Помогите разрешить следующую задачу.
Есть два города. В обоих стоит 7206. Между ними организован прямой физический канал, поднят BGP, MPLS.Мы предоставляем услуги VPN для клиентов. Выглядит это как создание vrf для каждой сети клиента.
Есть также клиенты, для которых необходимо организовать свою выделенную сеть не только внутри города, но и между ними.С этим проблем не возникло. В настройках BGP прописал на обоих роутерах этот vrf.
Клиенты друг друга видят.
Собственно вопрос - как можно ограничить скорость на промежутке между роутерами в этом vrf? что можно использовать?
На этом участке ходит MPLS, может можно его как то применить?
>[оверквотинг удален]
>каждой сети клиента.
>Есть также клиенты, для которых необходимо организовать свою выделенную сеть не только
>внутри города, но и между ними.
>
>С этим проблем не возникло. В настройках BGP прописал на обоих роутерах
>этот vrf.
>Клиенты друг друга видят.
>Собственно вопрос - как можно ограничить скорость на промежутке между роутере в
>этом vrf? что можно использовать?
>На этом участке ходит MPLS, может можно его как то применить?Самое простое - ограничьте скорость на интерфейсах которые принадлежат
этому vrf c обех сторон.
>[оверквотинг удален]
>>
>>С этим проблем не возникло. В настройках BGP прописал на обоих роутерах
>>этот vrf.
>>Клиенты друг друга видят.
>>Собственно вопрос - как можно ограничить скорость на промежутке между роутере в
>>этом vrf? что можно использовать?
>>На этом участке ходит MPLS, может можно его как то применить?
>
> Самое простое - ограничьте скорость на интерфейсах которые принадлежат
> этому vrf c обех сторон.Если имеете ввиду ограничить скорость на интерфейсах, которые смотрят на другой город - то
это подходит. Так как помимо этого vrf, там еще много чего ходит.
>[оверквотинг удален]
>>>этом vrf? что можно использовать?
>>>На этом участке ходит MPLS, может можно его как то применить?
>>
>> Самое простое - ограничьте скорость на интерфейсах которые принадлежат
>> этому vrf c обех сторон.
>
>Если имеете ввиду ограничить скорость на интерфейсах, которые смотрят на другой город
>- то
>это подходит. Так как помимо этого vrf, там еще много чего ходит.
>Не понял, именно на интерфейсах, которые принадлежат vrf-у надо настроить poicing на вход.
>[оверквотинг удален]
>>> Самое простое - ограничьте скорость на интерфейсах которые принадлежат
>>> этому vrf c обех сторон.
>>
>>Если имеете ввиду ограничить скорость на интерфейсах, которые смотрят на другой город
>> - то
>>это подходит. Так как помимо этого vrf, там еще много чего ходит.
>>
>
> Не понял, именно на интерфейсах, которые принадлежат vrf-у надо настроить poicing
>на вход.На роутерах в vrf-е настроены интерфейсы, только которые смотрят в город, к клиенту. Скорость внутри города и между городами у них может отличаться.
Вот куски конфига:br-1
----
ip vrf Test
rd xxxx:33
route-target export xxxx:33
route-target import xxxx:33----
interface GigabitEthernet0/3.598
encapsulation dot1Q 598
ip vrf forwarding Test
ip address 10.0.1.1 255.255.255.248
no snmp trap link-status
traffic-shape rate 1000000 25000 25000 1000interface GigabitEthernet0/3.597
encapsulation dot1Q 597
ip vrf forwarding Test
ip address 10.0.3.1 255.255.255.248
no snmp trap link-status
traffic-shape rate 1000000 25000 25000 1000
no cdp enable
----router bgp xxxx
bgp always-compare-med
no bgp enforce-first-as
bgp log-neighbor-changes
neighbor TEST peer-group
neighbor TEST remote-as xxxx
neighbor TEST ebgp-multihop 5
neighbor TEST update-source Loopback0
neighbor TEST version 4
neighbor 1.1.1.1 peer-group AIST-TEST
maximum-paths 16
maximum-paths ibgp 16
!
address-family ipv4
neighbor AIST-TEST send-community both
neighbor AIST-TEST next-hop-self
neighbor AIST-TEST soft-reconfiguration inbound
neighbor 1.1.1.1 activate
maximum-paths 16
maximum-paths ibgp 16
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor TEST send-community extended
neighbor 1.1.1.1 activate
exit-address-family
!
