[c-nsp] Problem with dscp packets marking on 76th platform.

Teslenko ex_art at mail.ru
Wed Nov 25 10:51:47 EST 2009 

selamat pagi пишет:
> What's the config on the ingress interface of PE1 ?
> Do you use VPNs (vrf interface) ?
> Is TE active ?

I have understood that it has misled you

>>>> ping from CE
>>>>      Type escape sequence to abort.
>>>>      Sending 100, 100-byte ICMP Echos to 10.10.10.5, timeout is 2
>> seconds:
>>>>      Packet sent with a source address of 10.10.10.1


Really initially the traffic ran between two vrf
The scheme of traffic's movement looks as  follows

[SW-1]--1->(Te1.661)PE1(Te1.662)--2->[SW-1]--3->(Gi0/1)PE2

This test was necessary to understand "Does marking work in general?"

Yes, it does.

Then was tested MPLS scheme with P router and without P

First. With P router

[SW-1]--> (Te1.661)PE1--(/30,MPLS/OSPF)--> P--(/30,MPLS/OSPF)--> PE2
-->(82.xx.xx.160/30)->CE

So we saw  marking do not occur
When we use the scheme without router P all works correctly

[SW-1]--> (Te1.661)PE1--(/30,MPLS/OSPF)--> PE2 -->(82.xx.xx.160/30)->CE

But a problem not in  P router.
It has been stated in previous letter
Problem occur when MPLS label is encapsulating to header of packets.
This doesn't occur when P not present in scheme,
because PE1 became penultimate for PE2.
So MPLS label doesn't change, because PHP is enable on PE2 by default.


Interface configuration between SW-1 and PE1 looks as follow
==================================================
[SW-1]--1->(Te1.661)PE1
==================================================
------------------ listing -----------------------
1) SW-1:
interface Vlan661
 ip address 62.xxx.xx.20 255.255.255.240
End
ip route 82.xx.xx.161 255.255.255.255 62.xxx.xx.17

2) PE1:
interface Te1.661
 encapsulation dot1Q 661
 ip address 62.xxx.xx.17 255.255.255.240
 no ip redirects
 no ip proxy-arp
 ip mtu 1500
 service-policy input test-in-dscp-set
end

 PE1#sh policy-map test-in-dscp-set
  Policy Map test-in-dscp-set
    Class test
      set ip dscp 39
    Class class-default

 PE1#sh class-map test
 Class Map match-all test (id 25)
   Match access-group  100

PE1#sh run | i access-list 100
access-list 100 permit ip host 62.xxx.xx.20 host 82.xx.xx.161
access-list 100 deny   ip any any
----------------- end of listing----------------


Interface configuration on PE2
=================================================
 PE2 -->(82.xx.xx.160/30)->CE
=================================================
------------------ listing -----------------------
interface Gi1.205
 encapsulation dot1Q 205
 ip address 82.xx.xx.162 255.255.255.252
 no ip redirects
 no ip proxy-arp
 ip mtu 1500
 ip flow ingress
 no cdp enable
 service-policy output test-Out
end

 PE2#sh policy-map test-Out
  Policy Map test-Out
    Class test
    Class class-default

 PE2#sh class-map test
 Class Map match-all test (id 27)
   Match ip  dscp 39
----------------- end of listing----------------

===============================================
Start Test
===============================================
------------------ listing -----------------------
SW-1#ping 82.xx.xx.161 source 62.xx.xx.20 repeat 10

PE1#sh policy-map interface Te1.661
 TenGigabitEthernet1.661
  Service-policy input: test
    class-map: test (match-all)
      Match: access-group 100
      set dscp 39:
      Earl in slot 1 :
        1180 bytes
        30 second offered rate 280 bps
        aggregate-forwarded 1180 bytes
    Class-map: class-default (match-any)
      0 packets, 0 bytes
      30 second offered rate 0 bps, drop rate 0 bps
      Match: any
        0 packets, 0 bytes
        30 second rate 0 bps

PE2# sh policy-map interface Gi1.205 output class test
 GigabitEthernet1.205
  Service-policy output: test-Out
    Class-map: test (match-all)
      0 packets, 0 bytes
      30 second offered rate 0 bps
      Match: ip dscp 39
----------------- end of listing----------------



