[c-nsp] Problem with dscp packets marking on 76th platform.
Teslenko Andrey
tav at ucomline.net
Wed Nov 25 12:56:52 EST 2009
Nicolás Leiva пишет:
> You might want to review
> http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/mplsqos.html#wp1509501
There are nothing new for me here
I tried to say following
When router added mpls label in header of packet
then dscp field became clean
We tested that
PE1--(/30,MPLS/OSPF)--> PE2
PE2: PHP was enabled. Packets came with dscp
PE2: PHP was switched off. Packets came without dscp
>
> Nicolas
>
> On Wed, Nov 25, 2009 at 12:51 PM, Teslenko <ex_art at mail.ru> wrote:
>
>> selamat pagi пишет:
>>> What's the config on the ingress interface of PE1 ?
>>> Do you use VPNs (vrf interface) ?
>>> Is TE active ?
>> I have understood that it has misled you
>>
>>>>>> ping from CE
>>>>>> Type escape sequence to abort.
>>>>>> Sending 100, 100-byte ICMP Echos to 10.10.10.5, timeout is 2
>>>> seconds:
>>>>>> Packet sent with a source address of 10.10.10.1
>>
>> Really initially the traffic ran between two vrf
>> The scheme of traffic's movement looks as follows
>>
>> [SW-1]--1->(Te1.661)PE1(Te1.662)--2->[SW-1]--3->(Gi0/1)PE2
>>
>> This test was necessary to understand "Does marking work in general?"
>>
>> Yes, it does.
>>
>> Then was tested MPLS scheme with P router and without P
>>
>> First. With P router
>>
>> [SW-1]--> (Te1.661)PE1--(/30,MPLS/OSPF)--> P--(/30,MPLS/OSPF)--> PE2
>> -->(82.xx.xx.160/30)->CE
>>
>> So we saw marking do not occur
>> When we use the scheme without router P all works correctly
>>
>> [SW-1]--> (Te1.661)PE1--(/30,MPLS/OSPF)--> PE2 -->(82.xx.xx.160/30)->CE
>>
>> But a problem not in P router.
>> It has been stated in previous letter
>> Problem occur when MPLS label is encapsulating to header of packets.
>> This doesn't occur when P not present in scheme,
>> because PE1 became penultimate for PE2.
>> So MPLS label doesn't change, because PHP is enable on PE2 by default.
>>
>>
>> Interface configuration between SW-1 and PE1 looks as follow
>> ==================================================
>> [SW-1]--1->(Te1.661)PE1
>> ==================================================
>> ------------------ listing -----------------------
>> 1) SW-1:
>> interface Vlan661
>> ip address 62.xxx.xx.20 255.255.255.240
>> End
>> ip route 82.xx.xx.161 255.255.255.255 62.xxx.xx.17
>>
>> 2) PE1:
>> interface Te1.661
>> encapsulation dot1Q 661
>> ip address 62.xxx.xx.17 255.255.255.240
>> no ip redirects
>> no ip proxy-arp
>> ip mtu 1500
>> service-policy input test-in-dscp-set
>> end
>>
>> PE1#sh policy-map test-in-dscp-set
>> Policy Map test-in-dscp-set
>> Class test
>> set ip dscp 39
>> Class class-default
>>
>> PE1#sh class-map test
>> Class Map match-all test (id 25)
>> Match access-group 100
>>
>> PE1#sh run | i access-list 100
>> access-list 100 permit ip host 62.xxx.xx.20 host 82.xx.xx.161
>> access-list 100 deny ip any any
>> ----------------- end of listing----------------
>>
>>
>> Interface configuration on PE2
>> =================================================
>> PE2 -->(82.xx.xx.160/30)->CE
>> =================================================
>> ------------------ listing -----------------------
>> interface Gi1.205
>> encapsulation dot1Q 205
>> ip address 82.xx.xx.162 255.255.255.252
