- Read Me First
- MPLS Traffic Engineering--Fast Reroute Link and Node Protection
- MPLS TE Link and Node Protection with RSVP Hellos Support
- MPLS Traffic Engineering-Autotunnel Primary and Backup
- MPLS Traffic Engineering (TE) Path Protection
- MPLS Traffic Engineering BFD-triggered Fast Reroute
- MPLS Traffic Engineering (TE)--IP Explicit Address Exclusion
- MPLS Traffic Engineering Shared Risk Link Groups
- MPLS Traffic Engineering Inter-AS TE
- Configuring MPLS Traffic Engineering over GRE Tunnel Support
- MPLS Traffic Engineering—RSVP Graceful Restart
- Finding Feature Information
- Prerequisites for Configuring MPLS TE over GRE Tunnel Support
- Restrictions for Configuring MPLS TE Over GRE Tunnel Support
- Information About Configuring MPLS TE over GRE Tunnel Support
- How to Configure MPLS TE over GRE Tunnel Support
- Configuration Examples for MPLS TE Over GRE Tunnel Support
- Additional References for MPLS TE Over GRE Tunnel Support
- Feature Information for MPLS TE Over GRE Tunnel Support
Configuring MPLS Traffic Engineering over GRE Tunnel Support
The MPLS Traffic Engineering (TE) over Generic Routing Encapsulation (GRE) Tunnel Support feature enables applications to establish TE tunnels over virtual interfaces.
- Finding Feature Information
- Prerequisites for Configuring MPLS TE over GRE Tunnel Support
- Restrictions for Configuring MPLS TE Over GRE Tunnel Support
- Information About Configuring MPLS TE over GRE Tunnel Support
- How to Configure MPLS TE over GRE Tunnel Support
- Configuration Examples for MPLS TE Over GRE Tunnel Support
- Additional References for MPLS TE Over GRE Tunnel Support
- Feature Information for MPLS TE Over GRE Tunnel Support
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Configuring MPLS TE over GRE Tunnel Support
Your network must support the following:
-
Cisco Express Forwarding
-
External data encryptors
-
Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF)
-
IPsec that is enabled on the GRE nodes to implement GRE traffic encryption
-
MPLS TE that is configured on the interface and on GRE tunnels
-
MPLS TE tunnels
If GRE tunnels and TE tunnels coexist within the same routing domain, routing loops will occur. Create separate routing domains by either configuring GRE overlay with static routing for GRE packets or using two separate routing processes, one for the GRE overlay and another for TE tunnels.
Restrictions for Configuring MPLS TE Over GRE Tunnel Support
-
The following TE features are not supported over GRE tunnels, so they should not be configured for TE tunnels that may traverse GRE tunnels: -
GRE tunnels do not support Cisco nonstop forwarding with stateful switchover (NSF with SSO). If a switchover occurs, traffic loss occurs for TE over GRE, and the TE tunnels are resignaled.
Information About Configuring MPLS TE over GRE Tunnel Support
MPLS TE over GRE Tunnel Support Overview
MPLS TE tunnels provide transport for label switching data through an MPLS network using a path, which is constraint-based, and is not restricted to the IGP shortest cost path. The TE tunnels are usually established over physical links between adjacent routers. However, some applications require establishing TE tunnels over virtual interfaces such as GRE tunnels. Federal Information Processing Standard (FIPS) 140-2 compliance mandates that federal customers require traffic encryption throughout their network infrastructure, which is referred to as Type-I encryption level of security. Type-I encryption environments differentiate between encrypted and unencrypted networks. The encrypted network is the secure part of the network that is in a secure facility, where encryption is not required. The unencrypted network is the unsecured part of the network where traffic encryption is required.
Two common methods of traffic encryption are as follows:
External crypto devices
Cisco IOS IPsec, which is the encryption embedded into Cisco IOS software
External crypto devices operate in Layer 2 (L2), providing link layer encryption of ATM and SONET traffic. Due to the migration of L2 networks to IP network, there is an increasing adoption of IP crypto devices and IPsec. This transition requires that the traffic encryption happens at the IP layer. The IP-based forwarding of service traffic, such as IP or Layer 3 (L3)/L2 VPN MPLS traffic, is implemented only through GRE tunnels.
Benefits of MPLS TE over GRE Tunnel Support
The MPLS TE Over GRE Tunnel Support feature enables you to leverage MPLS segmentation capabilities, such as Layer 2 and Layer 3 VPN, on GRE tunnel transport. This feature enables you to deploy MPLS TE to implement explicit path forwarding, FRR, and bandwidth management of traffic over GRE tunnels. Also, this feature helps maintain the TE capabilities currently supported by ATM legacy networks.
How to Configure MPLS TE over GRE Tunnel Support
- Configuring Resource Reservation Protocol Bandwidth
- Configuring an MPLS TE Tunnel
- Configuring an MPLS TE Tunnel over GRE
Configuring Resource Reservation Protocol Bandwidth
1.
enable
2.
configure
terminal
3.
interface
type
number
4.
bandwidth
kbps
5.
ip
address
ip-address
mask
6.
mpls
traffic-eng
tunnels
7.
tunnel
source
type
number
8.
tunnel
destination
{host-name |
ip-address |
ipv6-address}
9.
ip
rsvp
bandwidth
10.
end
DETAILED STEPS
Configuring an MPLS TE Tunnel
1.
enable
2.
configure
terminal
3.
interface
tunnel
number
4.
ip
unnumbered
type
number
5.
tunnel
destination
{host-name |
ip-address |
ipv6-address}
6.
mpls
traffic-eng
tunnels
7.
tunnel
mpls
traffic-eng
priority
setup-priority
[hold-priority]
8.
tunnel
mpls
traffic-eng
bandwidth
kbps
9.
tunnel
mpls
traffic-eng
path-option
number
dynamic
10.
tunnel
mpls
traffic-eng
fast-reroute
11.
end
DETAILED STEPS
Configuring an MPLS TE Tunnel over GRE
1.
enable
2.
configure
terminal
3.
interface
tunnel
number
4.
ip
unnumbered
loopback
number
5.
tunnel
destination
ip-address
6.
tunnel
mpls
traffic-eng
autoroute
announce
7.
tunnel mpls
traffic-eng
8.
tunnel
mpls
traffic-eng
path-option
number
dynamic
9.
end
DETAILED STEPS
Configuration Examples for MPLS TE Over GRE Tunnel Support
Example Configuring MPLS TE Over GRE Tunnel Support
The following example shows how to configure MPLS TE over a GRE tunnel between two routers: Router 1 and Router 2. The first loopback interface is used for router identification, and the other for reachability. One OSPF is used for TE and the other for reachability.
Router 1
configure terminal no logging console mpls traffic-eng tunnels interface Loopback 0 ip address 172.16.1.1 255.255.255.255 no shutdown ! interface Loopback 1 ip address 10.255.1.1 255.255.255.0 no shutdown ! interface gigabitethernet 1/1 ip address 172.16.1.1 255.255.255.255 ip rsvp bandwidth 100000 no shutdown ! router ospf 172 router-id 172.16.1.1 network 172.16.0.0 0.0.255.255 area 0 mpls traffic-eng router-id Loopback 0 mpls traffic-eng area 0 no shutdown ! router ospf 10 router-id 10.255.1.1 network 10.255.0.0 0.0.255.255 area 0 no shutdown ! interface Tunnel l0 bandwidth 20000 ip address 172.16.0.1 255.255.255.252 mpls traffic-eng tunnels keepalive 10 3 tunnel source Loopback 1 tunnel destination 10.255.1.2 ip rsvp bandwidth 15000 sub-pool 5000 ! ! interface tunnel 100 ip unnumbered loopback 0 tunnel mode mpls traffic-eng tunnel destination 192.168.10.10 tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng path-option 10 dynamic ! end Router 2 configure terminal no logging console mpls traffic-eng tunnels interface Loopback 0 ip address 172.16.1.2 255.255.255.255 no shutdown ! interface Loopback 1 ip address 10.255.1.2 255.255.255.255 no shutdown ! interface gigabitethernet 1/1 ip address 10.255.0.2 255.255.255.252 ip rsvp bandwidth 100000 no shutdown ! router ospf 172 router-id 172.16.1.2 network 172.16.0.0 0.0.255.255 area 0 mpls traffic-eng router-id Loopback 0 mpls traffic-eng area 0 no shutdown ! router ospf 10 router-id 10.255.1.2 network 10.255.0.0 0.0.255.255 area 0 no shutdown ! ! interface Tunnel0 bandwidth 20000 ip address 172.16.0.2 255.255.255.252 mpls traffic-eng tunnels keepalive 10 3 tunnel source Loopback 1 tunnel destination 10.255.1.1 ip rsvp bandwidth 15000 sub-pool 5000 ! ! interface tunnel 100 ip unnumbered loopback 0 tunnel mode mpls traffic-eng tunnel destination 172.16.1.1 tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng path-option 10 dynamic ! end
Example Configuring CBTS with MPLS over GRE
The following example shows how to configure Class-Based Tunnel Selection (CBTS) with MPLS Traffic Engineering (TE) over GRE.
