Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

MPLS VPN and Policing

Hi there, I have a question regarding MPLS VPN and Policing. Assume you have a RFC2547 VPN for a customer with 3 locations. Lets assume Central location has a 100 MBit connection to the PE and the two other locations (loc1 and loc2) have an E3 each. We are running eBGP between all PE and CEs. So far so good, but how can you ratelimit the input from the Central site at the connected PE towards loc1 and loc2 to 45 MBit each? CAR and MQC only allow to my knowledge rate limitting for traffic described by access-lists. However that is not sufficient, as the destination networks might change at any time (dynamic routing inside the VPN). Any ideas?

Would Policy propagation through BGP solve that? If so how?

Kind regards

Martin

4 REPLIES
Bronze

Re: MPLS VPN and Policing

Take a look at this URL http://www.cisco.com/univercd/cc/td/doc/product/wanbu/8850px45/rel21/rpmpr/21ch7.htm. It talks about label forwarding with the dynamic routes.

New Member

Re: MPLS VPN and Policing

Hi,

Considering that you have only 3 sites , may be you can use GRE Tunnel interface. Between spoke sites configure tunnel interface to hub router. Then configure so that all packets flows through the tunnel interface while going to spoke sites. You can use a routing protocol for this. Then put "rate limit " into this tunnel interfaces. In this way you can limit the traffic to 45Mb/each.

Regards

Mazhar

New Member

Re: MPLS VPN and Policing

I've never had the opportunity to implement QPPB for policing (yet!) but I've done similar things with MPLS-VPNs and BGP. If you're using BGP then could you use an inbound route-map on the neighbour statement (within the vrf) to tag all incoming routes with a "Site of Origin" SoO community. The SoO would be different for each remote location and could be used by QPPB at the central location's PE router to mark incoming packets from the CE in QoS groups or IP precedence levels. It should be straightforward to rate-limit these appropriately.....

New Member

Re: MPLS VPN and Policing

Hello,

Could you please clarify the statement "However that is not sufficient, as the destination networks might change at any time (dynamic routing inside the VPN)." I can't see how destination networks can change, they should remain constant?

Regards

Ian

288
Views
0
Helpful
4
Replies
CreatePlease to create content