>> no ip redirects
>> no ip proxy-arp
>> ip mtu 1500
>> ip flow ingress
>> no cdp enable
>> service-policy output test-Out
>> end
>>
>> PE2#sh policy-map test-Out
>> Policy Map test-Out
>> Class test
>> Class class-default
>>
>> PE2#sh class-map test
>> Class Map match-all test (id 27)
>> Match ip dscp 39
>> ----------------- end of listing----------------
>>
>> ===============================================
>> Start Test
>> ===============================================
>> ------------------ listing -----------------------
>> SW-1#ping 82.xx.xx.161 source 62.xx.xx.20 repeat 10
>>
>> PE1#sh policy-map interface Te1.661
>> TenGigabitEthernet1.661
>> Service-policy input: test
>> class-map: test (match-all)
>> Match: access-group 100
>> set dscp 39:
>> Earl in slot 1 :
>> 1180 bytes
>> 30 second offered rate 280 bps
>> aggregate-forwarded 1180 bytes
>> Class-map: class-default (match-any)
>> 0 packets, 0 bytes
>> 30 second offered rate 0 bps, drop rate 0 bps
>> Match: any
>> 0 packets, 0 bytes
>> 30 second rate 0 bps
>>
>> PE2# sh policy-map interface Gi1.205 output class test
>> GigabitEthernet1.205
>> Service-policy output: test-Out
>> Class-map: test (match-all)
>> 0 packets, 0 bytes
>> 30 second offered rate 0 bps
>> Match: ip dscp 39
>> ----------------- end of listing----------------
>>
>>
>>
>>> cheers, ketimun
>>>
>>>
>>> On Wed, Nov 25, 2009 at 12:09 PM, Teslenko <ex_art at mail.ru> wrote:
>>>
>>>> Hello All,
>>>>
>>>> We try to introduce Qos in ours IP/MPLS backbone network,
>>>> constructed on routers 7600th series
>>>>
>>>> All 76-s' are P or PE devices should accept from outside MPLS or IP
>>>> traffic.
>>>> On PE devices we mark packages and we want, that DSCP was transferred
>>>> transparently within MPLS domain. But we have problem.
>>>>
>>>> We use IOS v12.2 (33) SRC1 now.
>>>>
>>>>
>>>> Testing passed on CISCO7609-S with linear card WS-X6708-10GE
>>>>
>>>>
>>>> ==================================
>>>> The test #1
>>>> ==================================
>>>>
>>>> P device CISCO7609-S ingress port on linear card WS-X6708-10GE,
>>>> egress port on linear card WS-X6724-SFP.
>>>> Device PE2 the last in a chain, PHP option enable by default
>>>>
>>>> The scheme of traffic's movement looks as follows
>>>>
>>>> CE--> SW-1> (ingress) PE1 (egress)--> P--> (ingress) PE2
>>>>
>>>> 1.1 Interfaces of the P device are configured as follows
>>>>
>>>> interface TenGigabitEthernet (WS-X6708-10GE)
>>>> dampening
>>>> mtu 4470
>>>> ip address yy.yy.yy.yy 255.255.255.252
>>>> carrier-delay msec 0
>>>> mpls traffic-eng tunnels
>>>> mpls ip
>>>> hold-queue 1000 in
>>>> ip rsvp bandwidth
>>>> end
>>>> !
>>>> interface GigabitEthernet (WS-X6724-SFP)
>>>> dampening
>>>> mtu 4470
>>>> ip address xx.xx.xx.xx 255.255.255.252
>>>> carrier-delay msec 0
>>>> mpls traffic-eng tunnels
>>>> mpls ip
>>>> hold-queue 1000 in
>>>> ip rsvp bandwidth
>>>> end
>>>>
>>>>
>>>> 1.2. Marking of traffic occur on ingress interface of PE1
>>>>
>>>>>> policy-map test-in-dscp-set
>>>>>> class class-default
>>>>>> set dscp 39
>>>> 2.3. Stock-taking dscp labels occur on ingress interface of PE2.
>>>>
>>>> -------------------------------------------------
>>>> listing-------------------
>>>>>> ping from CE
>>>>>> Type escape sequence to abort.