address-family ipv4 vrf Test
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
br-2
----
ip vrf Test
rd xxxx:33
route-target export xxxx:33
route-target import xxxx:33
----interface GigabitEthernet0/1.3333
encapsulation dot1Q 3333
ip vrf forwarding Test
ip address 10.0.2.1 255.255.255.248
no snmp trap link-status
no cdp enableу клиента 10.0.2.2
----router bgp xxxx
bgp always-compare-med
no bgp enforce-first-as
bgp log-neighbor-changes
neighbor TEST peer-group
neighbor TEST remote-as xxxx
neighbor TEST ebgp-multihop 5
neighbor TEST update-source Loopback0
neighbor TEST version 4
neighbor 2.2.2.1 peer-group AIST-TEST
maximum-paths 16
maximum-paths ibgp 16
!
address-family ipv4
neighbor AIST-TEST send-community both
neighbor AIST-TEST next-hop-self
neighbor AIST-TEST soft-reconfiguration inbound
neighbor 1.1.1.1 activate
maximum-paths 16
maximum-paths ibgp 16
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor TEST send-community extended
neighbor 2.2.2.1 activate
exit-address-family
!
address-family ipv4 vrf Test
redistribute connected
no auto-summary
no synchronization
exit-address-family
!br-1#sh ip route vrf Test
Routing Table: Test
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static routeGateway of last resort is not set
10.0.0.0/29 is subnetted, 2 subnets
B 10.0.2.0 [200/0] via 2.2.2.1, 3d08h
C 10.0.3.0 is directly connected, GigabitEthernet0/3.597
C 10.0.0.0 is directly connected, GigabitEthernet0/3.598
br-1#
>[оверквотинг удален]
>Gateway of last resort is not set
>
> 10.0.0.0/29 is subnetted, 2 subnets
>B 10.0.2.0 [200/0] via 2.2.2.1, 3d08h
>
>C 10.0.3.0 is directly connected, GigabitEthernet0/3.597
>
>C 10.0.0.0 is directly connected, GigabitEthernet0/3.598
>
>br-1#Понятно, то что я вам предложил ограничит скорсть и внутри города и между городами.
А если хотите чтобы ограничения действовали только на магистрали - то вам
сюда: TE,RSVP и много чего.
>[оверквотинг удален]
>>
>>C 10.0.0.0 is directly connected, GigabitEthernet0/3.598
>>
>>br-1#
>
> Понятно, то что я вам предложил ограничит скорсть и внутри города
>и между городами.
> А если хотите чтобы ограничения действовали только на магистрали - то
>вам
> сюда: TE,RSVP и много чего.Я так и думал что в сторону трафик инжиниринга копать надо. Но даже начать не знаю с чего.
Точнее пробовал поднять туннель в режиме "mpls traffic-eng". Он как нистранно у меня даже поднялся, но что с ним дальше делать не понимаю. :(
>[оверквотинг удален]
>>и между городами.
>> А если хотите чтобы ограничения действовали только на магистрали - то
>>вам
>> сюда: TE,RSVP и много чего.
>
>Я так и думал что в сторону трафик инжиниринга копать надо. Но
>даже начать не знаю с чего.
>Точнее пробовал поднять туннель в режиме "mpls traffic-eng". Он как нистранно у
>меня даже поднялся, но что с ним дальше делать не понимаю.
>:(Читать на cisco.com "MPLS and traffic engineering" :)
>[оверквотинг удален]
>>>вам
>>> сюда: TE,RSVP и много чего.
>>
>>Я так и думал что в сторону трафик инжиниринга копать надо. Но
>>даже начать не знаю с чего.
>>Точнее пробовал поднять туннель в режиме "mpls traffic-eng". Он как нистранно у
>>меня даже поднялся, но что с ним дальше делать не понимаю.
>>:(
>
> Читать на cisco.com "MPLS and traffic engineering" :)http://www.cisco.com/en/US/docs/switches/metro/catalyst3750m...
Я уже весь мозг себе убил этим. ((
Может кто на практике делал так?
Создал тунель как по инструкции.
На другой циске он поднялся. Попробовал прописать маршрут статикой в этот тунель. Работает даже, трафик через него ходит. Но вот как связать все это с vrf никак не пойму(
>Я уже весь мозг себе убил этим. ((
>Может кто на практике делал так?
>Создал тунель как по инструкции.
>На другой циске он поднялся. Попробовал прописать маршрут статикой в этот тунель.
>Работает даже, трафик через него ходит. Но вот как связать все
>это с vrf никак не пойму(тут 5 роутера
CE1---R1-------R2--CE2
| |
P-------+
2 туннеля. Tu0 R1->R2
Tu1 R1->P->R2
нижу статья как это типа сделать
у меня не получилось может у тебя получится
_____________________________________________________________________________________
Case Study: MPLS VPN QoS Design (CE/PE/P Routers)
Figure 15-22. Case Study: MPLS VPN QoS Design Example Details[View full size image]
In Example 15-29, it is assumed that traffic has been marked correctly on campus/branch switches before it arrives at the CE LAN edges. Where such an assumption is invalid, ingress LAN edge marking policies, discussed in Chapter 14, "Branch Router QoS Design," can be applied to the CE LAN edges. Additionally, it has been assumed that there are no unidirectional applications in this example.
