Mailing List Archive: Cisco: NSP

Problem with dscp packets marking on 76th platform.

Index | Next | Previous | View Threaded

ex_art at mail

Nov 25, 2009, 3:09 AM

Post #1 of 10 (828 views)
Permalink

Problem with dscp packets marking on 76th platform.

Hello All,

We try to introduce Qos in ours IP/MPLS backbone network,
constructed on routers 7600th series

All 76-s' are P or PE devices should accept from outside MPLS or IP
traffic.
On PE devices we mark packages and we want, that DSCP was transferred
transparently within MPLS domain. But we have problem.

We use IOS v12.2 (33) SRC1 now.

Testing passed on CISCO7609-S with linear card WS-X6708-10GE

==================================
The test #1
==================================

P device CISCO7609-S ingress port on linear card WS-X6708-10GE,
egress port on linear card WS-X6724-SFP.
Device PE2 the last in a chain, PHP option enable by default

The scheme of traffic's movement looks as follows

CE--> SW-1> (ingress) PE1 (egress)--> P--> (ingress) PE2

1.1 Interfaces of the P device are configured as follows

interface TenGigabitEthernet (WS-X6708-10GE)
dampening
mtu 4470
ip address yy.yy.yy.yy 255.255.255.252
carrier-delay msec 0
mpls traffic-eng tunnels
mpls ip
hold-queue 1000 in
ip rsvp bandwidth
end
!
interface GigabitEthernet (WS-X6724-SFP)
dampening
mtu 4470
ip address xx.xx.xx.xx 255.255.255.252
carrier-delay msec 0
mpls traffic-eng tunnels
mpls ip
hold-queue 1000 in
ip rsvp bandwidth
end

1.2. Marking of traffic occur on ingress interface of PE1

>>
>> policy-map test-in-dscp-set
>> class class-default
>> set dscp 39

2.3. Stock-taking dscp labels occur on ingress interface of PE2.

>>
------------------------------------------------- listing-------------------
>> ping from CE
>> Type escape sequence to abort.
>> Sending 100, 100-byte ICMP Echos to 10.10.10.5, timeout is 2 seconds:
>> Packet sent with a source address of 10.10.10.1
>> !!!!!
>> Success rate is 100 percent (100/100), round-trip min/avg/max = 1/4/9 ms
>>
>> PE2#sh policy-map interf Gi0/1.662 in class match-test-dscp
>> GigabitEthernet0/1.662
>>
>> Service-policy input: Customer-test-In
>>
>> Class-map: match-test-dscp (match-any)
>> 0 packets, 0 bytes
>> 30 second offered rate 0 bps
>> Match: ip dscp 39
>> 0 packets, 0 bytes
>> 30 second rate 0 bps
>>----------------- end of listing----------------------------------------

As appears from an example marking do not occur

1.4 MPLS trace looks as follows

PE1#trace mpls ipv4 213.xxx.xxx.4 255.255.255.255
Tracing MPLS Label Switched Path to 213.xxx.xxx.4/32, timeout is 2 seconds
Type escape sequence to abort.
0 213.xxx.xxx.202 MRU 4470 [Labels: 50 Exp: 0]
L 1 213.xxx.xxx.201 MRU 4474 [Labels: implicit-null Exp: 0] 169 ms
! 2 213.xxx.xxx.18 4 ms

PE1 encapsulate MPLS header to a package with value of the label = 50
and a field
Exp=0

==================================
The test #2
==================================

The scheme of traffic's movement looks as follows

CE--> SW-1> (ingress) PE1 (egress) --->(ingress)PE2

2.1 Device PE2 the last in the chain, it have PHP option enable by default

MPLS trace looks as follows
PE1#trace mpls ipv4 213.xxx.xxx.4 255.255.255.255
Tracing MPLS Label Switched Path to 213.xxx.xxx.4/32, timeout is 2 seconds
Type escape sequence to abort.
0 213.xxx.xxx.19 MRU 4470 [Labels: implicit-null Exp: 0]
! 1 213.xxx.xxx.18 4 ms

PE1 don't encapsulate MPLS header to a package.
Result:

>> PE2#sh policy-map interf Gi0/1.662 in class match-test-dscp
>> GigabitEthernet0/1.662
>>
>> Service-policy input: Customer-test-In
>>
>> Class-map: match-test-dscp (match-any)
>> 100 packets, 0 bytes
>> 30 second offered rate 0 bps
>> Match: ip dscp 39
>> 100 packets, 0 bytes
>> 30 second rate 0 bps

So DSCP label comes on PE2

2.2 Device PE2 the last in a chain, option PHP switched off

PE2 (config) # mpls ldp explicit-null
PE2 (config) #

So PE1 encapsulate MPLS header to a package,
And as result packages again comes without DSCP label.