>>>>>> Sending 100, 100-byte ICMP Echos to 10.10.10.5, timeout is 2
>>>> seconds:
>>>>>> Packet sent with a source address of 10.10.10.1
>>>>>> !!!!!
>>>>>> Success rate is 100 percent (100/100), round-trip min/avg/max =
>>>> 1/4/9 ms
>>>>>> PE2#sh policy-map interf Gi0/1.662 in class match-test-dscp
>>>>>> GigabitEthernet0/1.662
>>>>>>
>>>>>> Service-policy input: Customer-test-In
>>>>>>
>>>>>> Class-map: match-test-dscp (match-any)
>>>>>> 0 packets, 0 bytes
>>>>>> 30 second offered rate 0 bps
>>>>>> Match: ip dscp 39
>>>>>> 0 packets, 0 bytes
>>>>>> 30 second rate 0 bps
>>>>>> ----------------- end of
>> listing----------------------------------------
>>>> As appears from an example marking do not occur
>>>>
>>>>
>>>> 1.4 MPLS trace looks as follows
>>>>
>>>> PE1#trace mpls ipv4 213.xxx.xxx.4 255.255.255.255
>>>> Tracing MPLS Label Switched Path to 213.xxx.xxx.4/32, timeout is 2
>> seconds
>>>> Type escape sequence to abort.
>>>> 0 213.xxx.xxx.202 MRU 4470 [Labels: 50 Exp: 0]
>>>> L 1 213.xxx.xxx.201 MRU 4474 [Labels: implicit-null Exp: 0] 169 ms
>>>> ! 2 213.xxx.xxx.18 4 ms
>>>>
>>>> PE1 encapsulate MPLS header to a package with value of the label = 50
>>>> and a field
>>>> Exp=0
>>>>
>>>> ==================================
>>>> The test #2
>>>> ==================================
>>>>
>>>> The scheme of traffic's movement looks as follows
>>>>
>>>> CE--> SW-1> (ingress) PE1 (egress) --->(ingress)PE2
>>>>
>>>> 2.1 Device PE2 the last in the chain, it have PHP option enable by
>> default
>>>> MPLS trace looks as follows
>>>> PE1#trace mpls ipv4 213.xxx.xxx.4 255.255.255.255
>>>> Tracing MPLS Label Switched Path to 213.xxx.xxx.4/32, timeout is 2
>> seconds
>>>> Type escape sequence to abort.
>>>> 0 213.xxx.xxx.19 MRU 4470 [Labels: implicit-null Exp: 0]
>>>> ! 1 213.xxx.xxx.18 4 ms
>>>>
>>>> PE1 don't encapsulate MPLS header to a package.
>>>> Result:
>>>>
>>>>>> PE2#sh policy-map interf Gi0/1.662 in class match-test-dscp
>>>>>> GigabitEthernet0/1.662
>>>>>>
>>>>>> Service-policy input: Customer-test-In
>>>>>>
>>>>>> Class-map: match-test-dscp (match-any)
>>>>>> 100 packets, 0 bytes
>>>>>> 30 second offered rate 0 bps
>>>>>> Match: ip dscp 39
>>>>>> 100 packets, 0 bytes
>>>>>> 30 second rate 0 bps
>>>> So DSCP label comes on PE2
>>>>
>>>> 2.2 Device PE2 the last in a chain, option PHP switched off
>>>>
>>>> PE2 (config) # mpls ldp explicit-null
>>>> PE2 (config) #
>>>>
>>>> So PE1 encapsulate MPLS header to a package,
>>>> And as result packages again comes without DSCP label.
>>>>
>>>> Result.
>>>> When MPLS label was encapsulated to header, as result DCSP label was
>>>> cleared.
>>>>
>>>> Does anybody know decision for this problem?
>>>>
>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>
>>> _______________________________________________
>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Andrey Teslenko
Leading ip engineer
JSC "Farlep-Invest", Ukraine, Odessa
Backbone network department
Network operation sector
mob: 8063 617-01-68
tel: 8048 716-55-72
More information about the cisco-nsp
mailing list