Queuing and marking policies for a five-class provider-edge model have been applied on CE edges.
On ingress, SP XYZ applies a five-class short pipe MPLS DiffServ tunneling mode policer to identify (through MPLS EXP values) traffic that is in contract or out-of-contract. DiffServ policies are applied throughout the MPLS VPN core, and MPLS DS-TE also is provisioned for voice traffic to geographically adjacent CEs. On egress, SP XYZ applies a five-class provider-edge model, which is based on the customer's DiffServ markings. In this example, company ABC, Inc., fits service provider XYZ's customer Blue profile.
The configuration for this example spans six routers: Blue-CE1, Blue-CE2, Red-CE1, Red-CE2, PE1, PE2, and P router. However, because CE configurations are virtually identical, only one is presented here (Blue-CE1see Example 15-29), along with the configurations for PE1 (see Example 15-30), PE2 (see Example 15-31), and the P router (see Example 15-32).
Example 15-29. Blue-CE1 Case Study MPLS VPN QoS Design Example
!
hostname CE1-BLUE
!
ip cef ! IP CEF is required for Packet Marking
!
class-map match-all ROUTING
match ip dscp cs6
class-map match-all VOICE
match ip dscp ef
class-map match-all INTERACTIVE-VIDEO
match ip dscp af41
class-map match-all STREAMING-VIDEO
match ip dscp cs4
class-map match-all MISSION-CRITICAL-DATA
match ip dscp 25
class-map match-any CALL-SIGNALING
match ip dscp af31
match ip dscp cs3
class-map match-all TRANSACTIONAL-DATA
match ip dscp af21
class-map match-all BULK-DATA
match ip dscp af11
class-map match-all NETWORK-MANAGEMENT
match ip dscp cs2
class-map match-all SCAVENGER
match ip dscp cs1
!
!
policy-map CE-FIVE-CLASS-SP-MODEL
class ROUTING
bandwidth percent 3 ! Routing is assigned (by default) to Critical SP class
class VOICE
priority percent 18 ! Voice is admitted to Realtime SP class
class INTERACTIVE-VIDEO
priority percent 15
set ip dscp cs5 ! Interactive-Video is assigned to the Realtime SP class
class STREAMING-VIDEO
bandwidth percent 13
set ip dscp af21 ! Streaming-Video is assigned to the Video SP class
class CALL-SIGNALING
priority percent 2 ! Call-Signaling gets LLQ for this scenario
set ip dscp cs5 ! Call-Signaling is assigned to the Realtime SP class
class MISSION-CRITICAL-DATA
bandwidth percent 12
random-detect
set ip dscp af31 ! MC Data is assigned to the Critical SP class
class TRANSACTIONAL-DATA
bandwidth percent 5
random-detect
set ip dscp cs3 ! Transactional Data is assigned to Critical SP class
class NETWORK-MANAGEMENT
bandwidth percent 2 ! Net Mgmt (mainly UDP) is admitted to Video SP class
class BULK-DATA
bandwidth percent 5 ! Bulk Data is assigned to Bulk SP class
random-detect
class SCAVENGER
bandwidth percent 1
set ip dscp 0
class class-default
bandwidth percent 24
random-detect
!
!
policy-map CE-LAN-EDGE-OUT
class class-default
set cos dscp ! Enables default DSCP-to-CoS Mapping
!
!
interface FastEthernet0/0
description TO CAT3500 BRANCH ACCESS-SWITCH
no ip address
!
interface FastEthernet0/0.11
description DLVAN SUBNET 10.1.1.0
encapsulation dot1Q 11
ip address 10.1.1.1 255.255.255.0
service-policy output CE-LAN-EDGE-OUT ! Restores CoS for Data VLAN
!
!
interface FastEthernet0/0.101
description VVLAN SUBNET 10.1.101.0
encapsulation dot1Q 101
ip address 10.1.101.1 255.255.255.0
service-policy output CE-LAN-EDGE-OUT ! Restores CoS on Voice VLAN
!
!
interface ATM1/0
no ip address
no atm ilmi-keepalive
ima-group 1
no scrambling-payload
!
interface ATM1/1
no ip address
no atm ilmi-keepalive
ima-group 1
no scrambling-payload
!
!
interface ATM1/IMA1
no ip address
no atm ilmi-keepalive
!
interface ATM1/IMA1.20 point-to-point
description Dual-T1 ATM IMA Link to PE1
ip address 10.20.1.1 255.255.255.252
pvc 0/120
vbr-nrt 3072 3072
max-reserved-bandwidth 100 ! Overrides 75% BW limit
service-policy output CE-FIVE-CLASS-SP-MODEL ! Applies 5-Class CE-PE Model
!
