We are currently migrating our SP network to MPLS, and i have the following challenge. As of today, i have a lan2lan connection between two 6509 in two different regions.
I have a service-policy applied,to provide customers with a certain bandwidth across this link. The business model gives the customers the possibility to purchase for example 10Mbit access to resources in an extranet in location A, and for example 2Mbit access to resources in Location B. The problem is, we are moving this extranet into a VRF, and running tag-switching on the lan2lan between the two 6509s. Considering that there are 18000 routes in this extranet, spread across the two locations, we do not want to shape/police the traffic at the inbound access, as this will be very painful with this large amount of routes.
So, right now, i am planning on having a GRE tunnel between the two routers, and keeping the existing service-policy, but i would like to see if there is any way to shape on the MPLS link itself. The service-policy i am using today will never work once the extranet is moved into the VRF, as it will no longer see the IP packets traversing the MPLS link.
So, basically, we are looking for a method to shape traffic within a VRF before it is switched across an MPLS link.
I am also looking for a way to shape a VRF, if possible, before traversing a link.
Your option might be to configure MPLS-TE as a replacement for your service-policy and/or either set or map the MPLS EXP bits. There are various approaches it will depend on your ultimate design:
You may try the following documents:
Diff-Serv-aware MPLS Traffic Engineering (DS-TE)
MPLS Traffic Engineering (TE)-Automatic bandwidth Adjustment for TE Tunnels
More details in the "Cisco IOS Multiprotocol Label Switching Configuration Guide"
Thanks. I've considered mapping the MPLS EXP bit, but that gives me a limit of 7 different bandwidth "classes", and i also need room for voice and video ++ QoS in here.
I've had a quick look on those documents already, but havent come across anything that fits my need yet, although i'm sure there are some smart solutions out there. Just need to find it :)
Still nothing. We have decided to use GRE tunnel and keep the existing service-policy for now, at least until the migration into the VRF is complete. I am not even sure if there is a method for this, since shaping on a MPLS link doesnt happen. Normally a service provider would shape the edge access, so this is highly uncommon, but still very interesting, and eventually useful.
As a core router in a MPLS L3VPN environment does not know about any customer location or prefix and only does label lookups, it only can implement QoS based on labels, i.e. exp bits.
Using different exp bits per location does not scale as you already wrote.
What you can do:
Create a "guaranteed bandwidth" class, assign one exp bit value to it. On your lan2lan link guarantee that class the summ of all customer bandwidths and police/shape them at the edge to their subscribed bandwidth.
The scenario is very much like a frame relay network, where the provider guarantees CIR. Police at the edge and queue in the core.
The additional challenge with MPLS is that the core has no "per-VC" state information.
MPLS TE might help, though you will never get the same behaviour as with Frame relay.
I think i understand, but doesn't this still leave me with the challenge of creating a vast policy, considering there are 18000 routes?
QoS Policy Propagation through BGP might help. You can set IP precedence based on BGP communities, i.e. with a community set at each location that might allow you to create a policy independant of a specific set of prefixes.
Yet you need to check, if QPPB is supported on your hardware/software combination.
How do you create the policy today? Based on what do you give guarantees on your lan2lan link?
Today, we are using service-policy and class-maps that matches on ip addresses in an ACL. (where source to any is the criteria). If we were to shape on the inbound access, we would need to use the source and destination as criteria in the ACL, which is the main problem.
Would it be possible to create a service-policy on the edge access that shapes based on destination as-path? i.e. you shape traffic going to networks learned from a certain AS?
This can be achieved with QPPB. Have a look at f.e.
Hope this helps! Please use the rating system.
Just one more note here;
Remember that customers are subscribing to two different bandwidth classes; one for access to resources on the node which they are directly connected to, and one for accessing resources on the node on the other side of the LAN2LAN link.