Result.
When MPLS label was encapsulated to header, as result DCSP label was
cleared.

Does anybody know decision for this problem?

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

ketimun at gmail

Nov 25, 2009, 5:49 AM

Post #2 of 10 (783 views)
Permalink

Re: Problem with dscp packets marking on 76th platform. [In reply to]

What's the config on the ingress interface of PE1 ?
Do you use VPNs (vrf interface) ?
Is TE active ?

cheers, ketimun

On Wed, Nov 25, 2009 at 12:09 PM, Teslenko <ex_art [at] mail> wrote:

> Hello All,
>
> We try to introduce Qos in ours IP/MPLS backbone network,
> constructed on routers 7600th series
>
> All 76-s' are P or PE devices should accept from outside MPLS or IP
> traffic.
> On PE devices we mark packages and we want, that DSCP was transferred
> transparently within MPLS domain. But we have problem.
>
> We use IOS v12.2 (33) SRC1 now.
>
>
> Testing passed on CISCO7609-S with linear card WS-X6708-10GE
>
>
> ==================================
> The test #1
> ==================================
>
> P device CISCO7609-S ingress port on linear card WS-X6708-10GE,
> egress port on linear card WS-X6724-SFP.
> Device PE2 the last in a chain, PHP option enable by default
>
> The scheme of traffic's movement looks as follows
>
> CE--> SW-1> (ingress) PE1 (egress)--> P--> (ingress) PE2
>
> 1.1 Interfaces of the P device are configured as follows
>
> interface TenGigabitEthernet (WS-X6708-10GE)
> dampening
> mtu 4470
> ip address yy.yy.yy.yy 255.255.255.252
> carrier-delay msec 0
> mpls traffic-eng tunnels
> mpls ip
> hold-queue 1000 in
> ip rsvp bandwidth
> end
> !
> interface GigabitEthernet (WS-X6724-SFP)
> dampening
> mtu 4470
> ip address xx.xx.xx.xx 255.255.255.252
> carrier-delay msec 0
> mpls traffic-eng tunnels
> mpls ip
> hold-queue 1000 in
> ip rsvp bandwidth
> end
>
>
> 1.2. Marking of traffic occur on ingress interface of PE1
>
> >>
> >> policy-map test-in-dscp-set
> >> class class-default
> >> set dscp 39
>
> 2.3. Stock-taking dscp labels occur on ingress interface of PE2.
>
> >>
> -------------------------------------------------
> listing-------------------
> >> ping from CE
> >> Type escape sequence to abort.
> >> Sending 100, 100-byte ICMP Echos to 10.10.10.5, timeout is 2
> seconds:
> >> Packet sent with a source address of 10.10.10.1
> >> !!!!!
> >> Success rate is 100 percent (100/100), round-trip min/avg/max =
> 1/4/9 ms
> >>
> >> PE2#sh policy-map interf Gi0/1.662 in class match-test-dscp
> >> GigabitEthernet0/1.662
> >>
> >> Service-policy input: Customer-test-In
> >>
> >> Class-map: match-test-dscp (match-any)
> >> 0 packets, 0 bytes
> >> 30 second offered rate 0 bps
> >> Match: ip dscp 39
> >> 0 packets, 0 bytes
> >> 30 second rate 0 bps
> >>----------------- end of listing----------------------------------------
>
> As appears from an example marking do not occur
>
>
> 1.4 MPLS trace looks as follows
>
> PE1#trace mpls ipv4 213.xxx.xxx.4 255.255.255.255
> Tracing MPLS Label Switched Path to 213.xxx.xxx.4/32, timeout is 2 seconds
> Type escape sequence to abort.
> 0 213.xxx.xxx.202 MRU 4470 [Labels: 50 Exp: 0]
> L 1 213.xxx.xxx.201 MRU 4474 [Labels: implicit-null Exp: 0] 169 ms
> ! 2 213.xxx.xxx.18 4 ms
>
> PE1 encapsulate MPLS header to a package with value of the label = 50
> and a field
> Exp=0
>
> ==================================
> The test #2
> ==================================
>
> The scheme of traffic's movement looks as follows
>
> CE--> SW-1> (ingress) PE1 (egress) --->(ingress)PE2
>
> 2.1 Device PE2 the last in the chain, it have PHP option enable by default
>
> MPLS trace looks as follows
> PE1#trace mpls ipv4 213.xxx.xxx.4 255.255.255.255
> Tracing MPLS Label Switched Path to 213.xxx.xxx.4/32, timeout is 2 seconds
> Type escape sequence to abort.
> 0 213.xxx.xxx.19 MRU 4470 [Labels: implicit-null Exp: 0]
> ! 1 213.xxx.xxx.18 4 ms
>
> PE1 don't encapsulate MPLS header to a package.
> Result:
>
> >> PE2#sh policy-map interf Gi0/1.662 in class match-test-dscp
> >> GigabitEthernet0/1.662
> >>
> >> Service-policy input: Customer-test-In
> >>
> >> Class-map: match-test-dscp (match-any)
> >> 100 packets, 0 bytes
> >> 30 second offered rate 0 bps
> >> Match: ip dscp 39
> >> 100 packets, 0 bytes
> >> 30 second rate 0 bps
>
> So DSCP label comes on PE2
>
> 2.2 Device PE2 the last in a chain, option PHP switched off
>
> PE2 (config) # mpls ldp explicit-null
> PE2 (config) #
>
> So PE1 encapsulate MPLS header to a package,
> And as result packages again comes without DSCP label.
>
> Result.
> When MPLS label was encapsulated to header, as result DCSP label was
> cleared.
>
> Does anybody know decision for this problem?
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