!
router bgp 10
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 10.20.1.2 remote-as 100
no auto-summary
!
!Example 15-30. PE1 Case Study MPLS VPN QoS Design Example
!
hostname PE1
!
!
ip vrf BLUE ! BLUE MPLS VPN Definition
rd 100:1
route-target export 100:1
route-target import 100:1
!
ip vrf RED ! RED MPLS VPN Definition
rd 150:1
route-target export 150:1
route-target import 150:1
!
ip cef
mpls ldp logging neighbor-changes
mpls traffic-eng tunnels ! Enables MPLS TE globally
!
!
!
class-map match-any REALTIME
match ip dscp ef
match ip dscp cs5
class-map match-any CRITICAL-DATA
match ip dscp cs6
match ip dscp af31
match ip dscp cs3
class-map match-any VIDEO
match ip dscp af21
match ip dscp cs2
class-map match-any BULK-DATA
match ip dscp af11
match ip dscp cs1
class-map match-all CORE-REALTIME
match mpls experimental topmost 5 ! Identifies in-contract Realtime
class-map match-all CORE-CRITICAL-DATA
match mpls experimental topmost 3 ! Identifies in-contract Critical-Data
match mpls experimental topmost 7 ! Identifies out-of-contract Critical Data
match mpls experimental topmost 2 ! Identifies in-contract Video
match mpls experimental topmost 1 ! Identifies in-contract Bulk
match mpls experimental topmost 6 ! Identifies out-of-contract Bulk
!
!
policy-map PE-FIVE-CLASS-SHORT-PIPE-MARKING
claexceed-action set-mpls-exp-topmost-transmit 7
police cir 1050000
conform-action set-mpls-exp-topmost-transmit 5 ! Conforming RT set to 5
exceed-action drop ! Excess Realtime is dropped
class CRITICAL-DATA
police cir 600000
conform-action set-mpls-exp-topmost-transmit 3 ! Critical Data set to 3
exceed-action set-mpls-exp-topmost-transmit 7 ! Excess Critical set 7
class VIDEO
police cir 450000
conform-action set-mpls-exp-topmost-transmit 2 ! Conforming Video set to 2
exceed-action drop ! Excess Video dropped
class BULK-DATA
police cir 150000
conform-action set-mpls-exp-topmost-transmit 1 ! Conforming Bulk set to 1
exceed-action set-mpls-exp-topmost-transmit 6 ! Excess Bulk set to 6
class class-default
police cir 750000
conform-action set-mpls-exp-topmost-transmit 0 ! Conforming BE set to 0
exceed-action set-mpls-exp-topmost-transmit 4 ! Excess BE set to 4
!
!
policy-map PE-FIVE-CLASS-SP-MODEL
class REALTIME
priority percent 35 ! Realtime SP class gets 35% LLQ
class CRITICAL-DATA
bandwidth percent 20 ! Critical-Data SP class gets 40% CBWFQ
random-detect dscp-based ! DSCP-based WRED enabled on class
class VIDEO
bandwidth percent 15 ! Video SP class gets 15% CBWFQ
random-detect dscp-based ! DSCP-based WRED enabled on "Video" SP class
class BULK-DATA
bandwidth percent 5 ! Bulk Data SP class gets 15% CBWFQ
random-detect dscp-based ! DSCP-based WRED enabled on Bulk Data SP class
class class-default
bandwidth percent 25 ! Best Effort SP class gets 25% CBWFQ
random-detect ! WRED enabled on Best Effort SP class
!
!
policy-map CORE-THREE-CLASS-SP-MODEL
class CORE-REALTIME
priority percent 35 ! CORE-REALTIME gets 35% LLQ
class CORE-CRITICAL-DATA
bandwidth percent 55 ! CORE-CRITICAL gets 55% CBWFQ
class class-default
fair-queue ! CORE-BEST-EFFORT gets FQ
!
!
interface Loopback0 ! Loopback interface for MPLS TE RID
ip address 20.1.1.1 255.255.255.255
!
interface Tunnel0
description TUNNEL0 (PE1=>PE2)
ip unnumbered Loopback0
tunnel destination 20.2.2.2
tunnel mode mpls traffic-eng ! Enables MPLS TE on tunnel
tunnel mpls traffic-eng priority 0 0 ! Best priority
tunnel mpls traffic-eng bandwidth sub-pool 54250 ! Assigns sub-pool
tunnel mpls traffic-eng path-option 1 explicit name TUNNEL0
!
interface Tunnel1
description TUNNEL1 (PE1=>P=>PE2)
ip unnumbered Loopback0
tunnel destination 20.2.2.2
tunnel mode mpls traffic-eng ! Enables MPLS TE
tunnel mpls traffic-eng priority 7 7 ! Worst priority
tunnel mpls traffic-eng bandwidth 77500 ! Assigns global pool
tunnel mpls traffic-eng path-option 1 explicit name TUNNEL1
!
