[c-nsp] MPLS EXP label imposition
David Freedman
david.freedman at uk.clara.net
Fri Sep 9 06:38:44 EDT 2005
>
>> If it is the default behaviour whether there is a global configuration
>> to prevent this from happening.
>> Or, if the only way to prevent this from happening is to manually
>> rewrite all precedence bits to 0.
>
Following on from Merlin's Question, We're currently looking at a way of
avoiding having to do this on all entrypoints.
The problem is, whereas its simple to imply on connections external to
the network (such as peering and transit), its not so simple when it
comes down to implying it on Gateway / PE routers, of which we have lots
in multiple countries with literally thousands of interfaces/subinterfaces.
We are mainly concerned, therefore in securing PE routers.
I experimented with QPPB for this, on the PE->P interfaces, with a map
that set precedence to zero , such as:
!
route-map reset-prec permit 10
set ip precedence 0
!
router bgp xxxx
table-map reset-prec
!
interface X/Y
description PE to P connection
bgp-policy source ip-prec-map
bgp-policy destination ip-prec-map
!
But, of course there are two main problems with this, being:
A. It doesn't affect the automatic Prec->MPLS EXP copying (only the
precedence)
and
B. It can't differentiate between customers allowed to set the bits and
customers not allowed to do so.
Since the customers allowed to do so currently reside within VRFs of
their own, it would be nice to be able to "table-map" inside an ipv4
unicast address-family, rather than the vrf specific address families.
Does anybody else have any ideas?
Thanks in advance,
Dave.
Oliver Boehmer (oboehmer) wrote:
> Merlin Gillespie <> wrote on Thursday, September 08, 2005 4:09 PM:
>
>> Following reading:
>> http://www.cisco.com/warp/public/cc/pd/iosw/tech/mpotc_qp.htm
>>
>> The following passage was brought to my attention:
>>
>> By default, Cisco IOS(r) Software copies the three most significant
> bits
>> of the DiffServ code point (DSCP) or the IP precedence of the IP
>> packet to the EXP field in the MPLS shim header.
>>
>> There is not much reference to this feature outside of the prior
>> mentioned document.
>> Can someone confirm that this is the default behaviour.
>
> Yes, it is (I figure it is in most MPLS devices).
>
>> If it is the default behaviour whether there is a global configuration
>> to prevent this from happening.
>> Or, if the only way to prevent this from happening is to manually
>> rewrite all precedence bits to 0.
>
> You can use the "MPLS DiffServ Tunneling Modes" feature
> (http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newf
> t/122t/122t13/ftdtmode.htm) and overwrite this with an appropriate
> policy-map with "set mpls experimental 0" applied on the ingress
> interface..
>
> oli
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list