Hi there, I have a question regarding MPLS VPN and Policing. Assume you have a RFC2547 VPN for a customer with 3 locations. Lets assume Central location has a 100 MBit connection to the PE and the two other locations (loc1 and loc2) have an E3 each. We are running eBGP between all PE and CEs. So far so good, but how can you ratelimit the input from the Central site at the connected PE towards loc1 and loc2 to 45 MBit each? CAR and MQC only allow to my knowledge rate limitting for traffic described by access-lists. However that is not sufficient, as the destination networks might change at any time (dynamic routing inside the VPN). Any ideas?
Would Policy propagation through BGP solve that? If so how?
Considering that you have only 3 sites , may be you can use GRE Tunnel interface. Between spoke sites configure tunnel interface to hub router. Then configure so that all packets flows through the tunnel interface while going to spoke sites. You can use a routing protocol for this. Then put "rate limit " into this tunnel interfaces. In this way you can limit the traffic to 45Mb/each.
I've never had the opportunity to implement QPPB for policing (yet!) but I've done similar things with MPLS-VPNs and BGP. If you're using BGP then could you use an inbound route-map on the neighbour statement (within the vrf) to tag all incoming routes with a "Site of Origin" SoO community. The SoO would be different for each remote location and could be used by QPPB at the central location's PE router to mark incoming packets from the CE in QoS groups or IP precedence levels. It should be straightforward to rate-limit these appropriately.....
Could you please clarify the statement "However that is not sufficient, as the destination networks might change at any time (dynamic routing inside the VPN)." I can't see how destination networks can change, they should remain constant?
The Cisco EPN system incorporates a network architecture designed to consolidate multiples services on a single Multiprotocol Label Switching (MPLS) transport network. This network is designed primarily based on Application Engineered...
Internet security is important with the increasing attacks that are happening every day. Many internet and browsing security solutions exist, but some are not very easy to use or maybe the question is how can I enable them?
Cisco Software Manager Server
This document describes the programmatic interfaces, RESTful APIs, which are supported by Cisco Software Manager Server (CSM Server).
CSM Server supports a set of finite RESTful APIs. The fir...