Simplified Networking
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto

​MPLS QoS - Uniform Mode

Picture
This variation is designed to take a QoS marking that is set by the provider and copy it into the IP packet DSCP section of the IPv4 packet header as traffic leaves towards the customer device. The traffic can enter the provider network as CS6 but remarked on the egress interface on the egress PE as CS3. The nice part is that this setup carries over from the Explicit null lab, which is left enabled on the egress PE router.

The idea we are going to go forward with is in the class class-default, set all traffic to EXP on the P router (CSR3) which will set all traffic from EXP6 to EXP3. The EXP3 markings will be received by the egress PE, CSR5 with label 0 due to explicit-null being defined on CSR5. The next step is to setup a policy on CSR5 that will allow traffic marked with EXP3 to be copied from the MPLS labeled packets and place that marking on the IP packets that will be forwarded to the customer. 

Note - remove the service-policy on CSR1 from G1 outbound to CSR3 before moving on.

CSR1
interface GigabitEthernet1
 no service-policy output PM_EXP3_TO_CORE


CSR3
policy-map PM_QOS_FROM_PE
 class class-default
  set mpls experimental topmost 3
!
interface GigabitEthernet4
 service-policy input PM_QOS_FROM_PE


CSR5
mpls ldp explicit-null
!
class-map match-all CM_EXP3
 match mpls experimental topmost 3 
!
class-map match-all CM_QOS_GROUP3
 match qos-group 3
!
policy-map PM_QOS_TO_CUSTOMER
 class CM_QOS_GROUP3
  set ip precedence 3
!
policy-map PM_QOS_FROM_CORE
 class CM_EXP3
  set qos-group 3
!
interface GigabitEthernet1
 service-policy input PM_QOS_FROM_CORE
!
interface GigabitEthernet2
 service-policy output PM_QOS_TO_CUSTOMER



IOS17#telnet 10.101.18.18 /source-interface loopback 101
Username: Rob
Password: 
**************************************************************************
* IOSv is strictly limited to use for evaluation, demonstration and IOS  *
* education. IOSv is provided as-is and is not supported by Cisco's      *
* Technical Advisory Center. Any use or disclosure, in whole or in part, *
* of the IOSv Software or Documentation to any third party for any       *
* purposes is expressly prohibited except as otherwise authorized by     *
* Cisco in writing.                                                      *
**************************************************************************
IOS18#
Picture
After Telnetting from IOS17 to IOS18, we check wireshark and see that no modification on the ingress PE has taken place, which is the expected output, EXP6 in both labels.
Picture
We see that as traffic passes through CSR3, which is a P router, the egress interface towards CSR5 has Label 0 or explicit null applied with EXP3 being the remarking.
Picture
We can see on the above output that CS3 is the marking that is sent to the customer.


IOS18#show ip access-lists 
Extended IP access list QOS
    10 permit ip any any dscp cs1
    20 permit ip any any dscp cs2
    30 permit ip any any dscp cs3 (71 matches)
    40 permit ip any any dscp cs4
    50 permit ip any any dscp cs5
    60 permit ip any any dscp cs6 (3248 matches)
    70 permit ip any any dscp cs7
    80 permit ip any any (400 matches)
Extended IP access list QoS_MARKINGS
    10 permit tcp any eq telnet any
    15 permit tcp any any eq telnet (1239 matches)
    20 permit ip any any (753 matches)


An ACL is configured an applied to CoPP, but in this case, the ACL entry for CS3 shows 71 hits proving that the marking is working.
Powered by Create your own unique website with customizable templates.
  • Home
  • Technology VoD!
    • Cisco >
      • Route & Switch / Enterprise Infrastructure
  • Technology Breakdowns!
    • Route&Switch/Ent. Infra. >
      • L2 Technologies
      • L3 Technologies
      • VPN Technologies
      • Services >
        • IOS - Dynamic NAT
        • HSRP - IPv4 Setup
        • HSRP - Priority and Preemption
    • Service Provider >
      • IGPs (Interior Gateway Protocols)
      • First Hop Redundancy >
        • HSRP (Hot Standby Router Protocol) >
          • HSRP - IOS/IOS XE Setup
          • HSRP - IOS XR Setup
      • BGP (Border Gateway Protocol)
      • Inter AS Multicast (MSDP)
      • Intra-AS MPLS
      • Inter-AS MPLS
    • Security >
      • IOS Firewall
      • ASA Firewall
      • FirePOWER Threat Defense >
        • FTD - FTD NGFW Device Setup and FMC Integration
      • VPNs >
        • PKI
        • Site to Site VPNs
        • Remote Access VPNs >
          • IOS Remote Access
          • ASA Remote Access
    • Data Center >
      • Nexus 9000v >
        • Nexus 9000v - Enabling Features
        • Nexus 9000v - VLANs and Trunks
        • Nexus 9000v - LACP Port Channels
        • Nexus 9000v - vPC (Virtual Port Channel)
        • Nexus 9000v - OSPFv2
        • Nexus 9000v - VXLAN - Ingress Replication Flood and Learn
        • Nexus 9000v - IP Multicast
        • Nexus 9000v - VxLAN - Multicast Flood and Learn
        • Nexus 9000v - VxLAN - BGP EVPN with Multicast
        • Nexus 9000v - VxLAN - BGP EVPN w/Ingress Replication
        • Nexus 9000v - VxLAN - Inter-VxLAN Routing with BGP EVPN
        • Nexus 9000v - VXLAN - External Routing
      • Nexus 7000v
    • Palo Alto