MPLS TE Affinity Attribute

MPLS Traffic Engineering (TE) attribute flags and tunnel affinity allow you to set attributes on interfaces and configure tunnels to either include or exclude specific links based on those attributes. This is also known as link coloring.

Like TE metric or explicit path options, you can use this to decide what path your tunnels should use.

What are attributes? That’s entirely up to you. There are no predefined attributes. The link type (for example, Fiber, DSL, Satellite) could be attributes. Whether a link is encrypted or not, connected to another country. You name it. You can use whatever you think is useful.

An attribute flag is 32-bit, meaning you can use this to define 32 separate properties on a link. It’s written in hexadecimal and, by default, all set to zeroes.



Attribute Flag

Let’s look at an example:

Mpls Te Attribute Flags Affinity Names

Above, we have an MPLS TE network with links with different attributes:

  • Fiber links
  • DSL link
  • Satellite link
  • Encrypted link
  • Link to another country

We could use attribute flags like this:

Link type Binary Hexadecimal
Fiber 0000 0001 0x1
Satellite 0000 0010 0x2
DSL 0000 0100 0x4
Link to another country 0000 1000 0x8
Encrypted link 0001 0000 0x10

I made up these values myself. I decided that for this network, a Fiber link should have its least significant bit set to 1. For a DSL link, it should be the third least significant bit, etc. You can use hexadecimal values from 0x00000000 up to 0xFFFFFFFF.

I’m only using five attributes in this example, so I’m only showing the eight least significant bits. The attribute flag is 32 bits, so the first 24 bits are all zeroes.

A link could have multiple attributes. For example, let’s say a link has these three attributes:

  • Fiber (0000 0001)
  • Encrypted (0001 0000)
  • Connects to another country (0000 1000)

We set the corresponding bits to 1:

Link type Binary Hexadecimal
Fiber + encrypted link + link to another country 0001 1001 0x19

Affinity and Mask

Deciding on attribute flags is one part of the story. On our tunnel interfaces, we have to configure two items:

  • Affinity
  • Mask

These two items determine whether we include or exclude specific links for our tunnel interface.

With affinity, we set the attribute flag value we want to check, and with the mask, we tell the router what bits we care about or don’t care about. This is similar to how a subnet mask works:

Bit Function
0 Don’t care about this attribute flag bit.
1 The attribute flag bit must match.
  • 1 = the attribute bit must match.
  • 0 = we don’t

Don’t worry about this too much for now. In the configuration section, I’ll explain four examples of how we use affinity and different masks.

Configuration

Let’s dive into the configuration. This is the topology I’ll use:

Mpls Te Attribute Flags Affinity Hex

We have a small MPLS TE network. Routers PE1, P1, P2, and PE2 run MPLS TE. PE1 is the headend router for four TE tunnels that terminate at PE2. We are going to use these tunnels to test affinity. You can also see that I added attribute flags to each link. These correspond to the examples I showed previously.

Configurations

Want to take a look for yourself? Here you will find the startup configuration of each device.

CE1

hostname CE1
!
ip cef
!
interface Loopback0
 ip address 1.1.1.1 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.12.1 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
router isis
 net 49.0001.0001.0001.0001.0001.00
 is-type level-2-only
 metric-style wide
!
end

CE2

hostname CE2
!
ip cef
!
interface Loopback0
 ip address 6.6.6.6 255.255.255.255
 ip router isis
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.56.6 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
router isis
 net 49.0001.0006.0006.0006.0006.00
 is-type level-2-only
 metric-style wide
!
end

P1

hostname P1
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.23.3 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.35.3 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0003.0003.0003.0003.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

P2

hostname P2
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.24.4 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/1
 ip address 192.168.45.4 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0004.0004.0004.0004.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

