a GRE tunnel. The tunnel is there but doesn’t do anything. You have to configure routing to forward traffic down the tunnel.

We have multiple options to route traffic down a TE tunnel. One of the options is Policy Based Routing (PBR). There is nothing special about this configuration. It’s straightforward PBR. We match specific traffic with a route map and set the TE tunnel interface as the next hop.

Configuration

This is the topology we’ll use:

Mpls Te Pe C Router Topology Tunnel

Routers PE1, P1, P2, P3, and PE2 run MPLS TE. We have a tunnel from PE1 to PE2. I use Cisco IOS Software, IOSv Software (VIOS-ADVENTERPRISEK9-M), Version 15.9(3)M4.

Configurations

Want to take a look for yourself? Here you will find the startup configuration of each device.

CE1

hostname CE1
!
ip cef
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
router isis
 net 49.0001.0001.0001.0001.0001.00
 is-type level-2-only
 metric-style wide
!
end

CE2

hostname CE2
!
ip cef
!
interface Loopback0
 ip address 7.7.7.7 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.67.7 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
router isis
 net 49.0001.0007.0007.0007.0007.00
 is-type level-2-only
 metric-style wide
!
end

P1

hostname P1
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.23.3 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.36.3 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0003.0003.0003.0003.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

P2

hostname P2
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.24.4 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.45.4 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0004.0004.0004.0004.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

P3

hostname P3
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.56.5 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.45.5 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0005.0005.0005.0005.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

PE1

hostname PE1
!
ip cef
!
mpls traffic-eng tunnels
mpls traffic-eng logging lsp setups
mpls traffic-eng logging lsp teardowns
mpls traffic-eng reoptimize events link-up
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface Tunnel1
 ip unnumbered Loopback0
 tunnel mode mpls traffic-eng
 tunnel destination 6.6.6.6
 tunnel mpls traffic-eng priority 7 7
 tunnel mpls traffic-eng bandwidth 750
 tunnel mpls traffic-eng path-option 1 dynamic
 no routing dynamic
!
interface GigabitEthernet0/0
 ip address 192.168.12.2 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/1
 ip address 192.168.23.2 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/2
 ip address 192.168.24.2 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0002.0002.0002.0002.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

PE2

hostname PE2
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.67.6 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/1
 ip address 192.168.36.6 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/2
 ip address 192.168.56.6 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0006.0006.0006.0006.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

Here is the routing table of PE1:

PE1#show ip route isis

      1.0.0.0/32 is subnetted, 1 subnets
i L2     1.1.1.1 [115/20] via 192.168.12.1, 00:04:02, GigabitEthernet0/0
      3.0.0.0/32 is subnetted, 1 subnets
i L2     3.3.3.3 [115/20] via 192.168.23.3, 00:03:52, GigabitEthernet0/1
      4.0.0.0/32 is subnetted, 1 subnets
i L2     4.4.4.4 [115/20] via 192.168.24.4, 00:04:12, GigabitEthernet0/2
      5.0.0.0/32 is subnetted, 1 subnets
i L2     5.5.5.5 [115/30] via 192.168.24.4, 00:03:52, GigabitEthernet0/2
      6.0.0.0/32 is subnetted, 1 subnets
i L2     6.6.6.6 [115/30] via 192.168.23.3, 00:03:14, GigabitEthernet0/1
      7.0.0.0/32 is subnetted, 1 subnets
i L2     7.7.7.7 [115/40] via 192.168.23.3, 00:03:14, GigabitEthernet0/1
i L2  192.168.36.0/24 [115/20] via 192.168.23.3, 00:03:52, GigabitEthernet0/1
i L2  192.168.45.0/24 [115/20] via 192.168.24.4, 00:04:12, GigabitEthernet0/2
i L2  192.168.56.0/24 [115/30] via 192.168.24.4, 00:03:14, GigabitEthernet0/2
                      [115/30] via 192.168.23.3, 00:03:14, GigabitEthernet0/1
i L2  192.168.67.0/24 [115/30] via 192.168.23.3, 00:03:14, GigabitEthernet0/1

As you can see above, we don’t use the tunnel interface. We’ll configure PBR to forward some traffic down our TE tunnel.

