Thank you for the response Lei.

I may need to coordinate other information with the provider. This is only the start of the project actually.

So far that is the information I have right now. I'll keep you posted.

If I may, have your implemented MPLS with QoS? May I ask for some tips and best practices?

Sample config would also be great.

Thank you!

Hi Jemel,

Lei is right that you are clearly missing some information at this point of time. The only reference on the web I could find for QVUR was 'Qwest VoIP Usage Ratio' but couldn't find out what their template priorities match up to (e.g. Voice, Best Effort etc).

With regards to MPLS with QoS. I think I understood from your post that you will be in charge of configuring the CE, in which case you won't be using MPLS Experimental Bits for QoS - that will be the job of your service provider to remark your DSCP tagged packets with the relevant MPLS EXP bits. Because of this, it shouldn't be anything you are not familiar with if you are happy with normal DSCP based WAN QoS.

Hi Jemel,

As Jamie said, you need to configure your CE router. So, you need to make sure your QoS model matches the SP QoS model. Sometime, you need to reclassify the packet when it leaves to SP. You want check with SP which DSCP value will map to which queue in their queueing model, so you can config accordingly. You might also want to confirm with SP whether they will keep your DSCP value when packet leaves PE.

HTH,

Lei Tian

Jamie, Lei,

That's some information. Well then off to configuring CE and coordinating with the ISP with regard to QoS.

Thank you guys! Much appreciated.

Regards,

Novice

Hi everyone,

We've decided to have the QoS configurations on default settings for now.

That leaves me to configure the CE's MPLS connection to other sites.

Which is pretty much complete.

May I ask if there are other security concerns that I should be configuring? 

CE Router should be accesible from the internet.

Is there anything else that I should be considering?

Thank you!

Hope to hear from you soon.

Hi Jemel,

MPLS VPN service has logical data separation, so there is some sort security build in for this service. Like other customer will not be able to access your data even it shares same physical wire with your data. However, if you dont trust the provider, then you should do data encryption on the private WAN links too. Lot customers are doing data encryption on private WAN links, technology like GET VPN or FlexVPN is prefect for providing ipsec encryption while still keep the any to any type of communication from MPLS.

HTH,

Lei Tian

Hi Lei,

Does this GETVPN or FLEXVPN affect any service?

Like are we expecting some degrade in network performance due to processing of packets?

Is CPU utilization greatly affected by these type of encryption?

In addition, I would like to access this device from the internet.

Is there any other consideration that I need to be aware of? - aside from defining the Public IP Address that supposed to have access to the define and put it in access-class of the line VTY?

Thank you.

Regards,

Jem

It will increase the CPU utilization, but will not affect your existing services, unless you are really pushing the limit. Nothing special needs to be considered for internet access, use AAA instead of local or enable for authentication.

HTH,

Lei Tian

Thank you Lei for sharing your ideas.

Much appreciated.

Regards,

Novice

Hi Joseph,

Thank you for the information.

What if we have the default FIFO, would it be of better setup if we have something different than the MPLS provider would give us? Something like LLQ maybe?

Regards,

Novice

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Whether you there's any advantage of having QoS different from what your MPLS provider has, depends on what your MPLS provider supports and the QoS capabilities of your equipment.  Often MPLS provider can also support LLQ, some providers charge extra for that though.

The only advantage of default FIFO (especially single queue FIFO) is its low resource overhead.