ex_art at mail

Nov 25, 2009, 7:51 AM

Post #3 of 10 (772 views)
Permalink

Re: Problem with dscp packets marking on 76th platform. [In reply to]

selamat pagi пишет:
> What's the config on the ingress interface of PE1 ?
> Do you use VPNs (vrf interface) ?
> Is TE active ?

I have understood that it has misled you

>>>> ping from CE
>>>> Type escape sequence to abort.
>>>> Sending 100, 100-byte ICMP Echos to 10.10.10.5, timeout is 2
>> seconds:
>>>> Packet sent with a source address of 10.10.10.1

Really initially the traffic ran between two vrf
The scheme of traffic's movement looks as follows

[SW-1]--1->(Te1.661)PE1(Te1.662)--2->[SW-1]--3->(Gi0/1)PE2

This test was necessary to understand "Does marking work in general?"

Yes, it does.

Then was tested MPLS scheme with P router and without P

First. With P router

[SW-1]--> (Te1.661)PE1--(/30,MPLS/OSPF)--> P--(/30,MPLS/OSPF)--> PE2
-->(82.xx.xx.160/30)->CE

So we saw marking do not occur
When we use the scheme without router P all works correctly

[SW-1]--> (Te1.661)PE1--(/30,MPLS/OSPF)--> PE2 -->(82.xx.xx.160/30)->CE

But a problem not in P router.
It has been stated in previous letter
Problem occur when MPLS label is encapsulating to header of packets.
This doesn't occur when P not present in scheme,
because PE1 became penultimate for PE2.
So MPLS label doesn't change, because PHP is enable on PE2 by default.

Interface configuration between SW-1 and PE1 looks as follow
==================================================
[SW-1]--1->(Te1.661)PE1
==================================================
------------------ listing -----------------------
1) SW-1:
interface Vlan661
ip address 62.xxx.xx.20 255.255.255.240
End
ip route 82.xx.xx.161 255.255.255.255 62.xxx.xx.17

2) PE1:
interface Te1.661
encapsulation dot1Q 661
ip address 62.xxx.xx.17 255.255.255.240
no ip redirects
no ip proxy-arp
ip mtu 1500
service-policy input test-in-dscp-set
end

PE1#sh policy-map test-in-dscp-set
Policy Map test-in-dscp-set
Class test
set ip dscp 39
Class class-default

