[c-nsp] ASR1K (3.6), L2TP and ToS Reflection

[David Freedman]

Greetings,

This question concerns ASR1K, IOS XE 3.6 and L2TPv2/VPDN.

I'd like to selectively reflect the ToS from the user's
payload into their L2TP tunnel, in order to do service
differentiation of the L2TP encapsulated traffic between
myself and the provider.

I need to preserve the customer markings,
in the payload so need a 'full-pipe' type solution.

The "ip tos <x | reflect>" syntax in the VPDN
group does not I'm afraid satisfy this requirement
since it either enables all reflection to be SP
or customer driven, not both (and also, I can't
discriminate between user types)

Whilst I can think of a number of creative ways
inside my environment for nailing a user to a VPDN
group, this doesn't satisfy my next requirement
which is to provide for multiple types of marking
based on the user's traffic as well.

For instance, a particular class of user
(say CLASS_A) should always produce an enscpaulated
DSCP of , say, AF11.

The next class (CLASS_B) should produce AF21 unless
their payload is EF in which case the encapsulated DSCP
should be EF. 

Having access to a "set" directive that allowed this
(I.e set-dscp-tunnel-transmit) which worked for L2TPv2
as well as GRE, outbound towards the user would be great,
unfortunately such a facility doesn't exist.

The next thing I was thinking of , was using qos-groups
on the subscriber and then matching these (and setting
on egress the correct DSCP), I recall testing such double
action policies in the lab (where one policy was on the
subscriber and the other on the egress interface) and
it didn't work due to the rollup of the behaviour in the QFP
(wanting to act on the flow from start to
finish with a single action).

As I'd like to use some for this particular project,
I'd be grateful for any suggestions, especially if they
come with the ERBU stamp of approval!

Dave.