[c-nsp] Sup720, MPLS over EoMPLS and EXP bits marking

Andrey Elperin mizzy at colocall.net
Thu Mar 1 09:20:41 EST 2007 

 Hello,

 Below is an fragment of topology of our IP/MPLS network :

 [CE1] - [PE1] - [P1] - [P2] - [PE2] - [CE2]
           |                     |
           \------- EoMPLS ------/
 
 There are 2 CE devices which are connected via EoMPLS circuit over IP/MPLS
 network, 2 PE devices (both are Cisco 7609 with Sup720-3bxl, 12.2(18)SXE5)
 and 2 P devices (GSR12416, 12.0(32)S). A quite usual scheme with a one
 exception - CE1 and CE2 exchanging not plain IP, but MPLS packets.

 CE devices are connected to PE devices using GigabitEthernet (WS-X6724-SFP
 cards on 7609) and we are using PFC3BXL VLAN-based (subinterfaces with
 "encapsulation dot1q xxx") EoMPLS on PE devices. 

 At present moment we observing a following behaviour of our PE devices -
 during EoMPLS labels imposition on PE1 EXP bits are copied from already
 existing topmost label (and topmost label at this moment is the label
 of our customer) and we can't remark EXP bits. Of course it's breaking our
 own QoS policy inside our MPLS cloud (for example, we want to treat all traffic
 between CE1 and CE2 as EXP 0 class inside our core, but can't mark packets 
 correctly).

 We've tried to play with all possible combinations of ingress ports trust states
 (no mls qos trust, mls qos trust cos, mls qos trust ip-precedence) and ingress policies
 (set dscp 0, set mpls exp imposition 0) on PE1 and PE2, but without any
 success. So the question is how can we impose EoMPLS labels with our own EXP
 bits in this scenario ? 

 Am I understanding correctly that with 12.2(18)SXE5 Cisco will trust any
 ingress EXP bits without any exclusion ? Will upgrade to 12.2(18)SXF help
 to change this behaviour (in other words, will we be able to use our own
 policy marking after setting "no mls qos mpls trust exp" on PE ingress
 interface) ? Also I'm a bit confusing with following quote from Cisco docs :

 "For EoMPLS, if the port is untrusted, the CoS trust state is automatically
 configured for VC type 4 (VLAN mode), not for VC type 5 (port mode). 802.1q
 CoS preservation across the tunnel is similar.

 Packets received on tunnel ingress are treated as untrusted for EoMPLS
 interfaces, except for VC Type 4 where trust CoS is automatically configured
 on the ingress port and policy marking is not applied."

 Does it really means that for untrusted ports I'm unable to mark ingress packets
 using my own policy ?

 Thanks in advance.

P.S. Also I've found CSCse41480 bug description on CCO, but I'm not sure that
it's somehow connected to our current situation :)

-- 
Andrey Elperin

More information about the cisco-nsp mailing list