PE1#sh class-map test
Class Map match-all test (id 25)
Match access-group 100

PE1#sh run | i access-list 100
access-list 100 permit ip host 62.xxx.xx.20 host 82.xx.xx.161
access-list 100 deny ip any any
----------------- end of listing----------------

Interface configuration on PE2
=================================================
PE2 -->(82.xx.xx.160/30)->CE
=================================================
------------------ listing -----------------------
interface Gi1.205
encapsulation dot1Q 205
ip address 82.xx.xx.162 255.255.255.252
no ip redirects
no ip proxy-arp
ip mtu 1500
ip flow ingress
no cdp enable
service-policy output test-Out
end

PE2#sh policy-map test-Out
Policy Map test-Out
Class test
Class class-default

PE2#sh class-map test
Class Map match-all test (id 27)
Match ip dscp 39
----------------- end of listing----------------

===============================================
Start Test
===============================================
------------------ listing -----------------------
SW-1#ping 82.xx.xx.161 source 62.xx.xx.20 repeat 10

PE1#sh policy-map interface Te1.661
TenGigabitEthernet1.661
Service-policy input: test
class-map: test (match-all)
Match: access-group 100
set dscp 39:
Earl in slot 1 :
1180 bytes
30 second offered rate 280 bps
aggregate-forwarded 1180 bytes
Class-map: class-default (match-any)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
0 packets, 0 bytes
30 second rate 0 bps

PE2# sh policy-map interface Gi1.205 output class test
GigabitEthernet1.205
Service-policy output: test-Out
Class-map: test (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps
Match: ip dscp 39
----------------- end of listing----------------