> cheers, ketimun
> 
> 
> On Wed, Nov 25, 2009 at 12:09 PM, Teslenko <ex_art at mail.ru> wrote:
> 
>> Hello All,
>>
>> We try to introduce Qos in ours IP/MPLS backbone network,
>> constructed on routers 7600th series
>>
>> All 76-s' are P or PE devices should accept from outside  MPLS or IP
>> traffic.
>> On PE devices we mark packages and we want, that DSCP was transferred
>> transparently within MPLS domain. But we have problem.
>>
>> We use IOS  v12.2 (33) SRC1 now.
>>
>>
>> Testing passed on CISCO7609-S with linear card WS-X6708-10GE
>>
>>
>> ==================================
>>                                      The test #1
>> ==================================
>>
>> P device CISCO7609-S ingress port on linear card WS-X6708-10GE,
>> egress port on linear card WS-X6724-SFP.
>> Device PE2 the last in a chain, PHP option enable  by default
>>
>>  The scheme of traffic's movement looks as  follows
>>
>>  CE--> SW-1> (ingress) PE1 (egress)--> P--> (ingress) PE2
>>
>> 1.1 Interfaces  of the P  device are configured as follows
>>
>> interface TenGigabitEthernet (WS-X6708-10GE)
>>  dampening
>>  mtu 4470
>>  ip address yy.yy.yy.yy 255.255.255.252
>>  carrier-delay msec 0
>>  mpls traffic-eng tunnels
>>  mpls ip
>>  hold-queue 1000 in
>>  ip rsvp bandwidth
>> end
>> !
>> interface GigabitEthernet (WS-X6724-SFP)
>>  dampening
>>  mtu 4470
>>  ip address xx.xx.xx.xx 255.255.255.252
>>  carrier-delay msec 0
>>  mpls traffic-eng tunnels
>>  mpls ip
>>  hold-queue 1000 in
>>  ip rsvp bandwidth
>> end
>>
>>
>> 1.2. Marking of traffic occur on ingress interface of PE1
>>
>>>> policy-map test-in-dscp-set
>>>> class class-default
>>>> set dscp 39
>> 2.3. Stock-taking dscp labels occur on ingress interface of PE2.
>>
>> -------------------------------------------------
>> listing-------------------
>>>> ping from CE
>>>>      Type escape sequence to abort.
>>>>      Sending 100, 100-byte ICMP Echos to 10.10.10.5, timeout is 2
>> seconds:
>>>>      Packet sent with a source address of 10.10.10.1
>>>>      !!!!!
>>>>      Success rate is 100 percent (100/100), round-trip min/avg/max =
>> 1/4/9 ms
>>>> PE2#sh policy-map interf Gi0/1.662 in class match-test-dscp
>>>> GigabitEthernet0/1.662
>>>>
>>>> Service-policy input: Customer-test-In
>>>>
>>>> Class-map: match-test-dscp (match-any)
>>>> 0 packets, 0 bytes
>>>> 30 second offered rate 0 bps
>>>> Match: ip dscp 39
>>>> 0 packets, 0 bytes
>>>> 30 second rate 0 bps
>>>> ----------------- end of listing----------------------------------------
>> As appears from an example marking do not occur
>>
>>
>> 1.4 MPLS trace looks as follows
>>
>> PE1#trace mpls ipv4 213.xxx.xxx.4 255.255.255.255
>> Tracing MPLS Label Switched Path to 213.xxx.xxx.4/32, timeout is 2 seconds
>>  Type escape sequence to abort.
>>   0 213.xxx.xxx.202 MRU 4470 [Labels: 50 Exp: 0]
>>  L 1 213.xxx.xxx.201 MRU 4474 [Labels: implicit-null Exp: 0] 169 ms
>>  ! 2 213.xxx.xxx.18 4 ms
>>
>> PE1 encapsulate MPLS header to a package with value of the label = 50
>> and a field
>> Exp=0
>>
>> ==================================
>>                                      The test #2
>> ==================================
>>
>> The scheme of traffic's movement looks as  follows
>>
>>  CE--> SW-1> (ingress) PE1 (egress) --->(ingress)PE2
>>
>> 2.1 Device PE2 the last in the chain, it have PHP option enable by default
>>
>> MPLS trace looks as follows
>> PE1#trace mpls ipv4 213.xxx.xxx.4 255.255.255.255
>> Tracing MPLS Label Switched Path to 213.xxx.xxx.4/32, timeout is 2 seconds
>>  Type escape sequence to abort.
>>   0 213.xxx.xxx.19 MRU 4470 [Labels: implicit-null Exp: 0]
>>  ! 1 213.xxx.xxx.18 4 ms
>>
>> PE1 don't encapsulate MPLS header to a package.
>> Result:
>>
>>>> PE2#sh policy-map interf Gi0/1.662 in class match-test-dscp
>>>> GigabitEthernet0/1.662
>>>>
>>>> Service-policy input: Customer-test-In
>>>>
>>>> Class-map: match-test-dscp (match-any)
>>>> 100 packets, 0 bytes
>>>> 30 second offered rate 0 bps
>>>> Match: ip dscp 39
>>>> 100 packets, 0 bytes
>>>> 30 second rate 0 bps
>> So DSCP label comes on PE2
>>
>> 2.2 Device PE2 the last in a chain, option PHP switched off
>>
>> PE2 (config) # mpls ldp explicit-null
>> PE2 (config) #
>>
>> So PE1 encapsulate MPLS header to a package,
>> And as result packages again comes without DSCP label.
>>
>> Result.
>> When MPLS label was encapsulated to header, as result DCSP label was
>> cleared.
>>
>> Does anybody know decision for this problem?
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list