We are planning to have inter-as mpls vpn. We would like to configure policing for the customers on the inter-as link. As the inter-as link is a global interface on ASBRs how do we restrict the bandwidth for each vrf which passes over the link?
The beauty of MPLS to some extend is based on the label stack. A LSR does ONLY understand the top label. The VPN label in a MPLS VPN environment is only understood by the egress PE, which assigned it.
What you are asking is: How can I know the meaning of the second MPLS label in an intermediate LSR to differentiate between customers?
The answer imho is: you can?t.
What is possible to my knowledge is to use option 10a - VRF back-to-back and differentiating customers by subinterfaces.
Hm. Another option could be to setup a different LSP (BGP next hop) for each VRF and to combine it with static label mappings in the ASBRs. Still I am not sure a policer could match on certain label values. Besides, this would mean a LOT of administrative burden.
Hm. Another option: use experimental bits to differentiate traffic from different customers. Drawback: scales only up to 7 customers.
Hmm..so it is not possible to reserve bandwidth on a shared link. So the best option is to go for private interface for each VRF on ASBR as explained in RFC 4364.
I hope these restrictions will be addressed soon for a shared link. Maybe like present IXPs we can have MPLS Exchange points or inter-as mpls between the providers to save the cost of international TDM links... ;) ;)
1. Introduction Internet security is important with the increasing
attacks that are happening every day. Many internet and browsing
security solutions exist, but some are not very easy to use or maybe the
question is how can I enable them? In this referen...
Cisco Software Manager Server API Guide This document describes the
programmatic interfaces, RESTful APIs, which are supported by Cisco
Software Manager Server (CSM Server). Overview CSM Server supports a set
of finite RESTful APIs. The first step to use ...
If you are using Cisco's new linux-based Cisco Software Manager server,
then you probably want to make sure there is a startup service for
it.I'll assume that you've already installed the CSM server on a
systemd-based linux system. The commands given belo...