> cheers, ketimun
>
>
> On Wed, Nov 25, 2009 at 12:09 PM, Teslenko <ex_art [at] mail> wrote:
>
>> Hello All,
>>
>> We try to introduce Qos in ours IP/MPLS backbone network,
>> constructed on routers 7600th series
>>
>> All 76-s' are P or PE devices should accept from outside MPLS or IP
>> traffic.
>> On PE devices we mark packages and we want, that DSCP was transferred
>> transparently within MPLS domain. But we have problem.
>>
>> We use IOS v12.2 (33) SRC1 now.
>>
>>
>> Testing passed on CISCO7609-S with linear card WS-X6708-10GE
>>
>>
>> ==================================
>> The test #1
>> ==================================
>>
>> P device CISCO7609-S ingress port on linear card WS-X6708-10GE,
>> egress port on linear card WS-X6724-SFP.
>> Device PE2 the last in a chain, PHP option enable by default
>>
>> The scheme of traffic's movement looks as follows
>>
>> CE--> SW-1> (ingress) PE1 (egress)--> P--> (ingress) PE2
>>
>> 1.1 Interfaces of the P device are configured as follows
>>
>> interface TenGigabitEthernet (WS-X6708-10GE)
>> dampening
>> mtu 4470
>> ip address yy.yy.yy.yy 255.255.255.252
>> carrier-delay msec 0
>> mpls traffic-eng tunnels
>> mpls ip
>> hold-queue 1000 in
>> ip rsvp bandwidth
>> end
>> !
>> interface GigabitEthernet (WS-X6724-SFP)
>> dampening
>> mtu 4470
>> ip address xx.xx.xx.xx 255.255.255.252
>> carrier-delay msec 0
>> mpls traffic-eng tunnels
>> mpls ip
>> hold-queue 1000 in
>> ip rsvp bandwidth
>> end
>>
>>
>> 1.2. Marking of traffic occur on ingress interface of PE1
>>
>>>> policy-map test-in-dscp-set
>>>> class class-default
>>>> set dscp 39
>> 2.3. Stock-taking dscp labels occur on ingress interface of PE2.
>>
>> -------------------------------------------------
>> listing-------------------
>>>> ping from CE
>>>> Type escape sequence to abort.
>>>> Sending 100, 100-byte ICMP Echos to 10.10.10.5, timeout is 2
>> seconds:
>>>> Packet sent with a source address of 10.10.10.1
>>>> !!!!!
>>>> Success rate is 100 percent (100/100), round-trip min/avg/max =
>> 1/4/9 ms
>>>> PE2#sh policy-map interf Gi0/1.662 in class match-test-dscp
>>>> GigabitEthernet0/1.662
>>>>
>>>> Service-policy input: Customer-test-In
>>>>
>>>> Class-map: match-test-dscp (match-any)
>>>> 0 packets, 0 bytes
>>>> 30 second offered rate 0 bps
>>>> Match: ip dscp 39
>>>> 0 packets, 0 bytes
>>>> 30 second rate 0 bps
>>>> ----------------- end of listing----------------------------------------
>> As appears from an example marking do not occur
>>
>>
>> 1.4 MPLS trace looks as follows
>>
>> PE1#trace mpls ipv4 213.xxx.xxx.4 255.255.255.255
>> Tracing MPLS Label Switched Path to 213.xxx.xxx.4/32, timeout is 2 seconds
>> Type escape sequence to abort.
>> 0 213.xxx.xxx.202 MRU 4470 [Labels: 50 Exp: 0]
>> L 1 213.xxx.xxx.201 MRU 4474 [Labels: implicit-null Exp: 0] 169 ms
>> ! 2 213.xxx.xxx.18 4 ms
>>
>> PE1 encapsulate MPLS header to a package with value of the label = 50
>> and a field
>> Exp=0
>>
>> ==================================
>> The test #2
>> ==================================
>>
>> The scheme of traffic's movement looks as follows
>>
>> CE--> SW-1> (ingress) PE1 (egress) --->(ingress)PE2
>>
>> 2.1 Device PE2 the last in the chain, it have PHP option enable by default
>>
>> MPLS trace looks as follows
>> PE1#trace mpls ipv4 213.xxx.xxx.4 255.255.255.255
>> Tracing MPLS Label Switched Path to 213.xxx.xxx.4/32, timeout is 2 seconds
>> Type escape sequence to abort.
>> 0 213.xxx.xxx.19 MRU 4470 [Labels: implicit-null Exp: 0]
>> ! 1 213.xxx.xxx.18 4 ms
>>
>> PE1 don't encapsulate MPLS header to a package.
>> Result:
>>
>>>> PE2#sh policy-map interf Gi0/1.662 in class match-test-dscp
>>>> GigabitEthernet0/1.662
>>>>
>>>> Service-policy input: Customer-test-In
>>>>
>>>> Class-map: match-test-dscp (match-any)
>>>> 100 packets, 0 bytes
>>>> 30 second offered rate 0 bps
>>>> Match: ip dscp 39
>>>> 100 packets, 0 bytes
>>>> 30 second rate 0 bps
>> So DSCP label comes on PE2
>>
>> 2.2 Device PE2 the last in a chain, option PHP switched off
>>
>> PE2 (config) # mpls ldp explicit-null
>> PE2 (config) #
>>
>> So PE1 encapsulate MPLS header to a package,
>> And as result packages again comes without DSCP label.
>>
>> Result.
>> When MPLS label was encapsulated to header, as result DCSP label was
>> cleared.
>>
>> Does anybody know decision for this problem?
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

nicolasleiva at gmail

Nov 25, 2009, 8:46 AM

Post #4 of 10 (788 views)
Permalink

Re: Problem with dscp packets marking on 76th platform. [In reply to]

You might want to review
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/mplsqos.html#wp1509501
.

Nicolas

On Wed, Nov 25, 2009 at 12:51 PM, Teslenko <ex_art [at] mail> wrote:

> selamat pagi ��:
> > What's the config on the ingress interface of PE1 ?
> > Do you use VPNs (vrf interface) ?
> > Is TE active ?
>
> I have understood that it has misled you
>
> >>>> ping from CE
> >>>> Type escape sequence to abort.
> >>>> Sending 100, 100-byte ICMP Echos to 10.10.10.5, timeout is 2
> >> seconds:
> >>>> Packet sent with a source address of 10.10.10.1
>
>
> Really initially the traffic ran between two vrf
> The scheme of traffic's movement looks as follows
>
> [SW-1]--1->(Te1.661)PE1(Te1.662)--2->[SW-1]--3->(Gi0/1)PE2
>
> This test was necessary to understand "Does marking work in general?"
>
> Yes, it does.
>
> Then was tested MPLS scheme with P router and without P
>
> First. With P router
>
> [SW-1]--> (Te1.661)PE1--(/30,MPLS/OSPF)--> P--(/30,MPLS/OSPF)--> PE2
> -->(82.xx.xx.160/30)->CE
>
> So we saw marking do not occur
> When we use the scheme without router P all works correctly
>
> [SW-1]--> (Te1.661)PE1--(/30,MPLS/OSPF)--> PE2 -->(82.xx.xx.160/30)->CE
>
> But a problem not in P router.
> It has been stated in previous letter
> Problem occur when MPLS label is encapsulating to header of packets.
> This doesn't occur when P not present in scheme,
> because PE1 became penultimate for PE2.
> So MPLS label doesn't change, because PHP is enable on PE2 by default.
>
>
> Interface configuration between SW-1 and PE1 looks as follow
> ==================================================
> [SW-1]--1->(Te1.661)PE1
> ==================================================
> ------------------ listing -----------------------
> 1) SW-1:
> interface Vlan661
> ip address 62.xxx.xx.20 255.255.255.240
> End
> ip route 82.xx.xx.161 255.255.255.255 62.xxx.xx.17
>
> 2) PE1:
> interface Te1.661
> encapsulation dot1Q 661
> ip address 62.xxx.xx.17 255.255.255.240
> no ip redirects
> no ip proxy-arp
> ip mtu 1500
> service-policy input test-in-dscp-set
> end
>
> PE1#sh policy-map test-in-dscp-set
> Policy Map test-in-dscp-set
> Class test
> set ip dscp 39
> Class class-default
>
> PE1#sh class-map test
> Class Map match-all test (id 25)
> Match access-group 100
>
> PE1#sh run | i access-list 100
> access-list 100 permit ip host 62.xxx.xx.20 host 82.xx.xx.161
> access-list 100 deny ip any any
> ----------------- end of listing----------------
>
>
> Interface configuration on PE2
> =================================================
> PE2 -->(82.xx.xx.160/30)->CE
> =================================================
> ------------------ listing -----------------------
> interface Gi1.205
> encapsulation dot1Q 205
> ip address 82.xx.xx.162 255.255.255.252
> no ip redirects
> no ip proxy-arp
> ip mtu 1500
> ip flow ingress
> no cdp enable
> service-policy output test-Out
> end
>
> PE2#sh policy-map test-Out
> Policy Map test-Out
> Class test
> Class class-default
>
> PE2#sh class-map test
> Class Map match-all test (id 27)
> Match ip dscp 39
> ----------------- end of listing----------------
>
> ===============================================
> Start Test
> ===============================================
> ------------------ listing -----------------------
> SW-1#ping 82.xx.xx.161 source 62.xx.xx.20 repeat 10
>
> PE1#sh policy-map interface Te1.661
> TenGigabitEthernet1.661
> Service-policy input: test
> class-map: test (match-all)
> Match: access-group 100
> set dscp 39:
> Earl in slot 1 :
> 1180 bytes
> 30 second offered rate 280 bps
> aggregate-forwarded 1180 bytes
> Class-map: class-default (match-any)
> 0 packets, 0 bytes
> 30 second offered rate 0 bps, drop rate 0 bps
> Match: any
> 0 packets, 0 bytes
> 30 second rate 0 bps
>
> PE2# sh policy-map interface Gi1.205 output class test
> GigabitEthernet1.205
> Service-policy output: test-Out
> Class-map: test (match-all)
> 0 packets, 0 bytes
> 30 second offered rate 0 bps
> Match: ip dscp 39
> ----------------- end of listing----------------
>
>
>
> > cheers, ketimun
> >
> >
> > On Wed, Nov 25, 2009 at 12:09 PM, Teslenko <ex_art [at] mail> wrote:
> >
> >> Hello All,
> >>
> >> We try to introduce Qos in ours IP/MPLS backbone network,
> >> constructed on routers 7600th series
> >>
> >> All 76-s' are P or PE devices should accept from outside MPLS or IP
> >> traffic.
> >> On PE devices we mark packages and we want, that DSCP was transferred
> >> transparently within MPLS domain. But we have problem.
> >>
> >> We use IOS v12.2 (33) SRC1 now.
