Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Policing on inter-as mpls

Hi,

We are planning to have inter-as mpls vpn. We would like to configure policing for the customers on the inter-as link. As the inter-as link is a global interface on ASBRs how do we restrict the bandwidth for each vrf which passes over the link?

Thanks,

Prakash

2 REPLIES

Re: Policing on inter-as mpls

Hi,

The beauty of MPLS to some extend is based on the label stack. A LSR does ONLY understand the top label. The VPN label in a MPLS VPN environment is only understood by the egress PE, which assigned it.

What you are asking is: How can I know the meaning of the second MPLS label in an intermediate LSR to differentiate between customers?

The answer imho is: you can?t.

What is possible to my knowledge is to use option 10a - VRF back-to-back and differentiating customers by subinterfaces.

Hm. Another option could be to setup a different LSP (BGP next hop) for each VRF and to combine it with static label mappings in the ASBRs. Still I am not sure a policer could match on certain label values. Besides, this would mean a LOT of administrative burden.

Hm. Another option: use experimental bits to differentiate traffic from different customers. Drawback: scales only up to 7 customers.

Regards, Martin

New Member

Re: Policing on inter-as mpls

Thanks Martin for your reply...

Hmm..so it is not possible to reserve bandwidth on a shared link. So the best option is to go for private interface for each VRF on ASBR as explained in RFC 4364.

I hope these restrictions will be addressed soon for a shared link. Maybe like present IXPs we can have MPLS Exchange points or inter-as mpls between the providers to save the cost of international TDM links... ;) ;)

Regards,

Prakash

118
Views
9
Helpful
2
Replies
CreatePlease login to create content