Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
4
Replies

MPLS VPN and Policing

mheusinger
Level 10
Level 10

‎02-06-2003 01:29 AM

Hi there, I have a question regarding MPLS VPN and Policing. Assume you have a RFC2547 VPN for a customer with 3 locations. Lets assume Central location has a 100 MBit connection to the PE and the two other locations (loc1 and loc2) have an E3 each. We are running eBGP between all PE and CEs. So far so good, but how can you ratelimit the input from the Central site at the connected PE towards loc1 and loc2 to 45 MBit each? CAR and MQC only allow to my knowledge rate limitting for traffic described by access-lists. However that is not sufficient, as the destination networks might change at any time (dynamic routing inside the VPN). Any ideas?

Would Policy propagation through BGP solve that? If so how?

Kind regards

Martin

Labels:
0 Helpful
4 Replies 4

pradeepde
Level 5
Level 5

‎02-12-2003 08:03 AM

Take a look at this URL http://www.cisco.com/univercd/cc/td/doc/product/wanbu/8850px45/rel21/rpmpr/21ch7.htm. It talks about label forwarding with the dynamic routes.

0 Helpful

mazhar71
Level 1
Level 1

‎02-16-2003 11:14 PM

Hi,

Considering that you have only 3 sites , may be you can use GRE Tunnel interface. Between spoke sites configure tunnel interface to hub router. Then configure so that all packets flows through the tunnel interface while going to spoke sites. You can use a routing protocol for this. Then put "rate limit " into this tunnel interfaces. In this way you can limit the traffic to 45Mb/each.

Regards

Mazhar

0 Helpful

rwatson
Level 1
Level 1

‎05-22-2003 07:27 PM

I've never had the opportunity to implement QPPB for policing (yet!) but I've done similar things with MPLS-VPNs and BGP. If you're using BGP then could you use an inbound route-map on the neighbour statement (within the vrf) to tag all incoming routes with a "Site of Origin" SoO community. The SoO would be different for each remote location and could be used by QPPB at the central location's PE router to mark incoming packets from the CE in QoS groups or IP precedence levels. It should be straightforward to rate-limit these appropriately.....

0 Helpful

ipotts
Level 1
Level 1

‎05-23-2003 12:13 AM

Hello,

Could you please clarify the statement "However that is not sufficient, as the destination networks might change at any time (dynamic routing inside the VPN)." I can't see how destination networks can change, they should remain constant?

Regards

Ian

0 Helpful
Customers Also Viewed These Support Documents