> >>
> >>
> >> Testing passed on CISCO7609-S with linear card WS-X6708-10GE
> >>
> >>
> >> ==================================
> >> The test #1
> >> ==================================
> >>
> >> P device CISCO7609-S ingress port on linear card WS-X6708-10GE,
> >> egress port on linear card WS-X6724-SFP.
> >> Device PE2 the last in a chain, PHP option enable by default
> >>
> >> The scheme of traffic's movement looks as follows
> >>
> >> CE--> SW-1> (ingress) PE1 (egress)--> P--> (ingress) PE2
> >>
> >> 1.1 Interfaces of the P device are configured as follows
> >>
> >> interface TenGigabitEthernet (WS-X6708-10GE)
> >> dampening
> >> mtu 4470
> >> ip address yy.yy.yy.yy 255.255.255.252
> >> carrier-delay msec 0
> >> mpls traffic-eng tunnels
> >> mpls ip
> >> hold-queue 1000 in
> >> ip rsvp bandwidth
> >> end
> >> !
> >> interface GigabitEthernet (WS-X6724-SFP)
> >> dampening
> >> mtu 4470
> >> ip address xx.xx.xx.xx 255.255.255.252
> >> carrier-delay msec 0
> >> mpls traffic-eng tunnels
> >> mpls ip
> >> hold-queue 1000 in
> >> ip rsvp bandwidth
> >> end
> >>
> >>
> >> 1.2. Marking of traffic occur on ingress interface of PE1
> >>
> >>>> policy-map test-in-dscp-set
> >>>> class class-default
> >>>> set dscp 39
> >> 2.3. Stock-taking dscp labels occur on ingress interface of PE2.
> >>
> >> -------------------------------------------------
> >> listing-------------------
> >>>> ping from CE
> >>>> Type escape sequence to abort.
> >>>> Sending 100, 100-byte ICMP Echos to 10.10.10.5, timeout is 2
> >> seconds:
> >>>> Packet sent with a source address of 10.10.10.1
> >>>> !!!!!
> >>>> Success rate is 100 percent (100/100), round-trip min/avg/max =
> >> 1/4/9 ms
> >>>> PE2#sh policy-map interf Gi0/1.662 in class match-test-dscp
> >>>> GigabitEthernet0/1.662
> >>>>
> >>>> Service-policy input: Customer-test-In
> >>>>
> >>>> Class-map: match-test-dscp (match-any)
> >>>> 0 packets, 0 bytes
> >>>> 30 second offered rate 0 bps
> >>>> Match: ip dscp 39
> >>>> 0 packets, 0 bytes
> >>>> 30 second rate 0 bps
> >>>> ----------------- end of
> listing----------------------------------------
> >> As appears from an example marking do not occur
> >>
> >>
> >> 1.4 MPLS trace looks as follows
> >>
> >> PE1#trace mpls ipv4 213.xxx.xxx.4 255.255.255.255
> >> Tracing MPLS Label Switched Path to 213.xxx.xxx.4/32, timeout is 2
> seconds
> >> Type escape sequence to abort.
> >> 0 213.xxx.xxx.202 MRU 4470 [Labels: 50 Exp: 0]
> >> L 1 213.xxx.xxx.201 MRU 4474 [Labels: implicit-null Exp: 0] 169 ms
> >> ! 2 213.xxx.xxx.18 4 ms
> >>
> >> PE1 encapsulate MPLS header to a package with value of the label = 50
> >> and a field
> >> Exp=0
> >>
> >> ==================================
> >> The test #2
> >> ==================================
> >>
> >> The scheme of traffic's movement looks as follows
> >>
> >> CE--> SW-1> (ingress) PE1 (egress) --->(ingress)PE2
> >>
> >> 2.1 Device PE2 the last in the chain, it have PHP option enable by
> default
> >>
> >> MPLS trace looks as follows
> >> PE1#trace mpls ipv4 213.xxx.xxx.4 255.255.255.255
> >> Tracing MPLS Label Switched Path to 213.xxx.xxx.4/32, timeout is 2
> seconds
> >> Type escape sequence to abort.
> >> 0 213.xxx.xxx.19 MRU 4470 [Labels: implicit-null Exp: 0]
> >> ! 1 213.xxx.xxx.18 4 ms
> >>
> >> PE1 don't encapsulate MPLS header to a package.
> >> Result:
> >>
> >>>> PE2#sh policy-map interf Gi0/1.662 in class match-test-dscp
> >>>> GigabitEthernet0/1.662
> >>>>
> >>>> Service-policy input: Customer-test-In
> >>>>
> >>>> Class-map: match-test-dscp (match-any)
> >>>> 100 packets, 0 bytes
> >>>> 30 second offered rate 0 bps
> >>>> Match: ip dscp 39
> >>>> 100 packets, 0 bytes
> >>>> 30 second rate 0 bps
> >> So DSCP label comes on PE2
> >>
> >> 2.2 Device PE2 the last in a chain, option PHP switched off
> >>
> >> PE2 (config) # mpls ldp explicit-null
> >> PE2 (config) #
> >>
> >> So PE1 encapsulate MPLS header to a package,
> >> And as result packages again comes without DSCP label.
> >>
> >> Result.
> >> When MPLS label was encapsulated to header, as result DCSP label was
> >> cleared.
> >>
> >> Does anybody know decision for this problem?
> >>
> >>
> >> _______________________________________________
> >> cisco-nsp mailing list cisco-nsp [at] puck
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp [at] puck
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

