08-14-2009 07:46 PM - edited 03-04-2019 05:44 AM
I wonder how to match ping traffic in MPLS domain. The point is, I want to guarantee some bandwidth for my ping traffic to test links to my PEs. I have tried several matches like ip dscp cs6, mpls exp topmost 6, or even match protocol icmp, but none match the ping packet. I didnt try this on the same router, instead, I set policy-map on router B, and then ping from router A to router C. Please enlighten me.
08-15-2009 01:29 AM
Hello,
I would not personally try to look for PING traffic using the IP DSCP or the MPLS CoS bits. There can be many traffic flows having the DSCP CS6 or the MPLS CoS 6 so that is not a reliable source of information.
Personally, I would go with the simplest solution and simply match the ICMP ping packets using an ACL, so the class-map and the ACL would be as follows:
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
class-map ping
match access-group 100
policy-map mypolicy
class ping
bandwidth 100
Have you tried doing it this way?
Best regards,
Peter
08-16-2009 06:14 AM
Hello peter,
Thanks for your response. I actually tried your suggestion and it worked. But I still have a problem since policy-map only match transit traffic not local traffic. So, if I get into P router and send ping from there, the policy-map can not match that packet. On the other side, if I rely on the next hop router to mark that ping traffic for me, it could not do so since the ping packet is already get encapsulated in MPLS with EXP 0. If this happens then I could separate the ping traffic with the other traffic. Is there other solution? what about ping mpls? can that solve my case?
08-16-2009 06:37 AM
Hello,
If you want to apply QoS policies to locally generated packets you can "recirculate" them through a Loopback interface to make them appear as non-local and therefore subject to the outbound service policy on your interfaces.
For example:
interface Loopback0
ip address 192.0.2.1 255.255.255.255
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
route-map Recirc permit 10
match ip address 100
set interface Loopback0
route-map Recirc permit 20
! Nothing written here, just exit
ip local policy route-map Recirc
Then you can use the example from my previous post to match the ping packets in the class-map and assign them a proper priority.
Best regards,
Peter
08-16-2009 07:04 AM
Hello Prima,
the P nodes just perform label switching they don't examine the packet (some low level inspection is done for supporting load balancing).
There are other ways to monitor health state of nodes:
sh ip ospf neigh detail
or
sh clns nei detail
these two show tell the uptime of each adjacency, this is usually enough to check without using icmp packets: the routers already exchange messages in IGP (OSPF or IS-IS or EIGRP), LDP, BGP multiprotocol and so on.
pinging from loopback to loopback can be used to check MPLS LSPs.
So the answer depends on what are you trying to get with the ping tests.
And also most of protocol messages use DSCP CS6 so you may not get the details of ICMP traffic.
for testing purposes on P nodes you can use debug mpls packets to show label switching in action but it is not something to be left enabled for long time.
As expected what works for transit traffic doesn't work for locally originated traffic and this is a further difficulty so I wouldn't use this approach.
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: