MPLS VPN QoS Design and Case Study MPLS, QoS, VPN, Study, Design

MPLS VPN QoS design typically is viewed from two distinct perspectives:

• The enterprise customer subscribing to the MPLS VPN service
  
• The service provider provisioning edge and core QoS within the MPLS VPN service
  

To achieve end-to-end service levels, enterprise and service-provider QoS policies must be consistent and complimentary. Therefore, QoS considerations and design recommendations for both the enterprise and service provider are presented in this chapter. The following topics are discussed:

• Enterprise-to-service provider mapping models
  
• Service provider-to-enterprise models
  
• MPLS DiffServ tunneling modes
  
• DiffServ in the backbone
  
• MPLS traffic engineering
  

MPLS is a combination of routing and switching technologies that can provide scalable VPNs with end-to-end quality of service.
Many customers are turning to service providers that offer MPLS VPN services as private WAN alternatives. One of the main reasons for this is the any-to-any connectivity capabilities of MPLS VPNs. However, this full-mesh nature in itself poses significant QoS implications to enterprise customers and service providers alikenamely, that they both need to comanage QoS in a cooperative and complementary fashion to achieve end-to-end service levels.
This chapter examines in detail QoS considerations that enterprise customers need to bear in mind when subscribing to MPLS VPNs, including how best to map into various service-provider MPLS VPN QoS models.
Service provider-edge QoS considerations are reviewed in depth, including egress queuing models and MPLS DiffServ tunneling modes (Uniform, Short Pipe, and Pipe). Furthermore, service-provider core QoS considerations are reviewed, including aggregate bandwidth provisioning and DiffServ in the backbone. MPLS traffic engineering as it relates to QoS is covered, along with two detailed examples: MPLS per-VPN traffic engineering and MPLS DiffServ traffic engineering.
This chapter concludes with a case study that shows how these designs can be combined in a complex MPLS VPN end-to-end scenario.
Note
This chapter addresses QoS design for MPLS VPNs, not the theory and operation of MPLS VPNs themselves. It is assumed that the reader is familiar with basic MPLS VPN architectures and technologies. For a detailed discussion of MPLS VPNs, refer to the Cisco Press books MPLS and VPN Architectures, Volumes I and II, by Ivan Pepelnjak and Jim Guichard; Traffic Engineering with MPLS, by Eric Osborne and Ajay Simha; and Advanced MPLS Design and Implementation, by Vivek Alwayn.


Case Study: MPLS VPN QoS Design (CE/PE/P Routers)

Continuing the example from the previous design chapters, the fictitious company ABC, Inc., has been growing and expanding, both geographically and technologically. It has multiple data centers in geographically diverse regions to which its field needs to connect efficiently. Additionally, to increase collaboration and simultaneously reduce travel expenses, ABC, Inc., plans to roll out any-to-any videoconferencing. For these business reasons, ABC, Inc., has decided to migrate from its private WAN to an MPLS VPN, managed by service provider XYZ (SP XYZ).
To minimize the costs of migration, SP XYZ supports both Frame Relay and ATM Layer 2 access (including ATM IMA, which has been ABC, Inc.'s, primary choice for branch WAN media).
Furthermore, SP XYZ is a leader in MPLS VPN services and supports a five-class provider-edge model. Real-time service can be purchased in 5 percent increments, as can the amounts of the three other levels of preferred service (Critical Data, Video, and Bulk Data). ABC Inc. wants its WAN migration to MPLS VPN to be as transparent to end users as possible, so it agrees to purchase these services in amounts that closely match the current QoS Baseline WAN edge model, without causing traffic class-mixing issues.
Additionally, ABC, Inc., monitors network utilization (particularly videoconferencing traffic) and performs traffic accounting and department bill-back based on the DSCP markings of traffic flows. ABC, Inc., views it as essential that the SP not re-mark any traffic at Layer 3 as it traverses the MPLS VPN, but rather preserve the DSCP markings intact. Again, SP XYZ can accommodate ABC, Inc., because it deploys the popular Short Pipe Mode of MPLS DiffServ tunneling.
SP XYZ also offers the option of premium service for voice traffic to geographically adjacent sites (through MPLS DS-TE). Because ABC, Inc., is a heavy IP telephony user, it elects to purchase this premium service for voice traffic (thus, from SP XYZ's perspective, ABC, Inc., is considered a "BLUE" class customer).

30-8-2009 23:15

it is assumed that traffic has been marked correctly on campus/branch switches before it arrives at the CE LAN edges. Where such an assumption is invalid, ingress LAN edge marking policies, discussed in "Branch Router QoS Design," can be applied to the CE LAN edges. Additionally, it has been assumed that there are no unidirectional applications in this example.
Queuing and marking policies for a five-class provider-edge model have been applied on CE edges.
On ingress, SP XYZ applies a five-class short pipe MPLS DiffServ tunneling mode policer to identify (through MPLS EXP values) traffic that is in contract or out-of-contract. DiffServ policies are applied throughout the MPLS VPN core, and MPLS DS-TE also is provisioned for voice traffic to geographically adjacent CEs. On egress, SP XYZ applies a five-class provider-edge model, which is based on the customer's DiffServ markings. In this example, company ABC, Inc., fits service provider XYZ's customer Blue profile.
The configuration for this example spans six routers: Blue-CE1, Blue-CE2, Red-CE1, Red-CE2, PE1, PE2, and P router. However, because CE configurations are virtually identical, only one is presented here .

Configuration :

1. 
   
2. ! hostname CE1-BLUE
   
3. !
   
4. ip cef                         ! IP CEF is required for Packet Marking
   
5. !
   
6. class-map match-all ROUTING
   
7.   match ip dscp cs6
   
8. class-map match-all VOICE
   
9.   match ip dscp ef
   
10. class-map match-all INTERACTIVE-VIDEO
    
11.   match ip dscp af41
    
12. class-map match-all STREAMING-VIDEO
    
13.   match ip dscp cs4
    
14. class-map match-all MISSION-CRITICAL-DATA
    
15.   match ip dscp 25
    
16. class-map match-any CALL-SIGNALING
    
17.   match ip dscp af31
    
18.   match ip dscp cs3
    
19. class-map match-all TRANSACTIONAL-DATA
    
20.   match ip dscp af21
    
21. class-map match-all BULK-DATA
    
22.   match ip dscp af11
    
23. class-map match-all NETWORK-MANAGEMENT
    
24.   match ip dscp cs2
    
25. class-map match-all SCAVENGER
    
26.   match ip dscp cs1
    
27. !
    
28. !
    
29. policy-map CE-FIVE-CLASS-SP-MODEL
    
30.   class ROUTING
    
31.    bandwidth percent 3  ! Routing is assigned (by default) to Critical SP class
    
32.   class VOICE
    
33.    priority percent 18  ! Voice is admitted to Realtime SP class
    
34.   class INTERACTIVE-VIDEO
    
35.    priority percent 15
    
36.    set ip dscp cs5      ! Interactive-Video is assigned to the Realtime SP class
    
37.   class STREAMING-VIDEO
    
38.    bandwidth percent 13
    
39.    set ip dscp af21     ! Streaming-Video is assigned to the Video SP class
    
40.   class CALL-SIGNALING
    
41.    priority percent 2   ! Call-Signaling gets LLQ for this scenario
    
42.    set ip dscp cs5      ! Call-Signaling is assigned to the Realtime SP class
    
43.   class MISSION-CRITICAL-DATA
    
44.    bandwidth percent 12
    
45.    random-detect
    
46.    set ip dscp af31     ! MC Data is assigned to the Critical SP class
    
47.   class TRANSACTIONAL-DATA
    
48.    bandwidth percent 5
    
49.    random-detect
    
50.    set ip dscp cs3      ! Transactional Data is assigned to Critical SP class
    
51.   class NETWORK-MANAGEMENT
    
52.    bandwidth percent 2  ! Net Mgmt (mainly UDP) is admitted to Video SP class
    
53.   class BULK-DATA
    
54.    bandwidth percent 5  ! Bulk Data is assigned to Bulk SP class
    
55.    random-detect
    
56.   class SCAVENGER
    
57.    bandwidth percent 1
    
58.    set ip dscp 0
    
59.   class class-default
    
60.    bandwidth percent 24
    
61.    random-detect
    
62. !
    
63. !
    
64.   policy-map CE-LAN-EDGE-OUT
    
65.    class class-default
    
66.     set cos dscp                  ! Enables default DSCP-to-CoS Mapping
    
67. !
    
68. !
    
69. interface FastEthernet0/0
    
70.   description TO CAT3500 BRANCH ACCESS-SWITCH
    
71.   no ip address
    
72. !
    
73. interface FastEthernet0/0.11
    
74.   description DLVAN SUBNET 10.1.1.0
    
75.   encapsulation dot1Q 11
    
76.   ip address 10.1.1.1 255.255.255.0
    
77.   service-policy output CE-LAN-EDGE-OUT       ! Restores CoS for Data VLAN
    
78. !
    
79. !
    
80. interface FastEthernet0/0.101
    
81.   description VVLAN SUBNET 10.1.101.0
    
82.   encapsulation dot1Q 101
    
83.   ip address 10.1.101.1 255.255.255.0
    
84.   service-policy output CE-LAN-EDGE-OUT       ! Restores CoS on Voice VLAN
    
85. !
    
86. !
    
87. interface ATM1/0
    
88.   no ip address
    
89.   no atm ilmi-keepalive
    
90.   ima-group 1
    
91.   no scrambling-payload
    
92. !
    
93. interface ATM1/1
    
94.   no ip address
    
95.   no atm ilmi-keepalive
    
96.   ima-group 1
    
97.   no scrambling-payload
    
98. !
    
99. !
    
100. interface ATM1/IMA1
     
101.   no ip address
     
102.   no atm ilmi-keepalive
     
103. !
     
104. interface ATM1/IMA1.20 point-to-point
     
105.   description Dual-T1 ATM IMA Link to PE1
     
106.   ip address 10.20.1.1 255.255.255.252
     
107.   pvc 0/120
     
108.    vbr-nrt 3072 3072
     
109.    max-reserved-bandwidth 100                       ! Overrides 75% BW limit
     
110.    service-policy output CE-FIVE-CLASS-SP-MODEL     ! Applies 5-Class CE-PE Model
     
111.   !
     
112. !
     
113. router bgp 10
     
114.   no synchronization
     
115.   bgp log-neighbor-changes
     
116.   redistribute connected
     
117.   neighbor 10.20.1.2 remote-as 100
     
118.   no auto-summary
     
119. !
     
120. !
     
121. 
     
122. 
     
123. 
     
124. 
     
125. PE1 Case Study MPLS VPN QoS Design  !
     
126. hostname PE1
     
127. !
     
128. !
     
129. ip vrf BLUE                          ! BLUE MPLS VPN Definition
     
130.   rd 100:1
     
131.   route-target export 100:1
     
132.   route-target import 100:1
     
133. !
     
134. ip vrf RED                          ! RED MPLS VPN Definition
     
135.   rd 150:1
     
136.   route-target export 150:1
     
137.   route-target import 150:1
     
138. !
     
139. ip cef
     
140. mpls ldp logging neighbor-changes
     
141. mpls traffic-eng tunnels            ! Enables MPLS TE globally
     
142. !
     
143. !
     
144. !
     
145. class-map match-any REALTIME
     
146.   match ip dscp ef
     
147.   match ip dscp cs5
     
148. class-map match-any CRITICAL-DATA
     
149.   match ip dscp cs6
     
150.   match ip dscp af31
     
151.   match ip dscp cs3
     
152. class-map match-any VIDEO
     
153.   match ip dscp af21
     
154.   match ip dscp cs2
     
155. class-map match-any BULK-DATA
     
156.   match ip dscp af11
     
157.   match ip dscp cs1
     
158. class-map match-all CORE-REALTIME
     
159.    match mpls experimental topmost 5  ! Identifies in-contract Realtime
     
160. class-map match-all CORE-CRITICAL-DATA
     
161.    match mpls experimental topmost 3  ! Identifies in-contract Critical-Data
     
162.    match mpls experimental topmost 7  ! Identifies out-of-contract Critical Data
     
163.    match mpls experimental topmost 2  ! Identifies in-contract Video
     
164.    match mpls experimental topmost 1  ! Identifies in-contract Bulk
     
165.    match mpls experimental topmost 6  ! Identifies out-of-contract Bulk
     
166. !
     
167. !
     
168. policy-map PE-FIVE-CLASS-SHORT-PIPE-MARKING
     
169.    claexceed-action set-mpls-exp-topmost-transmit 7
     
170.     police cir 1050000
     
171.       conform-action set-mpls-exp-topmost-transmit 5  ! Conforming RT set to 5
     
172.       exceed-action drop                              ! Excess Realtime is dropped
     
173.    class CRITICAL-DATA
     
174.     police cir 600000
     
175.       conform-action set-mpls-exp-topmost-transmit 3  ! Critical Data set to 3
     
176.       exceed-action set-mpls-exp-topmost-transmit 7   ! Excess Critical set 7
     
177.    class VIDEO
     
178.     police cir 450000
     
179.       conform-action set-mpls-exp-topmost-transmit 2  ! Conforming Video set to 2
     
180.       exceed-action drop                              ! Excess Video dropped
     
181.    class BULK-DATA
     
182.     police cir 150000
     
183.       conform-action set-mpls-exp-topmost-transmit 1  ! Conforming Bulk set to 1
     
184.       exceed-action set-mpls-exp-topmost-transmit 6   ! Excess Bulk set to 6
     
185.    class class-default
     
186.     police cir 750000
     
187.       conform-action set-mpls-exp-topmost-transmit 0  ! Conforming BE set to 0
     
188.       exceed-action set-mpls-exp-topmost-transmit 4   ! Excess BE set to 4
     
189. !
     
190. !
     
191. policy-map PE-FIVE-CLASS-SP-MODEL
     
192.   class REALTIME
     
193.    priority percent 35         ! Realtime SP class gets 35% LLQ
     
194.   class CRITICAL-DATA
     
195.    bandwidth percent 20        ! Critical-Data SP class gets 40% CBWFQ
     
196.    random-detect dscp-based    ! DSCP-based WRED enabled on class
     
197.   class VIDEO
     
198.    bandwidth percent 15        ! Video SP class gets 15% CBWFQ
     
199.    random-detect dscp-based    ! DSCP-based WRED enabled on "Video" SP class
     
200.   class BULK-DATA
     
201.    bandwidth percent 5         ! Bulk Data SP class gets 15% CBWFQ
     
202.    random-detect dscp-based    ! DSCP-based WRED enabled on Bulk Data SP class
     
203.   class class-default
     
204.    bandwidth percent 25        ! Best Effort SP class gets 25% CBWFQ
     
205.    random-detect               ! WRED enabled on Best Effort SP class
     
206. !
     
207. !
     
208. policy-map CORE-THREE-CLASS-SP-MODEL
     
209.    class CORE-REALTIME
     
210.      priority percent 35               ! CORE-REALTIME gets 35% LLQ
     
211.    class CORE-CRITICAL-DATA
     
212.      bandwidth percent 55              ! CORE-CRITICAL gets 55% CBWFQ
     
213.    class class-default
     
214.      fair-queue                        ! CORE-BEST-EFFORT gets FQ
     
215. !
     
216. !
     
217. interface Loopback0          ! Loopback interface for MPLS TE RID
     
218.   ip address 20.1.1.1 255.255.255.255
     
219. !
     