!
interface ATM2/0
no ip address
ima-group 1
!
interface ATM2/1
no ip address
ima-group 1
!
interface ATM2/ima1
no ip address
no atm ilmi-keepalive
!
interface ATM2/ima1.20 point-to-point
description Dual-T1 ATM IMA Link to Blue CE1
ip vrf forwarding BLUE
ip address 10.20.1.2 255.255.255.252
pvc 0/120
vbr-nrt 3072 3072
max-reserved-bandwidth 100 ! Overrides 75% BW
service-policy input PE-FIVE-CLASS-SHORT-PIPE-MARKING ! Short Pipe Marking
service-policy output PE-FIVE-CLASS-SP-MODEL ! Egress policy to CE
!
!
interface ATM2/2
no ip address
ima-group 2
!
interface ATM2/ima2
no ip address
no atm ilmi-keepalive
!
interface ATM2/ima2.20 point-to-point
description Dual-T1 ATM IMA Link to Red CE1
ip vrf forwarding RED
ip address 10.20.1.2 255.255.255.252
pvc 0/220
vbr-nrt 3072 3072
max-reserved-bandwidth 100 ! Overrides 75% BW
service-policy input PE-FIVE-CLASS-SHORT-PIPE-MARKING ! Short Pipe Marking
service-policy output PE-FIVE-CLASS-SP-MODEL ! Egress policy to CE
!
!
interface ATM2/3
no ip address
ima-group 2
!
!
interface POS5/0
description PE1=>PE2 POS Link
ip address 20.1.12.1 255.255.255.252
max-reserved-bandwidth 100 ! Overrides 75% BW limit
service-policy output CORE-THREE-CLASS-SP-MODEL ! Applies Core DS policies
mpls traffic-eng tunnels ! Enables MPLS TE on int
tag-switching ip
ip rsvp bandwidth 77500 sub-pool 54250 ! Assigns sub-pool BW
!
interface POS6/0
description PE1=>P-Router (Core) POS Link
ip address 20.1.13.1 255.255.255.252
max-reserved-bandwidth 100 ! Overrides 75% BW limit
service-policy output CORE-THREE-CLASS-SP-MODEL ! Applies Core DS policies
mpls traffic-eng tunnels ! Enables MPLS TE on int
tag-switching ip
ip rsvp bandwidth 77500 77500 ! Assigns global-pool BW
!
router ospf 100
mpls traffic-eng router-id Loopback0 ! MPLS TE RID
mpls traffic-eng area 0 ! Enables OSPF area 0 for MPLS TE
log-adjacency-changes
redistribute connected subnets
network 20.1.12.0 0.0.0.3 area 0
network 20.1.13.0 0.0.0.3 area 0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 20.2.2.2 remote-as 100
neighbor 20.2.2.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 20.2.2.2 activate
neighbor 20.2.2.2 send-community extended
neighbor 20.2.2.2 route-map TUNNEL-ASSIGNMENT in ! Applies BGP PBR
exit-address-family
!
address-family ipv4 vrf RED
redistribute connected
neighbor 10.20.1.1 remote-as 15
neighbor 10.20.1.1 activate
neighbor 10.20.1.1 default-originate
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf BLUE
redistribute connected
neighbor 10.20.1.1 remote-as 10
neighbor 10.20.1.1 activate
neighbor 10.20.1.1 default-originate
no auto-summary
no synchronization
exit-address-family
ip extcommunity-list 2 permit rt 150:1
ip classless
ip route 16.16.16.16 255.255.255.255 Tunnel0 ! Static route for Tunnel 0
ip route 17.17.17.17 255.255.255.255 Tunnel1 ! Static route for Tunnel 1
!
ip extcommunity-list 1 permit rt 100:1 ! Identifies Blue VPN by RT
ip extcommunity-list 2 permit rt 150:1 ! Identifies Red VPN by RT
ip bgp-community new-format
!
ip explicit-path name TUNNEL0 enable ! Defines explicit path for Tu0
next-address 20.1.12.2
!
ip explicit-path name TUNNEL1 enable ! Defines explicit path for Tu1
next-address 20.1.13.2
next-address 20.1.23.1
!
access-list 1 permit 10.2.102.0 0.0.0.255 ! Identifies (Blue) Voice-VLAN
access-list 2 permit 10.2.2.0 0.0.0.255 ! Identifies (Blue) Data-VLAN
access-list 2 permit 10.20.2.0 0.0.0.3 ! Identifies (Blue) PE-CE link
access-list 3 permit 10.2.102.0 0.0.0.255 ! Identifies (Red) Voice-VLAN
access-list 3 permit 10.2.2.0 0.0.0.255 ! Identifies (Red) Data-VLAN
access-list 3 permit 10.20.2.0 0.0.0.3 ! Identifies (Red) PE-CE Link
!