Let’s start with an access-list that matches traffic between the loopback interfaces of CE1 and CE2:

PE1(config)#ip access-list extended CE1_L0_CE2_L0
PE1(config-ext-nacl)#permit ip host 1.1.1.1 host 7.7.7.7

And we’ll create a route-map that matches the access-list and sets the tunnel as the next hop:

PE1(config)#route-map CE1_CE2_TUNNEL1 permit 10
PE1(config-route-map)#match ip address CE1_L0_CE2_L0
PE1(config-route-map)#set interface Tunnel 1

We’ll attach the route-map on the interface that connects to CE1:

PE1(config)#interface GigabitEthernet 0/0
PE1(config-if)#ip policy route-map CE1_CE2_TUNNEL1

This completes our configuration.

Verification

Let’s verify our work. I’ll enable a debug so we can see it in action:

PE1#debug ip policy
Policy routing debugging is on

Let’s send a ping from CE1 to CE2:

CE1#ping 7.7.7.7 source 1.1.1.1 repeat 1
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1 
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 8/8/8 ms

This is what we see on our console:

PE1#
IP: s=1.1.1.1 (GigabitEthernet0/0), d=7.7.7.7, len 100, FIB policy match
IP: s=1.1.1.1 (GigabitEthernet0/0), d=7.7.7.7, len 100, PBR Counted
IP: s=1.1.1.1 (GigabitEthernet0/0), d=7.7.7.7 (Tunnel1), len 100, FIB policy routed

This is looking good. Traffic is forwarded down the tunnel. We can also verify this by looking at our route-map:

PE1#show route-map
route-map CE1_CE2_TUNNEL1, permit, sequence 10
  Match clauses:
    ip address (access-lists): CE1_L0_CE2_L0 
  Set clauses:
    interface Tunnel1
Interface tracking current: NULL
Tunnel1, adj_lh:0,oce:0,status:0

  Policy routing matches: 1 packets, 114 bytes

That’s all there is to it.

Configurations

Want to take a look for yourself? Here you will find the final configuration of each device.

CE1

hostname CE1
!
ip cef
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
router isis
 net 49.0001.0001.0001.0001.0001.00
 is-type level-2-only
 metric-style wide
!
end

CE2

hostname CE2
!
ip cef
!
interface Loopback0
 ip address 7.7.7.7 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.67.7 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
router isis
 net 49.0001.0007.0007.0007.0007.00
 is-type level-2-only
 metric-style wide
!
end

P1

hostname P1
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.23.3 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.36.3 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0003.0003.0003.0003.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

P2

hostname P2
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.24.4 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.45.4 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0004.0004.0004.0004.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

P3

hostname P3
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.56.5 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.45.5 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0005.0005.0005.0005.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

PE1

hostname PE1
!
ip cef
!
mpls traffic-eng tunnels
mpls traffic-eng logging lsp setups
mpls traffic-eng logging lsp teardowns
mpls traffic-eng reoptimize events link-up
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface Tunnel1
 ip unnumbered Loopback0
 tunnel mode mpls traffic-eng
 tunnel destination 6.6.6.6
 tunnel mpls traffic-eng priority 7 7
 tunnel mpls traffic-eng bandwidth 750
 tunnel mpls traffic-eng path-option 1 dynamic
 no routing dynamic
!
interface GigabitEthernet0/0
 ip address 192.168.12.2 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/1
 ip address 192.168.23.2 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/2
 ip address 192.168.24.2 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0002.0002.0002.0002.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
ip access-list extended CE1_L0_CE2_L0
 permit ip host 1.1.1.1 host 7.7.7.7
!
route-map CE1_CE2_TUNNEL1 permit 10
 match ip address CE1_L0_CE2_L0
 set interface Tunnel1
!
end

PE2

hostname PE2
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.67.6 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/1
 ip address 192.168.36.6 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/2
 ip address 192.168.56.6 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0006.0006.0006.0006.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

Conclusion

You have learned to use PBR to forward traffic down an MPLS TE tunnel. I hope you enjoyed this lesson. If you have any questions, please leave a comment.

Forum Replies

  1. Hello William!

    Thanks for pointing this out, I will let Rene know to fix this issue.

    Laz

  3. Hello William

    Not all lessons contain videos, some are just text-based, so that is as it is intended to be. Thanks again for your sharp eye!

    Laz

2 more replies! Ask a question or join the discussion by visiting our Community Forum