220. interface Tunnel0
     
221.   description TUNNEL0 (PE1=>PE2)
     
222.   ip unnumbered Loopback0
     
223.   tunnel destination 20.2.2.2
     
224.   tunnel mode mpls traffic-eng                ! Enables MPLS TE on tunnel
     
225.   tunnel mpls traffic-eng priority 0 0        ! Best priority
     
226.   tunnel mpls traffic-eng bandwidth sub-pool 54250  ! Assigns sub-pool
     
227.   tunnel mpls traffic-eng path-option 1 explicit name TUNNEL0
     
228. !
     
229. interface Tunnel1
     
230.   description TUNNEL1 (PE1=>P=>PE2)
     
231.   ip unnumbered Loopback0
     
232.   tunnel destination 20.2.2.2
     
233.   tunnel mode mpls traffic-eng                ! Enables MPLS TE
     
234.   tunnel mpls traffic-eng priority 7 7        ! Worst priority
     
235.   tunnel mpls traffic-eng bandwidth  77500    ! Assigns global pool
     
236.   tunnel mpls traffic-eng path-option 1 explicit name TUNNEL1
     
237. !
     
238. !
     
239. interface ATM2/0
     
240.   no ip address
     
241.   ima-group 1
     
242. !
     
243. interface ATM2/1
     
244.   no ip address
     
245.   ima-group 1
     
246. !
     
247. interface ATM2/ima1
     
248.   no ip address
     
249.   no atm ilmi-keepalive
     
250. !
     
251. interface ATM2/ima1.20 point-to-point
     
252.   description Dual-T1 ATM IMA Link to Blue CE1
     
253.   ip vrf forwarding BLUE
     
254.   ip address 10.20.1.2 255.255.255.252
     
255.   pvc 0/120
     
256.    vbr-nrt 3072 3072
     
257.    max-reserved-bandwidth 100                                ! Overrides 75% BW
     
258.    service-policy input PE-FIVE-CLASS-SHORT-PIPE-MARKING     ! Short Pipe Marking
     
259.    service-policy output PE-FIVE-CLASS-SP-MODEL              ! Egress policy to CE
     
260.   !
     
261. !
     
262. interface ATM2/2
     
263.   no ip address
     
264.   ima-group 2
     
265. !
     
266. interface ATM2/ima2
     
267.   no ip address
     
268.   no atm ilmi-keepalive
     
269. !
     
270. interface ATM2/ima2.20 point-to-point
     
271.   description Dual-T1 ATM IMA Link to Red CE1
     
272.   ip vrf forwarding RED
     
273.   ip address 10.20.1.2 255.255.255.252
     
274.   pvc 0/220
     
275.    vbr-nrt 3072 3072
     
276.    max-reserved-bandwidth 100                                ! Overrides 75% BW
     
277.    service-policy input PE-FIVE-CLASS-SHORT-PIPE-MARKING     ! Short Pipe Marking
     
278.    service-policy output PE-FIVE-CLASS-SP-MODEL              ! Egress policy to CE
     
279.   !
     
280. !
     
281. interface ATM2/3
     
282.   no ip address
     
283.   ima-group 2
     
284. !
     
285. !
     
286. interface POS5/0
     
287.   description PE1=>PE2 POS Link
     
288.   ip address 20.1.12.1 255.255.255.252
     
289.   max-reserved-bandwidth 100                         ! Overrides 75% BW limit
     
290.   service-policy output CORE-THREE-CLASS-SP-MODEL    ! Applies Core DS policies
     
291.   mpls traffic-eng tunnels                           ! Enables MPLS TE on int
     
292.   tag-switching ip
     
293.   ip rsvp bandwidth 77500 sub-pool 54250             ! Assigns sub-pool BW
     
294. !
     
295. interface POS6/0
     
296.   description PE1=>P-Router (Core) POS Link
     
297.   ip address 20.1.13.1 255.255.255.252
     
298.   max-reserved-bandwidth 100                         ! Overrides 75% BW limit
     
299.   service-policy output CORE-THREE-CLASS-SP-MODEL    ! Applies Core DS policies
     
300.   mpls traffic-eng tunnels                           ! Enables MPLS TE on int
     
301.   tag-switching ip
     
302.   ip rsvp bandwidth 77500 77500                      ! Assigns global-pool BW
     
303. !
     
304. router ospf 100
     
305.   mpls traffic-eng router-id Loopback0      ! MPLS TE RID
     
306.   mpls traffic-eng area 0                   ! Enables OSPF area 0 for MPLS TE
     
307.   log-adjacency-changes
     
308.   redistribute connected subnets
     
309.   network 20.1.12.0 0.0.0.3 area 0
     
310.   network 20.1.13.0 0.0.0.3 area 0
     
311. !
     
312. router bgp 100
     
313.   no synchronization
     
314.   bgp log-neighbor-changes
     
315.   redistribute connected
     
316.   neighbor 20.2.2.2 remote-as 100
     
317.   neighbor 20.2.2.2 update-source Loopback0
     
318.   no auto-summary
     
319.   !
     