route-map TUNNEL-ASSIGNMENT permit 10
match ip address 1 ! Matches Voice-VLAN subnet
match extcommunity 1 ! Matches Blue VPN RT
set ip next-hop 16.16.16.16 ! Sets BGP Next-Hop to 16.16.16.16
!
route-map TUNNEL-ASSIGNMENT permit 20
match ip address 2 ! Matches other (Blue) subnets
match extcommunity 1 ! Matches Blue VPN RT
set ip next-hop 17.17.17.17 ! Sets BGP Next-Hop to 17.17.17.17
!
route-map TUNNEL-ASSIGNMENT permit 30
match ip address 3 ! Matches all (Red) subnets
match extcommunity 2 ! Matches Red VPN RT
set ip next-hop 17.17.17.17 ! Sets BGP Next-Hop to 17.17.17.17
!
!Example 15-31 shows the configuration for the second PE router for this MPLS VPN QoS design case study example.
Example 15-31. PE2 Case Study MPLS VPN QoS Design Example
!
hostname PE2
!
!
ip vrf BLUE ! BLUE MPLS VPN Definition
rd 100:1
route-target export 100:1
route-target import 100:1
!
ip vrf RED ! RED MPLS VPN Definition
rd 150:1
route-target export 150:1
route-target import 150:1
!
ip cef
mpls ldp logging neighbor-changes
mpls traffic-eng tunnels ! Enables MPLS TE globally
!
!
!
class-map match-any REALTIME
match ip dscp ef
match ip dscp cs5
class-map match-any CRITICAL-DATA
match ip dscp cs6
match ip dscp af31
match ip dscp cs3
class-map match-any VIDEO
match ip dscp af21
match ip dscp cs2
class-map match-any BULK-DATA
match ip dscp af11
match ip dscp cs1
class-map match-all CORE-REALTIME
match mpls experimental topmost 5 ! Identifies in-contract Realtime
class-map match-all CORE-CRITICAL-DATA
match mpls experimental topmost 3 ! Identifies in-contract Critical-Data
match mpls experimental topmost 7 ! Identifies out-of-contract Critical Data
match mpls experimental topmost 2 ! Identifies in-contract Video
match mpls experimental topmost 1 ! Identifies in-contract Bulk
match mpls experimental topmost 6 ! Identifies out-of-contract Bulk
!
!
policy-map PE-FIVE-CLASS-SHORT-PIPE-MARKING
class REALTIME
police cir 1050000
conform-action set-mpls-exp-topmost-transmit 5 ! Conforming RT set to 5
exceed-action drop ! Excess Realtime is dropped
class CRITICAL-DATA
police cir 600000
conform-action set-mpls-exp-topmost-transmit 3 ! Critical Data set to 3
exceed-action set-mpls-exp-topmost-transmit 7 ! Excess Critical set 7
class VIDEO
police cir 450000
conform-action set-mpls-exp-topmost-transmit 2 ! Conforming Video set to 2
exceed-action drop ! Excess Video dropped
class BULK-DATA
police cir 150000
conform-action set-mpls-exp-topmost-transmit 1 ! Conforming Bulk set to 1
exceed-action set-mpls-exp-topmost-transmit 6 ! Excess Bulk set to 6
class class-default
police cir 750000
conform-action set-mpls-exp-topmost-transmit 0 ! Conforming BE set to 0
exceed-action set-mpls-exp-topmost-transmit 4 ! Excess BE set to 4
!
!
policy-map PE-FIVE-CLASS-SP-MODEL
class REALTIME
priority percent 35 ! Realtime SP class gets 35% LLQ
class CRITICAL-DATA
bandwidth percent 20 ! Critical-Data SP class gets 40% CBWFQ
random-detect dscp-based ! DSCP-based WRED enabled on class
class VIDEO
bandwidth percent 15 ! Video SP class gets 15% CBWFQ
random-detect dscp-based ! DSCP-based WRED enabled on "Video" SP class
class BULK-DATA
bandwidth percent 5 ! Bulk Data SP class gets 15% CBWFQ
random-detect dscp-based ! DSCP-based WRED enabled on Bulk Data SP class
class class-default
bandwidth percent 25 ! Best Effort SP class gets 25% CBWFQ
random-detect ! WRED enabled on Best Effort SP class
!
!
policy-map CORE-THREE-CLASS-SP-MODEL
class CORE-REALTIME
priority percent 35 ! CORE-REALTIME gets 35% LLQ
class CORE-CRITICAL-DATA
bandwidth percent 55 ! CORE-CRITICAL gets 55% CBWFQ
class class-default
fair-queue ! CORE-BEST-EFFORT gets WFQ
!
