Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MPLS questions for Service provider

Dear all,

Dear all,

1) Let say if one company subscribe to 128Kbps access (64Kpbs CAR) at branches and 2Mbps (with 1Mbps CAR) at HQ, what is the best way to show/produce a report if they ask service provider to show that they are really getting 64Kbps all the way from branch to HQ.

Is anyone here know about this. What is the best tools/software/router config required to fulfill this requirement.

2) MPLS use IP. If SP been attack by DDOS, this will of course will effect mpls vpn traffic. How you guys handle this type of question or solution that you are using.

Thanks a lot.



Re: MPLS questions for Service provider

I have read that the security provided by MPLS VPN is equivalent to that provided by Frame-relay or ATM networks. I think DoS attacks in MPLS based VPN is difficult because the spoofed packets for attack should enter the same interface to which the VRF of a customer is bound, for it to be forwarded to other sites of the customer. Since the customers are provided isolation based on separate VRFs, in the likelihood of a DoS attack, the attack is isolated only to a particular customer and other customers will not get affected.


Re: MPLS questions for Service provider

answer to 1. SP's like the one I work for use concord for those kind of stats that you are looking for.

answer to 2. The Dos attack is not just related to SP's. A customer for instance could have an internet connection hanging off the one of their own routers. This then gets attacked and distributes the routes into the SP's PE router. Hence the WHOLE router is in deep crap as the routing table will increase dramatically. To avoid this happening you should be asked how many routes you have in your "normal" routing table. The SP will then allow you to advertise "normal"*10%. If you go above that limit then the link will be shut down. This has two effects - 1. It protects YOU against a DOS attack in the SP domain and 2. It protects the SP from a Dos attack in the customers domain.


New Member

Re: MPLS questions for Service provider

Hello again,

1) we are having mpls based on LDP in our network and no TE or L2VPN inside. We do have Concord v5.0 and vpnsc2.0. Is there a feature available in Concord itself for us to produce the report. Do u have mode idea on how your network management team do it.

2) how SP monitor the increase in the routes and configure in IOS to shut the link if reach max value on routes. i never heard about this.

thanks buddy.

New Member

Re: MPLS questions for Service provider

For your question 2) the following command in the address-family configuration is used: -

neighbor (loopbackback address of the CE) maximum-prefix 500 90

This will tear down the session once it exceeds 90% of 500 (450).

neighbor (loopbackback address of the CE) maximum-prefix 500 90 warning-only

This verision of the command enables warning message logging once it exceeds 90% of 500 (450)


CreatePlease to create content