320.   address-family vpnv4
     
321.   neighbor 20.2.2.2 activate
     
322.   neighbor 20.2.2.2 send-community extended
     
323.   neighbor 20.2.2.2 route-map TUNNEL-ASSIGNMENT in   ! Applies BGP PBR
     
324.   exit-address-family
     
325.   !
     
326.   address-family ipv4 vrf RED
     
327.   redistribute connected
     
328.   neighbor 10.20.1.1 remote-as 15
     
329.   neighbor 10.20.1.1 activate
     
330.   neighbor 10.20.1.1 default-originate
     
331.   no auto-summary
     
332.   no synchronization
     
333.   exit-address-family
     
334.   !
     
335.   address-family ipv4 vrf BLUE
     
336.   redistribute connected
     
337.   neighbor 10.20.1.1 remote-as 10
     
338.   neighbor 10.20.1.1 activate
     
339.   neighbor 10.20.1.1 default-originate
     
340.   no auto-summary
     
341.   no synchronization
     
342.   exit-address-family
     
343. ip extcommunity-list 2 permit rt 150:1
     
344. ip classless
     
345. ip route 16.16.16.16 255.255.255.255 Tunnel0  ! Static route for Tunnel 0
     
346. ip route 17.17.17.17 255.255.255.255 Tunnel1  ! Static route for Tunnel 1
     
347. !
     
348. ip extcommunity-list 1 permit rt 100:1       ! Identifies Blue VPN by RT
     
349. ip extcommunity-list 2 permit rt 150:1       ! Identifies Red VPN by RT
     
350. ip bgp-community new-format
     
351. !
     
352. ip explicit-path name TUNNEL0 enable         ! Defines explicit path for Tu0
     
353.   next-address 20.1.12.2
     
354. !
     
355. ip explicit-path name TUNNEL1 enable         ! Defines explicit path for Tu1
     
356.   next-address 20.1.13.2
     
357.   next-address 20.1.23.1
     
358. !
     
359. access-list 1 permit 10.2.102.0 0.0.0.255    ! Identifies (Blue) Voice-VLAN
     
360. access-list 2 permit 10.2.2.0 0.0.0.255      ! Identifies (Blue) Data-VLAN
     
361. access-list 2 permit 10.20.2.0 0.0.0.3       ! Identifies (Blue) PE-CE link
     
362. access-list 3 permit 10.2.102.0 0.0.0.255    ! Identifies (Red) Voice-VLAN
     
363. access-list 3 permit 10.2.2.0 0.0.0.255      ! Identifies (Red) Data-VLAN
     
364. access-list 3 permit 10.20.2.0 0.0.0.3       ! Identifies (Red) PE-CE Link
     
365. !
     
366. route-map TUNNEL-ASSIGNMENT permit 10
     
367.   match ip address 1                          ! Matches Voice-VLAN subnet
     
368.   match extcommunity 1                        ! Matches Blue VPN RT
     
369.   set ip next-hop 16.16.16.16                 ! Sets BGP Next-Hop to 16.16.16.16
     
370. !
     
371. route-map TUNNEL-ASSIGNMENT permit 20
     
372.   match ip address 2                          ! Matches other (Blue) subnets
     
373.   match extcommunity 1                        ! Matches Blue VPN RT
     
374.   set ip next-hop 17.17.17.17                 ! Sets BGP Next-Hop to 17.17.17.17
     
375. !
     
376. route-map TUNNEL-ASSIGNMENT permit 30
     
377.   match ip address 3                          ! Matches all (Red) subnets
     
378.   match extcommunity 2                        ! Matches Red VPN RT
     
379.   set ip next-hop 17.17.17.17                 ! Sets BGP Next-Hop to 17.17.17.17
     
380. !
     
381. !
     
382. 
     
383. 
     
384. 
     
385. 
     
386. 
     
387. PE2 Case Study MPLS VPN QoS Design
     
388. 
     
389. 
     
390. !
     
391. hostname PE2
     
392. !
     
393. !
     
394. ip vrf BLUE                           ! BLUE MPLS VPN Definition
     
395.   rd 100:1
     
396.   route-target export 100:1
     
397.   route-target import 100:1
     
398. !
     
399. ip vrf RED                            ! RED MPLS VPN Definition
     
400.   rd 150:1
     
401.   route-target export 150:1
     
402.   route-target import 150:1
     
403. !
     
404. ip cef
     
405. mpls ldp logging neighbor-changes
     
406. mpls traffic-eng tunnels             ! Enables MPLS TE globally
     
407. !
     
408. !
     
409. !
     
410. class-map match-any REALTIME
     
411.   match ip dscp ef
     
412.   match ip dscp cs5
     
413. class-map match-any CRITICAL-DATA
     
414.   match ip dscp cs6
     
415.   match ip dscp af31
     
416.   match ip dscp cs3
     
417. class-map match-any VIDEO
     
418.   match ip dscp af21
     
419.   match ip dscp cs2
     
420. class-map match-any BULK-DATA
     
421.   match ip dscp af11
     
422.   match ip dscp cs1
     
423. class-map match-all CORE-REALTIME
     
424.    match mpls experimental topmost 5  ! Identifies in-contract Realtime
     
425. class-map match-all CORE-CRITICAL-DATA
     
426.    match mpls experimental topmost 3  ! Identifies in-contract Critical-Data
     
427.    match mpls experimental topmost 7  ! Identifies out-of-contract Critical Data
     
428.    match mpls experimental topmost 2  ! Identifies in-contract Video
     
429.    match mpls experimental topmost 1  ! Identifies in-contract Bulk
     
430.    match mpls experimental topmost 6  ! Identifies out-of-contract Bulk
     
431. !
     