!
interface Loopback0 ! Loopback interface for MPLS TE RID
ip address 20.2.2.2 255.255.255.255
!
interface Tunnel0
description TUNNEL0 (PE2=>PE1)
ip unnumbered Loopback0
tunnel destination 20.1.1.1
tunnel mode mpls traffic-eng ! Enables MPLS TE on tunnel
tunnel mpls traffic-eng priority 0 0 ! Best priority
tunnel mpls traffic-eng bandwidth sub-pool 54250 ! Assigns sub-pool
tunnel mpls traffic-eng path-option 1 explicit name TUNNEL0
!
interface Tunnel1
description TUNNEL1 (PE2=>P=>PE1)
ip unnumbered Loopback0
tunnel destination 20.1.1.1
tunnel mode mpls traffic-eng ! Enables MPLS TE
tunnel mpls traffic-eng priority 7 7 ! Worst priority
tunnel mpls traffic-eng bandwidth 77500 ! Assigns global pool
tunnel mpls traffic-eng path-option 1 explicit name TUNNEL1
!
!
interface ATM2/0
no ip address
ima-group 1
!
interface ATM2/1
no ip address
ima-group 1
!
interface ATM2/ima1
no ip address
no atm ilmi-keepalive
!
interface ATM2/ima1.20 point-to-point
description Dual-T1 ATM IMA Link to Blue CE2
ip vrf forwarding BLUE
ip address 10.20.2.2 255.255.255.252
pvc 0/120
vbr-nrt 3072 3072
max-reserved-bandwidth 100 ! Overrides 75% BW
service-policy input PE-FIVE-CLASS-SHORT-PIPE-MARKING ! Short Pipe Marking
service-policy output PE-FIVE-CLASS-SP-MODEL ! Egress policy to CE
!
!
interface ATM2/2
no ip address
ima-group 2
!
interface ATM2/ima2
no ip address
no atm ilmi-keepalive
!
interface ATM2/ima2.20 point-to-point
description Dual-T1 ATM IMA Link to Red CE2
ip vrf forwarding RED
ip address 10.20.2.2 255.255.255.252
pvc 0/220
vbr-nrt 3072 3072
max-reserved-bandwidth 100 ! Overrides 75% BW
service-policy input PE-FIVE-CLASS-SHORT-PIPE-MARKING ! Short Pipe Marking
service-policy output PE-FIVE-CLASS-SP-MODEL ! Egress policy to CE
!
!
interface POS5/0
description PE2=>PE1 POS Link
ip address 20.1.12.2 255.255.255.252
max-reserved-bandwidth 100 ! Overrides 75% BW limit
service-policy output CORE-THREE-CLASS-SP-MODEL ! Applies Core DS policies
mpls traffic-eng tunnels ! Enables MPLS TE on int
tag-switching ip
ip rsvp bandwidth 77500 sub-pool 54250 ! Assigns sub-pool BW
!
interface POS6/0
description PE2=>P-Router (Core) POS Link
ip address 20.1.23.1 255.255.255.252
max-reserved-bandwidth 100 ! Overrides 75% BW limit
service-policy output CORE-THREE-CLASS-SP-MODEL ! Applies Core DS policies
mpls traffic-eng tunnels ! Enables MPLS TE on int
tag-switching ip
ip rsvp bandwidth 77500 77500 ! Assigns global-pool BW
!
router ospf 100
mpls traffic-eng router-id Loopback0 ! MPLS TE RID
mpls traffic-eng area 0 ! Enables OSPF area 0 for MPLS TE
log-adjacency-changes
redistribute connected subnets
network 20.1.12.0 0.0.0.3 area 0
network 20.1.23.0 0.0.0.3 area 0
!
router bgp 100
no synchronization
bgp log-neighbor-changes
redistribute connected
neighbor 20.1.1.1 remote-as 100
neighbor 20.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 20.1.1.1 activate
neighbor 20.1.1.1 send-community extended
neighbor 20.1.1.1 route-map TUNNEL-ASSIGNMENT in ! Applies BGP PBR
exit-address-family
!
address-family ipv4 vrf RED
redistribute connected
neighbor 10.20.2.1 remote-as 15
neighbor 10.20.2.1 activate
neighbor 10.20.2.1 default-originate
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf BLUE
redistribute connected
neighbor 10.20.2.1 remote-as 10
neighbor 10.20.2.1 activate
neighbor 10.20.2.1 default-originate
no auto-summary
no synchronization
exit-address-family
!
ip classless
ip route 18.18.18.18 255.255.255.255 Tunnel0 ! Static route for Tunnel 0
ip route 19.19.19.19 255.255.255.255 Tunnel1 ! Static route for Tunnel 1
!