PE1

hostname PE1
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 2.2.2.2 255.255.255.255
 ip router isis 
 isis circuit-type level-2-only
!
interface Tunnel1
 ip unnumbered Loopback0
 tunnel mode mpls traffic-eng
 tunnel destination 5.5.5.5
 tunnel mpls traffic-eng priority 7 7
 tunnel mpls traffic-eng bandwidth 750
 tunnel mpls traffic-eng path-option 1 dynamic
 no routing dynamic
!
interface Tunnel2
 ip unnumbered Loopback0
 tunnel mode mpls traffic-eng
 tunnel destination 5.5.5.5
 tunnel mpls traffic-eng priority 7 7
 tunnel mpls traffic-eng bandwidth 750
 tunnel mpls traffic-eng path-option 1 dynamic
 no routing dynamic
!
interface Tunnel3
 ip unnumbered Loopback0
 tunnel mode mpls traffic-eng
 tunnel destination 5.5.5.5
 tunnel mpls traffic-eng priority 7 7
 tunnel mpls traffic-eng bandwidth 750
 tunnel mpls traffic-eng path-option 1 dynamic
 no routing dynamic
!
interface Tunnel4
 ip unnumbered Loopback0
 tunnel mode mpls traffic-eng
 tunnel destination 5.5.5.5
 tunnel mpls traffic-eng priority 7 7
 tunnel mpls traffic-eng bandwidth 750
 tunnel mpls traffic-eng path-option 1 dynamic
 no routing dynamic
interface GigabitEthernet0/0
 ip address 192.168.12.2 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/1
 ip address 192.168.23.2 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/2
 ip address 192.168.24.2 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/3
 ip address 192.168.25.2 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0002.0002.0002.0002.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

PE2

hostname PE2
!
ip cef
!
mpls traffic-eng tunnels
!
interface Loopback0
 ip address 5.5.5.5 255.255.255.255
 ip router isis
 isis circuit-type level-2-only
!
interface GigabitEthernet0/0
 ip address 192.168.56.5 255.255.255.0
 ip router isis 
 isis circuit-type level-2-only
!
interface GigabitEthernet0/1
 ip address 192.168.35.5 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/2
 ip address 192.168.45.5 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
interface GigabitEthernet0/3
 ip address 192.168.25.5 255.255.255.0
 ip router isis 
 mpls traffic-eng tunnels
 mpls ip
 isis circuit-type level-2-only
 ip rsvp bandwidth 1000000
!
router isis
 mpls traffic-eng router-id Loopback0
 mpls traffic-eng level-2
 net 49.0001.0005.0005.0005.0005.00
 is-type level-2-only
 metric-style wide
!
mpls ldp router-id Loopback0 force
!
end

I’m using IOSv Version 15.9(3)M4 on all routers.

By default, all interfaces have the attribute flags all set to zero:

PE1#show mpls traffic-eng topology | include Intf | flags        
          frag_id 0, Intf Address:192.168.24.2
          TE metric:10, IGP metric:10, attribute flags:0x0
          frag_id 0, Intf Address:192.168.23.2
          TE metric:10, IGP metric:10, attribute flags:0x0
          frag_id 0, Intf Address:192.168.25.2
          TE metric:10, IGP metric:10, attribute flags:0x0
          frag_id 0, Intf Address:192.168.23.3
          TE metric:10, IGP metric:10, attribute flags:0x0
          frag_id 0, Intf Address:192.168.35.3
          TE metric:10, IGP metric:10, attribute flags:0x0
          frag_id 0, Intf Address:192.168.24.4
          TE metric:10, IGP metric:10, attribute flags:0x0
          frag_id 0, Intf Address:192.168.45.4
          TE metric:10, IGP metric:10, attribute flags:0x0
          frag_id 0, Intf Address:192.168.35.5
          TE metric:10, IGP metric:10, attribute flags:0x0
          frag_id 0, Intf Address:192.168.45.5
          TE metric:10, IGP metric:10, attribute flags:0x0
          frag_id 0, Intf Address:192.168.25.5
          TE metric:10, IGP metric:10, attribute flags:0x0

Tunnels use the following default affinity and mask:

PE1#show mpls traffic-eng tunnels Tunnel 1 | include Affinity
    Bandwidth: 750      kbps (Global)  Priority: 7  7   Affinity: 0x0/0xFFFF

The default affinity is 0x0 with a mask of 0xFFFF. Let me show all 32 bits:

Affinity 00000000 00000000 00000000 00000000
Mask 00000000 00000000 11111111 11111111

What does this mean?

  • The first 16 bits of the mask are set to zeroes, so we don’t care about these.
  • The last 16 bits of the mask are set to ones, so we care about these.

The last 16 affinity bits are set to zeroes, so we can use links where the last 16 attribute flag bits are set to zero. Because the attribute flag of a link is set to all zeroes by default, we can use all links.

Be careful when configuring attribute flags in a production network. With this default affinity setting, some links may become excluded for your tunnels.