432. !
     
433. policy-map PE-FIVE-CLASS-SHORT-PIPE-MARKING
     
434.    class REALTIME
     
435.     police cir 1050000
     
436.       conform-action set-mpls-exp-topmost-transmit 5  ! Conforming RT set to 5
     
437.       exceed-action drop                              ! Excess Realtime is dropped
     
438.    class CRITICAL-DATA
     
439.     police cir 600000
     
440.       conform-action set-mpls-exp-topmost-transmit 3  ! Critical Data set to 3
     
441.       exceed-action set-mpls-exp-topmost-transmit 7   ! Excess Critical set 7
     
442.    class VIDEO
     
443.     police cir 450000
     
444.       conform-action set-mpls-exp-topmost-transmit 2  ! Conforming Video set to 2
     
445.       exceed-action drop                              ! Excess Video dropped
     
446.    class BULK-DATA
     
447.     police cir 150000
     
448.       conform-action set-mpls-exp-topmost-transmit 1  ! Conforming Bulk set to 1
     
449.       exceed-action set-mpls-exp-topmost-transmit 6   ! Excess Bulk set to 6
     
450.    class class-default
     
451.     police cir 750000
     
452.       conform-action set-mpls-exp-topmost-transmit 0  ! Conforming BE set to 0
     
453.       exceed-action set-mpls-exp-topmost-transmit 4   ! Excess BE set to 4
     
454. !
     
455. !
     
456. policy-map PE-FIVE-CLASS-SP-MODEL
     
457.   class REALTIME
     
458.    priority percent 35         ! Realtime SP class gets 35% LLQ
     
459.   class CRITICAL-DATA
     
460.    bandwidth percent 20        ! Critical-Data SP class gets 40% CBWFQ
     
461.    random-detect dscp-based    ! DSCP-based WRED enabled on class
     
462.   class VIDEO
     
463.    bandwidth percent 15        ! Video SP class gets 15% CBWFQ
     
464.    random-detect dscp-based    ! DSCP-based WRED enabled on "Video" SP class
     
465.   class BULK-DATA
     
466.    bandwidth percent 5         ! Bulk Data SP class gets 15% CBWFQ
     
467.    random-detect dscp-based    ! DSCP-based WRED enabled on Bulk Data SP class
     
468.   class class-default
     
469.    bandwidth percent 25        ! Best Effort SP class gets 25% CBWFQ
     
470.    random-detect               ! WRED enabled on Best Effort SP class
     
471. !
     
472. !
     
473. policy-map CORE-THREE-CLASS-SP-MODEL
     
474.    class CORE-REALTIME
     
475.      priority percent 35               ! CORE-REALTIME gets 35% LLQ
     
476.    class CORE-CRITICAL-DATA
     
477.      bandwidth percent 55              ! CORE-CRITICAL gets 55% CBWFQ
     
478.    class class-default
     
479.      fair-queue                        ! CORE-BEST-EFFORT gets WFQ
     
480. !
     
481. !
     
482. interface Loopback0           ! Loopback interface for MPLS TE RID
     
483.   ip address 20.2.2.2 255.255.255.255
     
484. !
     
485. interface Tunnel0
     
486.   description TUNNEL0 (PE2=>PE1)
     
487.   ip unnumbered Loopback0
     
488.   tunnel destination 20.1.1.1
     
489.   tunnel mode mpls traffic-eng                ! Enables MPLS TE on tunnel
     
490.   tunnel mpls traffic-eng priority 0 0        ! Best priority
     
491.   tunnel mpls traffic-eng bandwidth sub-pool 54250   ! Assigns sub-pool
     
492.   tunnel mpls traffic-eng path-option 1 explicit name TUNNEL0
     
493. !
     
494. interface Tunnel1
     
495.   description TUNNEL1 (PE2=>P=>PE1)
     
496.   ip unnumbered Loopback0
     
497.   tunnel destination 20.1.1.1
     
498.   tunnel mode mpls traffic-eng                ! Enables MPLS TE
     
499.   tunnel mpls traffic-eng priority 7 7        ! Worst priority
     
500.   tunnel mpls traffic-eng bandwidth  77500    ! Assigns global pool
     
501.   tunnel mpls traffic-eng path-option 1 explicit name TUNNEL1
     
502. !
     
503. !
     
504. interface ATM2/0
     
505.   no ip address
     
506.   ima-group 1
     
507. !
     
508. interface ATM2/1
     
509.   no ip address
     
510.   ima-group 1
     
511. !
     
512. interface ATM2/ima1
     
513.   no ip address
     
514.   no atm ilmi-keepalive
     
515. !
     
516. interface ATM2/ima1.20 point-to-point
     
517.   description Dual-T1 ATM IMA Link to Blue CE2
     
518.   ip vrf forwarding BLUE
     
519.   ip address 10.20.2.2 255.255.255.252
     
520.   pvc 0/120
     
521.    vbr-nrt 3072 3072
     
522.    max-reserved-bandwidth 100                              ! Overrides 75% BW
     
523.    service-policy input PE-FIVE-CLASS-SHORT-PIPE-MARKING   ! Short Pipe Marking
     
524.    service-policy output PE-FIVE-CLASS-SP-MODEL            ! Egress policy to CE
     
525.   !
     
