How to match ping traffic in MPLS

Unanswered Question
Aug 14th, 2009

I wonder how to match ping traffic in MPLS domain. The point is, I want to guarantee some bandwidth for my ping traffic to test links to my PEs. I have tried several matches like ip dscp cs6, mpls exp topmost 6, or even match protocol icmp, but none match the ping packet. I didnt try this on the same router, instead, I set policy-map on router B, and then ping from router A to router C. Please enlighten me.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Peter Paluch Sat, 08/15/2009 - 01:29

Hello,

I would not personally try to look for PING traffic using the IP DSCP or the MPLS CoS bits. There can be many traffic flows having the DSCP CS6 or the MPLS CoS 6 so that is not a reliable source of information.

Personally, I would go with the simplest solution and simply match the ICMP ping packets using an ACL, so the class-map and the ACL would be as follows:

access-list 100 permit icmp any any echo

access-list 100 permit icmp any any echo-reply

class-map ping

match access-group 100

policy-map mypolicy

class ping

bandwidth 100

Have you tried doing it this way?

Best regards,

Peter

prima.ramadhan Sun, 08/16/2009 - 06:14

Hello peter,

Thanks for your response. I actually tried your suggestion and it worked. But I still have a problem since policy-map only match transit traffic not local traffic. So, if I get into P router and send ping from there, the policy-map can not match that packet. On the other side, if I rely on the next hop router to mark that ping traffic for me, it could not do so since the ping packet is already get encapsulated in MPLS with EXP 0. If this happens then I could separate the ping traffic with the other traffic. Is there other solution? what about ping mpls? can that solve my case?

Peter Paluch Sun, 08/16/2009 - 06:37

Hello,

If you want to apply QoS policies to locally generated packets you can "recirculate" them through a Loopback interface to make them appear as non-local and therefore subject to the outbound service policy on your interfaces.

For example:

interface Loopback0

ip address 192.0.2.1 255.255.255.255

access-list 100 permit icmp any any echo

access-list 100 permit icmp any any echo-reply

route-map Recirc permit 10

match ip address 100

set interface Loopback0

route-map Recirc permit 20

! Nothing written here, just exit

ip local policy route-map Recirc

Then you can use the example from my previous post to match the ping packets in the class-map and assign them a proper priority.

Best regards,

Peter

Giuseppe Larosa Sun, 08/16/2009 - 07:04

Hello Prima,

the P nodes just perform label switching they don't examine the packet (some low level inspection is done for supporting load balancing).

There are other ways to monitor health state of nodes:

sh ip ospf neigh detail

or

sh clns nei detail

these two show tell the uptime of each adjacency, this is usually enough to check without using icmp packets: the routers already exchange messages in IGP (OSPF or IS-IS or EIGRP), LDP, BGP multiprotocol and so on.

pinging from loopback to loopback can be used to check MPLS LSPs.

So the answer depends on what are you trying to get with the ping tests.

And also most of protocol messages use DSCP CS6 so you may not get the details of ICMP traffic.

for testing purposes on P nodes you can use debug mpls packets to show label switching in action but it is not something to be left enabled for long time.

As expected what works for transit traffic doesn't work for locally originated traffic and this is a further difficulty so I wouldn't use this approach.

Hope to help

Giuseppe

Actions

This Discussion