Link Attributes

Let’s start with the configuration of the link attributes. I’ll use the examples I showed you before:

Link type Binary Hexadecimal
Fiber 0000 0001 0x1
Satellite 0000 0010 0x2
DSL 0000 0100 0x4
Fiber + encrypted link + link to another country 0001 1001 0x19

Let’s configure all interfaces on the routers:

PE1

PE1(config)#interface GigabitEthernet 0/1
PE1(config-if)#mpls traffic-eng attribute-flags 0x19
PE1(config)#interface GigabitEthernet 0/2        
PE1(config-if)#mpls traffic-eng attribute-flags 0x1
PE1(config)#interface GigabitEthernet 0/3
PE1(config-if)#mpls traffic-eng attribute-flags 0x4

P1

P1(config)#interface GigabitEthernet 0/0
P1(config-if)#mpls traffic-eng attribute-flags 0x19
P1(config)#interface GigabitEthernet 0/1
P1(config-if)#mpls traffic-eng attribute-flags 0x1

P2

P2(config)#interface GigabitEthernet 0/0
P2(config-if)#mpls traffic-eng attribute-flags 0x1
P2(config)#interface GigabitEthernet 0/1
P2(config-if)#mpls traffic-eng attribute-flags 0x2

PE2

PE2(config)#interface GigabitEthernet 0/1
PE2(config-if)#mpls traffic-eng attribute-flags 0x1
PE2(config)#interface GigabitEthernet 0/2       
PE2(config-if)#mpls traffic-eng attribute-flags 0x2
PE2(config)#interface GigabitEthernet 0/3       
PE2(config-if)#mpls traffic-eng attribute-flags 0x4

That’s all there is to it.

Affinity and Mask

Now we can configure affinity and a mask for our tunnel interfaces. I’ll give you four examples.

Example 1

Let’s say that our tunnel should only use plain DSL links. No other attributes are allowed. The attribute flag we use for a DSL link looks like this:

Link type Binary Hexadecimal
DSL 0000 0100 0x4

We can use our affinity and mask like this:

Type Binary Hexadecimal
Affinity 0000 0100 0x4
Mask 1111 1111 0xFFFFFFFF

We set our affinity to the same value as the attribute flag for a DSL link. We set the mask to all ones, which means that all affinity bits have to match. Let’s configure this:

PE1(config)#interface Tunnel 1
PE1(config-if)#tunnel mpls traffic-eng affinity 0x4 mask 0xFFFFFFFF
Verification

Let’s figure out whether this works. Let’s check the tunnel:

PE1#show mpls traffic-eng Tunnels tunnel 1

Name: PE1_t1                              (Tunnel1) Destination: 5.5.5.5
  Status:
    Admin: up         Oper: up     Path: valid       Signalling: connected
    path option 1, type dynamic (Basis for Setup, path weight 10)

  Config Parameters:
    Bandwidth: 750      kbps (Global)  Priority: 7  7   Affinity: 0x4/0xFFFFFFFF
    Metric Type: TE (default)
    AutoRoute:  disabled  LockDown: disabled  Loadshare: 750      bw-based
    auto-bw: disabled
  Active Path Option Parameters:
    State: dynamic path option 1 is active
    BandwidthOverride: disabled  LockDown: disabled  Verbatim: disabled


  InLabel  :  - 
  OutLabel : GigabitEthernet0/3, implicit-null
  RSVP Signalling Info:
       Src 2.2.2.2, Dst 5.5.5.5, Tun_Id 1, Tun_Instance 107
    RSVP Path Info:
      My Address: 192.168.25.2   
      Explicit Route: 192.168.25.5 5.5.5.5 
      Record   Route:   NONE
      Tspec: ave rate=750 kbits, burst=1000 bytes, peak rate=750 kbits
    RSVP Resv Info:
      Record   Route:   NONE
      Fspec: ave rate=750 kbits, burst=1000 bytes, peak rate=750 kbits
  Shortest Unconstrained Path Info:
    Path Weight: 10 (TE)
    Explicit Route: 192.168.25.2 192.168.25.5 5.5.5.5

In the output above, we see our configured affinity and mask. The explicit route we use is the direct DSL link from PE1 to PE2. To find out whether affinity works, we’ll shut the DSL link:

PE1(config)#interface GigabitEthernet 0/3
PE1(config-if)#shutdown

Let’s check the tunnel:

PE1#show mpls traffic-eng tunnels Tunnel 1                             

Name: PE1_t1                              (Tunnel1) Destination: 5.5.5.5
  Status:
    Admin: up         Oper: down   Path: not valid   Signalling: Down
    path option 1, type dynamic

  Config Parameters:
    Bandwidth: 750      kbps (Global)  Priority: 7  7   Affinity: 0x4/0xFFFFFFFF
    Metric Type: TE (default)
    AutoRoute:  disabled  LockDown: disabled  Loadshare: 750      bw-based
    auto-bw: disabled

  Shortest Unconstrained Path Info:
    Path Weight: 20 (TE)
    Explicit Route: 192.168.24.2 192.168.24.4 192.168.45.4 192.168.45.5 
                    5.5.5.5 
  History:
    Tunnel:
      Time since created: 1 days, 47 minutes
      Time since path change: 2 hours, 3 minutes
      Number of LSP IDs (Tun_Instances) used: 469
    Prior LSP:
      ID: path option 1 [215]
      Removal Trigger: path error
      Last Error: PCALC:: No path to destination, 0005.0005.0005.00

As expected, the tunnel is now down because no DSL links remain.

Let’s reactivate the interface before we continue:

PE1(config)#interface GigabitEthernet 0/3 
PE1(config-if)#no shutdown

Example 2

Let’s try something else. Let’s configure a tunnel where we only permit fiber links. We shouldn’t use satellite or DSL links. We don’t care about any other attributes.

Link type Binary Hexadecimal
Fiber 0000 0001 0x1
Satellite 0000 0010 0x2
DSL 0000 0100 0x4

Here is the affinity and mask we can use:

Type Binary Hexadecimal
Affinity 0000 0001 0x1
Mask 0000 0111 0x7

Let me explain this:

  • The affinity has it’s last bit set to 1 because this matches the fiber attribute flag bit.
  • The mask is set to 111 because we care about the last three bits:
    • The second least significant bit indicates a satellite link, so we care that this bit is a 0.
    • The third least significant bit indicates a DSL link, so we care that this bit is a 0.
    • The least significant bit indicates a fiber link, so we care that this bit is a 1.

We don’t care about any of the other attribute flag bits. Let’s configure this:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now!

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 806 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)
394 Sign Ups in the last 30 days
satisfaction-guaranteed

  • 100% Satisfaction Guaranteed!
  • You may cancel your monthly membership at any time.
  • No Questions Asked!

Tags:


Forum Replies

  1. Hello Victor

    Notice the following phrase in the lesson:

    An attribute flag is 32-bit, meaning you can use this to define 32 separate properties on a link. It’s written in hexadecimal and, by default, all set to zeroes.

    You must remember that this 32-bit value is actually a flag. Flag means that it indicates a boolean function, either 1 or 0. So you can actually think of the attribute flag as a series of 32 bit flags. Take a look at this NetworkLessons note on best practices for choosing your attribute flags.

    Now in your case, you have overlapping flags beca

    ... Continue reading in our forum

  2. Hi René i have this topology created showed below , R37 is the (HEADEND) and R39 is my (TAILEND)
    i have seted the atribute flags to 0x1 to upper path , 0x81 middle path and 0x80 lower path, my doubt is why if i set from R37 : show mpls traffic engineering topology path destination 3.3.3.3 affinity 0x80 mask 0x84 the command traffic displayed goes from R37 to R39 ?

    Why this happens?

    https://cdn-forum.networklessons.com/uploads/default/original/2X/1/1f9194557a0ba2195e0155555762de495d719474.png


    https://cdn-forum.networklessons.com/uploads/default/original/2X/1/19

    ... Continue reading in our forum

  3. Hello Dante

    The CLI output that you shared seems to be at odds with the given affinity and mask you’ve configured. Given the affinity and mask values, the path via R42 is the expected path that should be selected, but your output shows it taking the path via R39.

    What do you see in the output of the show mpls traffic-eng Tunnels command? What do you see in the Explicit Route as shown under the RSVP Path Info and the Shortest Unconstrained Path Info? Take a look at the lesson in the verification sections to see how those outputs tell us about how the tunnel is

    ... Continue reading in our forum

1 more reply! Ask a question or join the discussion by visiting our Community Forum