IP addressing, IGP in the core (ISIS), Segment Routing, IGP at the customer sites (OSPF), BGP vpnv4, PE-CE routing (which uses OSPF) is all pre-configured.
Configure the CEs to mark traffic on input from the C routers:
Protocol
Marking
ICMP
IPP2
Telnet
IPP3
SSH
IPP4
On both C routers, generate ICMP, telnet, and SSH traffic and verify that the IPP value is set correctly. Use the pre-configured policy-map applied to Gi1 of both C routers to verify hits on the correct IPP values. Telnet and SSH are already enabled on the C routers, however you need to generate the crypto key (crypto key gen rsa). The login is cisco/cisco.
In the service provider core, configure the following outbound queuing policy and apply to all core interfaces. Classification should be based on the EXP value. The IPP of the customer traffic is automatically mapped to the EXP value at the ingress PE.
IPP Value
Action
0
WFQ
2
Police at 256Kbps. If over 256Kbps but under 512Kbps, mark down to IPP0. If over 512Kbps, discard.
3
Allocate 5 Mbps of bandwidth gauranteed
4
LLQ with a policer set at 10 Mbps
Also ensure that a PE router will see the marking of the topmost label in the core. In case a P router changes the topmost label, we want the PE router to be able to use the topmost EXP value. Additionally ensure that the PE routers make egress queuing decisions towards the CEs based on the MPLS EXP and not the customer’s IP traffic.
Generate customer traffic again and verify hits on the policies on the core routers.
3. On PE1 and PE4 enforce 100M symmetrical bandwidth but continue using the queuing policy.
Answers
You can use NBAR (match protocol) or ACLs (match access-group) to match traffic. Use a policy-map to set the IPP value.
class-map ICMP
match protocol icmp
!
class-map TELNET
match protocol telnet
!
class-map SSH
match protocol SSH
!
policy-map mark-traffic
class ICMP
set ip precedence 2
class TELNET
set ip precedence 3
class SSH
set ip precedence 4
!
int Gi1
service-policy input mark-traffic
On the C routers, generate traffic and use the following command to ensure that traffic is being marked to the correct IPP value.
class-map EXP2
match mpls experimental topmost 2
!
class-map EXP3
match mpls experimental topmost 3
!
class-map EXP4
match mpls experimental topmost 4
!
policy-map MPLS-CORE-OUTPUT
class EXP2
police cir 256 k pir 512 k
exceed-action set-prec-transmit 0
violate-action drop
!
class EXP3
bandwidth 5000
!
class EXP4
priority 10000
!
*Apply to all interfaces outbound except the PE-CE links on the PEs*
IOS-XR:
class-map EXP2
match mpls experimental topmost 2
!
class-map EXP3
match mpls experimental topmost 3
!
class-map EXP4
match mpls experimental topmost 4
!
policy-map MPLS-CORE-OUTPUT
class EXP2
police rate 256 k peak-rate 512 k
exceed-action set precedence 0
violate-action drop
class EXP3
! IOS-XRv is not allowing a min bandwidth. Instead just "do nothing."
class EXP4
priority level 1
! IOS-XR does not have the concept of policing for a priority queue to make it LLQ
! Instead we manually add a policer
police rate 10 m
!
*Apply to all interfaces outbound except the PE-CE links on the PEs*
To ensure that the EXP value of the top (transport) label is received at the egress PE, you must advertise the prefix SID with an explicit null.
#PE1
segment-routing mpls
set-attributes
address-family ipv4
explicit-null
P2#show mpls forwarding 1.1.1.1
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16001 explicit-n 1.1.1.1/32 137 Gi1 10.1.2.1
#PE4
router isis 1
int lo0
address-family ipv4 unicast
prefix-sid index 4 explicit-null
RP/0/0/CPU0:P3#show mpls forwarding prefix 4.4.4.4/32
Wed Nov 16 14:22:43.135 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16004 Exp-Null-v4 SR Pfx (idx 4) Gi0/0/0/0 10.3.4.4 0
To queue traffic outbound on the interface facing the CEs, the PEs must associate the EXP value with a QoS-group and then preform policy based on the QoS-group.
#PE1
policy-map EXP-TO-QOSGROUP
class EXP2
set qos-group 2
class EXP3
set qos-group 3
class EXP4
set qos-group 4
!
int Gi2
service-policy input EXP-TO-QOSGROUP
!
class-map QOSGROUP2
match qos-group 2
!
class-map QOSGROUP3
match qos-group 3
!
class-map QOSGROUP4
match qos-group 4
!
policy-map MPLS-CORE-OUTPUT-QOSGROUP
class QOSGROUP2
police cir 256 k pir 512 k
exceed-action set-prec-transmit 0
violate-action drop
!
class QOSGROUP3
bandwidth 5000
!
class QOSGROUP4
priority 10000
!
int Gi1
service-policy output MPLS-CORE-OUTPUT-QOSGROUP
#PE4
policy-map EXP-TO-QOSGROUP
class EXP2
set qos-group 2
class EXP3
set qos-group 3
class EXP4
set qos-group 4
!
int Gi0/0/0/1
service-policy input EXP-TO-QOSGROUP
!
class-map QOSGROUP2
match qos-group 2
!
class-map QOSGROUP3
match qos-group 3
!
class-map QOSGROUP4
match qos-group 4
!
policy-map MPLS-CORE-OUTPUT-QOSGROUP
class QOSGROUP2
police rate 256 k peak-rate 512 k
exceed-action set precedence 0
violate-action drop
class QOSGROUP3
class QOSGROUP4
priority level 1
! IOS-XR does not have the concept of policing for a priority queue to make it LLQ
! Instead we manually add a policer
police rate 10 m
!
int Gi0/0/0/0
service-policy output MPLS-CORE-OUTPUT-QOSGROUP
3. On the PEs, create a service-policy that shapes and polices at 100M. On the shaper, nest the queuing policy.
#PE1 and PE4
policy-map 100M-POLICER
class class-default
police cir 100 m
!
policy-map 100M-SHAPER
class class-default
service-policy MPLS-CORE-OUTPUT-QOSGROUP
shape average 100 m
!
int Gi1 ! int Gi0/0/0/0 for PE4
no service-policy output MPLS-CORE-OUTPUT-QOSGROUP
service-policy output 100M-SHAPER
service-policy input 100M-POLICER