526. !
     
527. interface ATM2/2
     
528.   no ip address
     
529.   ima-group 2
     
530. !
     
531. interface ATM2/ima2
     
532.   no ip address
     
533.   no atm ilmi-keepalive
     
534. !
     
535. interface ATM2/ima2.20 point-to-point
     
536.   description Dual-T1 ATM IMA Link to Red CE2
     
537.   ip vrf forwarding RED
     
538.   ip address 10.20.2.2 255.255.255.252
     
539.   pvc 0/220
     
540.    vbr-nrt 3072 3072
     
541.    max-reserved-bandwidth 100                              ! Overrides 75% BW
     
542.    service-policy input PE-FIVE-CLASS-SHORT-PIPE-MARKING   ! Short Pipe Marking
     
543.    service-policy output PE-FIVE-CLASS-SP-MODEL            ! Egress policy to CE
     
544. !
     
545. !
     
546. interface POS5/0
     
547.   description PE2=>PE1 POS Link
     
548.   ip address 20.1.12.2 255.255.255.252
     
549.   max-reserved-bandwidth 100                         ! Overrides 75% BW limit
     
550.   service-policy output CORE-THREE-CLASS-SP-MODEL    ! Applies Core DS policies
     
551.   mpls traffic-eng tunnels                           ! Enables MPLS TE on int
     
552.   tag-switching ip
     
553.   ip rsvp bandwidth 77500 sub-pool 54250             ! Assigns sub-pool BW
     
554. !
     
555. interface POS6/0
     
556.   description PE2=>P-Router (Core) POS Link
     
557.   ip address 20.1.23.1 255.255.255.252
     
558.   max-reserved-bandwidth 100                         ! Overrides 75% BW limit
     
559.   service-policy output CORE-THREE-CLASS-SP-MODEL    ! Applies Core DS policies
     
560.   mpls traffic-eng tunnels                           ! Enables MPLS TE on int
     
561.   tag-switching ip
     
562.   ip rsvp bandwidth 77500 77500                      ! Assigns global-pool BW
     
563. !
     
564. router ospf 100
     
565.   mpls traffic-eng router-id Loopback0               ! MPLS TE RID
     
566.   mpls traffic-eng area 0                            ! Enables OSPF area 0 for MPLS TE
     
567.   log-adjacency-changes
     
568.   redistribute connected subnets
     
569.   network 20.1.12.0 0.0.0.3 area 0
     
570.   network 20.1.23.0 0.0.0.3 area 0
     
571. !
     
572. router bgp 100
     
573.   no synchronization
     
574.   bgp log-neighbor-changes
     
575.   redistribute connected
     
576.   neighbor 20.1.1.1 remote-as 100
     
577.   neighbor 20.1.1.1 update-source Loopback0
     
578.   no auto-summary
     
579.   !
     
580.   address-family vpnv4
     
581.   neighbor 20.1.1.1 activate
     
582.   neighbor 20.1.1.1 send-community extended
     
583.   neighbor 20.1.1.1 route-map TUNNEL-ASSIGNMENT in   ! Applies BGP PBR
     
584.   exit-address-family
     
585.   !
     
586.   address-family ipv4 vrf RED
     
587.   redistribute connected
     
588.   neighbor 10.20.2.1 remote-as 15
     
589.   neighbor 10.20.2.1 activate
     
590.   neighbor 10.20.2.1 default-originate
     
591.   no auto-summary
     
592.   no synchronization
     
593.   exit-address-family
     
594.   !
     
595.   address-family ipv4 vrf BLUE
     
596.   redistribute connected
     
597.   neighbor 10.20.2.1 remote-as 10
     
598.   neighbor 10.20.2.1 activate
     
599.   neighbor 10.20.2.1 default-originate
     
600.   no auto-summary
     
601.   no synchronization
     
602.   exit-address-family
     
603. !
     
604. ip classless
     
605. ip route 18.18.18.18 255.255.255.255 Tunnel0 ! Static route for Tunnel 0
     
606. ip route 19.19.19.19 255.255.255.255 Tunnel1 ! Static route for Tunnel 1
     
607. !
     
608. ip extcommunity-list 1 permit rt 100:1       ! Identifies Blue VPN by RT
     
609. ip extcommunity-list 2 permit rt 150:1       ! Identifies Red VPN by RT
     
610. ip bgp-community new-format
     
611. !
     
612. ip explicit-path name TUNNEL0 enable         ! Defines explicit path for Tu0
     
613.   next-address 20.1.12.1
     
614. !
     
615. ip explicit-path name TUNNEL1 enable         ! Defines explicit path for Tu1
     
616.   next-address 20.1.23.2
     
617.   next-address 20.1.13.1
     
618. !
     