Configuration of the Midpoint Router (R1)
mpls traffic-eng tunnels ! interface Tunnel 102 ip address 203.20.0.1 255.255.255.0 mpls ip mpls traffic-eng tunnels tunnel source GigabitEthernet 0/0/0 tunnel destination 192.168.0.1 tunnel key 22 tunnel checksum ip rsvp bandwidth 500000 ! interface Tunnel 103 ip address 203.10.0.1 255.255.255.0 mpls ip mpls traffic-eng tunnels tunnel source GigabitEthernet 0/0/0 tunnel destination 192.168.10.1 tunnel key 33 tunnel checksum ip rsvp bandwidth 500000 mpls traffic-eng tunnels ! router ospf 1 router-id 10.1.1.1 network 10.1.1.1 0.0.0.0 area 1 network 203.20.0.1 0.0.0.0 area 1 network 203.10.0.1 0.0.0.0 area 1 mpls traffic-eng router-id Loopback 0 mpls traffic-eng area 1
Configuration of the Head Router (R2)
mpls traffic-eng tunnels ! interface Tunnel 203 ip address 203.0.0.1 255.255.255.0 mpls ip mpls traffic-eng tunnels tunnel source GigabitEthernet 0/0/0 tunnel destination 192.168.10.1 tunnel key 6 tunnel checksum ip rsvp bandwidth 500000 ! interface Tunnel 211 ip address 172.16.0.2 255.255.255.0 mpls ip mpls traffic-eng tunnels tunnel source GigabitEthernet 0/0/0 tunnel destination 192.168.20.1 tunnel key 22 tunnel checksum ip rsvp bandwidth 500000 ! interface Tunnel 2300 ip unnumbered Loopback 0 tunnel mode mpls traffic-eng tunnel destination 10.3.3.3 tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng autoroute metric relative -5 tunnel mpls traffic-eng priority 7 7 tunnel mpls traffic-eng bandwidth 1000 tunnel mpls traffic-eng path-option 10 dynamic tunnel mpls traffic-eng exp-bundle master tunnel mpls traffic-eng exp-bundle member Tunnel 2301 tunnel mpls traffic-eng exp-bundle member Tunnel 2302 ! interface Tunnel 2301 ip unnumbered Loopback 0 tunnel mode mpls traffic-eng tunnel destination 10.3.3.3 tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng autoroute metric relative -5 tunnel mpls traffic-eng priority 7 7 tunnel mpls traffic-eng bandwidth 1000 tunnel mpls traffic-eng path-option 10 explicit name TE2301 tunnel mpls traffic-eng exp 6 7 ! interface Tunnel 2302 ip unnumbered Loopback 0 tunnel mode mpls traffic-eng tunnel destination 10.3.3.3 tunnel mpls traffic-eng autoroute announce tunnel mpls traffic-eng autoroute metric relative -5 tunnel mpls traffic-eng priority 7 7 tunnel mpls traffic-eng bandwidth 1000 tunnel mpls traffic-eng path-option 10 explicit name TE2302 tunnel mpls traffic-eng exp default ! router ospf 1 router-id 10.2.2.2 network 10.2.2.2 0.0.0.0 area 1 network 203.20.0.2 0.0.0.0 area 1 network 172.16.0.2 0.0.0.0 area 1 network 203.0.0.1 0.0.0.0 area 1 mpls traffic-eng router-id Loopback0 mpls traffic-eng area 1 ! ip explicit-path name TE2301 enable next-address 203.0.0.2 ip explicit-path name TE2302 enable next-address 172.16.0.1 next-address 172.26.0.2
Configuration of the Tail Router (R3)
mpls traffic-eng tunnels ! interface Tunnel 302 ip address 203.0.0.2 255.255.255.0 mpls ip mpls traffic-eng tunnels tunnel source GigabitEthernet 0/0/0 tunnel destination 192.168.0.1 tunnel key 6 tunnel checksum ip rsvp bandwidth 500000 ! interface Tunnel 311 ip address 172.26.0.2 255.255.255.0 mpls ip mpls traffic-eng tunnels tunnel source GigabitEthernet 0/0/0 tunnel destination 192.168.20.1 tunnel key 33 tunnel checksum ip rsvp bandwidth 500000 ! router ospf 1 router-id 10.3.3.3 network 10.3.3.3 0.0.0.0 area 1 network 203.10.0.2 0.0.0.0 area 1 network 172.26.0.2 0.0.0.0 area 1 network 203.0.0.2 0.0.0.0 area 1 mpls traffic-eng router-id Loopback0 mpls traffic-eng area 1 !
Additional References for MPLS TE Over GRE Tunnel Support
Related Documents
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
MPLS commands |
Standards
Standard |
Title |
---|---|
FIPS 140-2 |
Security Requirements for Cryptographic Modules. |
MIBs
MIB |
MIBs Link |
---|---|
MPLS-TE-STD-MIB |
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFCs
RFC |
Title |
---|---|
RFC 3812 |
MPLS TE Management Information Base (MIB) |
Technical Assistance
Description |
Link |
---|---|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
Feature Information for MPLS TE Over GRE Tunnel Support
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
---|---|---|
MPLS TE over GRE Tunnel Support |
Cisco IOS XE Release 3.3S 15.2(1)T Cisco IOS XE Release 3.12S |
The MPLS TE over GRE Tunnel Support feature enables applications to establish traffic engineering tunnels over virtual interfaces. The following commands were introduced or modified: mpls traffic-eng tunnels, tunnel mpls traffic-eng autoroute announce. tunnel mpls traffic-eng bandwidth, tunnel mpls traffic-eng fast-reroute, tunnel mpls traffic-eng path-option, tunnel mpls traffic-eng priority.
In Cisco IOS XE 3.12S release, CBTS support was added for GRE interface type on the Cisco ASR 1000 Series Aggregation Services Routers. |