ip extcommunity-list 1 permit rt 100:1 ! Identifies Blue VPN by RT
ip extcommunity-list 2 permit rt 150:1 ! Identifies Red VPN by RT
ip bgp-community new-format
!
ip explicit-path name TUNNEL0 enable ! Defines explicit path for Tu0
next-address 20.1.12.1
!
ip explicit-path name TUNNEL1 enable ! Defines explicit path for Tu1
next-address 20.1.23.2
next-address 20.1.13.1
!
access-list 1 permit 10.1.101.0 0.0.0.255 ! Identifies (Blue) Voice-VLAN
access-list 2 permit 10.1.1.0 0.0.0.255 ! Identifies (Blue) Data-VLAN
access-list 2 permit 10.20.1.0 0.0.0.3 ! Identifies (Blue) PE-CE link
access-list 3 permit 10.1.101.0 0.0.0.255 ! Identifies (Red) Voice-VLAN
access-list 3 permit 10.1.1.0 0.0.0.255 ! Identifies (Red) Data-VLAN
access-list 3 permit 10.20.1.0 0.0.0.3 ! Identifies (Red) PE-CE Link
!
route-map TUNNEL-ASSIGNMENT permit 10
match ip address 1 ! Matches Voice-VLAN subnet
match extcommunity 1 ! Matches Blue VPN RT
set ip next-hop 18.18.18.18 ! Sets BGP Next-Hop to 18.18.18.18
!
route-map TUNNEL-ASSIGNMENT permit 20
match ip address 2 ! Matches other (Blue) subnets
match extcommunity 1 ! Matches Blue VPN RT
set ip next-hop 19.19.19.19 ! Sets BGP Next-Hop to 19.19.19.19
!
route-map TUNNEL-ASSIGNMENT permit 30
match ip address 3 ! Matches all (Red) subnets
match extcommunity 2 ! Matches Red VPN RT
set ip next-hop 19.19.19.19 ! Sets BGP Next-Hop to 19.19.19.19
!
!The configuration for the P router for this MPLS VPN QoS design case-study example is shown in Example 15-32.
Example 15-32. P-Router Case Study MPLS VPN QoS Design Example
!
hostname P-Router
!
!
ip cef
mpls ldp logging neighbor-changes
mpls traffic-eng tunnels ! MPLS TE is enabled globally
!
!
class-map match-all CORE-REALTIME
match mpls experimental topmost 5 ! Identifies in-contract Realtime
class-map match-all CORE-CRITICAL-DATA
match mpls experimental topmost 3 ! Identifies in-contract Critical-Data
match mpls experimental topmost 7 ! Identifies out-of-contract Critical Data
match mpls experimental topmost 2 ! Identifies in-contract Video
match mpls experimental topmost 1 ! Identifies in-contract Bulk
match mpls experimental topmost 6 ! Identifies out-of-contract Bulk
!
!
policy-map CORE-THREE-CLASS-SP-MODEL
class CORE-REALTIME
priority percent 35 ! CORE-REALTIME gets 35% LLQ
class CORE-CRITICAL-DATA
bandwidth percent 55 ! CORE-CRITICAL gets 55% CBWFQ
class class-default
fair-queue ! CORE-BEST-EFFORT gets WFQ
!
!
interface Loopback0 ! Loopback interface for MPLS TE RID
ip address 20.3.3.3 255.255.255.255
!
!
interface POS5/0
description P-Router (Core) => PE1 POS Link
ip address 20.1.13.2 255.255.255.252
max-reserved-bandwidth 100 ! Overrides 75% BW limit
service-policy output CORE-THREE-CLASS-SP-MODEL ! Applies Core DS policies
mpls traffic-eng tunnels ! Enables MPLS TE on int
tag-switching ip
ip rsvp bandwidth 77500 77500 ! Assigns global-pool BW
!
interface POS6/0
description P-Router (Core) => PE2 POS Link
ip address 20.1.23.2 255.255.255.252
max-reserved-bandwidth 100 ! Overrides 75% BW limit
service-policy output CORE-THREE-CLASS-SP-MODEL ! Applies Core DS policies
mpls traffic-eng tunnels ! Enables MPLS TE on int
tag-switching ip
ip rsvp bandwidth 77500 77500 ! Assigns global-pool BW
!
router ospf 100
mpls traffic-eng router-id Loopback0 ! MPLS TE RID
mpls traffic-eng area 0 ! Enables OSPF area 0 for MPLS TE
log-adjacency-changes
redistribute connected subnets
network 20.1.13.0 0.0.0.3 area 0
network 20.1.23.0 0.0.0.3 area 0
!
!Verification commands:
show ip rsvp interface
show ip rsvp neighbor
show mpls interface
show mpls traffic-eng tunnels summary
show mpls traffic-eng tunnels
show mpls traffic-eng topology
show ip bgp vpnv4 all
ping vrf with show interface tunnel