619. access-list 1 permit 10.1.101.0 0.0.0.255    ! Identifies (Blue) Voice-VLAN
     
620. access-list 2 permit 10.1.1.0 0.0.0.255      ! Identifies (Blue) Data-VLAN
     
621. access-list 2 permit 10.20.1.0 0.0.0.3       ! Identifies (Blue) PE-CE link
     
622. access-list 3 permit 10.1.101.0 0.0.0.255    ! Identifies (Red) Voice-VLAN
     
623. access-list 3 permit 10.1.1.0 0.0.0.255      ! Identifies (Red) Data-VLAN
     
624. access-list 3 permit 10.20.1.0 0.0.0.3       ! Identifies (Red) PE-CE Link
     
625. !
     
626. route-map TUNNEL-ASSIGNMENT permit 10
     
627.   match ip address 1                          ! Matches Voice-VLAN subnet
     
628.   match extcommunity 1                        ! Matches Blue VPN RT
     
629.   set ip next-hop 18.18.18.18                 ! Sets BGP Next-Hop to 18.18.18.18
     
630. !
     
631. route-map TUNNEL-ASSIGNMENT permit 20
     
632.   match ip address 2                          ! Matches other (Blue) subnets
     
633.   match extcommunity 1                        ! Matches Blue VPN RT
     
634.   set ip next-hop 19.19.19.19                 ! Sets BGP Next-Hop to 19.19.19.19
     
635. !
     
636. route-map TUNNEL-ASSIGNMENT permit 30
     
637.   match ip address 3                          ! Matches all (Red) subnets
     
638.   match extcommunity 2                        ! Matches Red VPN RT
     
639.   set ip next-hop 19.19.19.19                 ! Sets BGP Next-Hop to 19.19.19.19
     
640. !
     
641. !
     
642. 
     
643. 
     
644. 
     
645. The configuration for the P router for this MPLS VPN QoS design case-study example is shown in Example 15-32.
     
646. 
     
647. P-Router Case Study MPLS VPN QoS Design Example !
     
648. hostname P-Router
     
649. !
     
650. !
     
651. ip cef
     
652. mpls ldp logging neighbor-changes
     
653. mpls traffic-eng tunnels               ! MPLS TE is enabled globally
     
654. !
     
655. !
     
656. class-map match-all CORE-REALTIME
     
657.    match mpls experimental topmost 5  ! Identifies in-contract Realtime
     
658. class-map match-all CORE-CRITICAL-DATA
     
659.    match mpls experimental topmost 3  ! Identifies in-contract Critical-Data
     
660.    match mpls experimental topmost 7  ! Identifies out-of-contract Critical Data
     
661.    match mpls experimental topmost 2  ! Identifies in-contract Video
     
662.    match mpls experimental topmost 1  ! Identifies in-contract Bulk
     
663.    match mpls experimental topmost 6  ! Identifies out-of-contract Bulk
     
664. !
     
665. !
     
666. policy-map CORE-THREE-CLASS-SP-MODEL
     
667.    class CORE-REALTIME
     
668.      priority percent 35              ! CORE-REALTIME gets 35% LLQ
     
669.    class CORE-CRITICAL-DATA
     
670.      bandwidth percent 55             ! CORE-CRITICAL gets 55% CBWFQ
     
671.    class class-default
     
672.      fair-queue                       ! CORE-BEST-EFFORT gets WFQ
     
673. !
     
674. !
     
675. interface Loopback0                  ! Loopback interface for MPLS TE RID
     
676.   ip address 20.3.3.3 255.255.255.255
     
677. !
     
678. !
     
679. interface POS5/0
     
680.   description P-Router (Core) => PE1 POS Link
     
681.   ip address 20.1.13.2 255.255.255.252
     
682.   max-reserved-bandwidth 100                        ! Overrides 75% BW limit
     
683.   service-policy output CORE-THREE-CLASS-SP-MODEL   ! Applies Core DS policies
     
684.   mpls traffic-eng tunnels                          ! Enables MPLS TE on int
     
685.   tag-switching ip
     
686.   ip rsvp bandwidth 77500 77500                     ! Assigns global-pool BW
     
687. !
     
688. interface POS6/0
     
689.   description P-Router (Core) => PE2 POS Link
     
690.   ip address 20.1.23.2 255.255.255.252
     
691.   max-reserved-bandwidth 100                         ! Overrides 75% BW limit
     
692.   service-policy output CORE-THREE-CLASS-SP-MODEL    ! Applies Core DS policies
     
693.   mpls traffic-eng tunnels                           ! Enables MPLS TE on int
     
694.   tag-switching ip
     
695.   ip rsvp bandwidth 77500 77500                      ! Assigns global-pool BW
     
696. !
     
697. router ospf 100
     
698.   mpls traffic-eng router-id Loopback0               ! MPLS TE RID
     
699.   mpls traffic-eng area 0                        ! Enables OSPF area 0 for MPLS TE
     
700.   log-adjacency-changes
     
701.   redistribute connected subnets
     
702.   network 20.1.13.0 0.0.0.3 area 0
     
703.   network 20.1.23.0 0.0.0.3 area 0
     
704. !
     
705. !

Copy Code

Verification commands:

• show ip rsvp interface
  
• show ip rsvp neighbor
  
• show mpls interface
  
• show mpls traffic-eng tunnels summary
  
• show mpls traffic-eng tunnels
  
• show mpls traffic-eng topology
  
• show ip bgp vpnv4 all
  
• ping vrf with show interface tunnel