[c-nsp] MPLS to Customer (Option B) / Multiple VRFs on CPEs

[Saku Ytti]

On (2014-08-28 15:05 +0100), James Bensley wrote:

Hi James,

> Dare I say it what access/agg layer boxes (such as ME3x00) from Cisco
> will perform QoS deeper than one MPLS label?

ASR9001 certainly. I'm not sure what ME3x00 could in theory do, it does not
seem hard for me to think it could classify based on IP packets for MPLS
encapped packets.
In any case, label stack would be 1.

> Is there no product that will look more than one label deep for QoS so
> we can have option B peering to CPE with QoS? What I would be looking
> for is a box that can look two labels deep for example so we can see
> voice class packets irrelevant of the VPN they belong to? At the

If you're thinking of optionB, label stack would be between ASBRs 1 label
deep.

> Opt D (Cisco "Opt AB") could be a good tool if you don't need QoS and
> ACLs on all VPNs, only creating the hybrid Opt A peerings, breaking
> them out from the Opt B link for VPNs that do need QoS/ACL etc but
> thats no good if all VPNs require QoS (multi-tenant building with
> shared CPE, tenant in each VRF and each run's VOIP for example).

AB is interesting, I wonder if anyone else implements it, and I guess security
is same as B, non-existing. Data-plane is labeled, so you would still need
label security.

Now if it would be A + single-bgp with new magic NLRI giving multiplexing
discriminator (VLAN, DLCI, PVC), that might be interesting :).
It would work without any HW requirement and it would be secure by-default, as
any spooffed multiplexing discriminator would simply hit unconfigured logical
interface (provided NNI is connected to router port, not switch port)
This might be interesting for many existing NNIs, because BGP per VLAN scales
really poorly, measlybox could roll 1000 VLAN NNI without any trouble at
all, but running 1000 BGP sesssions is non-starter for many boxes.

-- 
  ++ytti