tav at ucomline

Nov 25, 2009, 9:56 AM

Post #5 of 10 (772 views)
Permalink

Re: Problem with dscp packets marking on 76th platform. [In reply to]

Nicolás Leiva пишет:
> You might want to review
> http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/mplsqos.html#wp1509501

There are nothing new for me here

I tried to say following
When router added mpls label in header of packet
then dscp field became clean

We tested that

PE1--(/30,MPLS/OSPF)--> PE2

PE2: PHP was enabled. Packets came with dscp
PE2: PHP was switched off. Packets came without dscp

>
> Nicolas
>
> On Wed, Nov 25, 2009 at 12:51 PM, Teslenko <ex_art [at] mail> wrote:
>
>> selamat pagi пишет:
>>> What's the config on the ingress interface of PE1 ?
>>> Do you use VPNs (vrf interface) ?
>>> Is TE active ?
>> I have understood that it has misled you
>>
>>>>>> ping from CE
>>>>>> Type escape sequence to abort.
>>>>>> Sending 100, 100-byte ICMP Echos to 10.10.10.5, timeout is 2
>>>> seconds:
>>>>>> Packet sent with a source address of 10.10.10.1
>>
>> Really initially the traffic ran between two vrf
>> The scheme of traffic's movement looks as follows
>>
>> [SW-1]--1->(Te1.661)PE1(Te1.662)--2->[SW-1]--3->(Gi0/1)PE2
>>
>> This test was necessary to understand "Does marking work in general?"
>>
>> Yes, it does.
>>
>> Then was tested MPLS scheme with P router and without P
>>
>> First. With P router
>>
>> [SW-1]--> (Te1.661)PE1--(/30,MPLS/OSPF)--> P--(/30,MPLS/OSPF)--> PE2
>> -->(82.xx.xx.160/30)->CE
>>
>> So we saw marking do not occur
>> When we use the scheme without router P all works correctly
>>
>> [SW-1]--> (Te1.661)PE1--(/30,MPLS/OSPF)--> PE2 -->(82.xx.xx.160/30)->CE
>>
>> But a problem not in P router.
>> It has been stated in previous letter
>> Problem occur when MPLS label is encapsulating to header of packets.
>> This doesn't occur when P not present in scheme,
>> because PE1 became penultimate for PE2.
>> So MPLS label doesn't change, because PHP is enable on PE2 by default.
>>
>>
>> Interface configuration between SW-1 and PE1 looks as follow
>> ==================================================
>> [SW-1]--1->(Te1.661)PE1
>> ==================================================
>> ------------------ listing -----------------------
>> 1) SW-1:
>> interface Vlan661
>> ip address 62.xxx.xx.20 255.255.255.240
>> End
>> ip route 82.xx.xx.161 255.255.255.255 62.xxx.xx.17
>>
>> 2) PE1:
>> interface Te1.661
>> encapsulation dot1Q 661
>> ip address 62.xxx.xx.17 255.255.255.240
>> no ip redirects
>> no ip proxy-arp
>> ip mtu 1500
>> service-policy input test-in-dscp-set
>> end
>>
>> PE1#sh policy-map test-in-dscp-set
>> Policy Map test-in-dscp-set
>> Class test
>> set ip dscp 39
>> Class class-default
>>
>> PE1#sh class-map test
>> Class Map match-all test (id 25)
>> Match access-group 100
>>
>> PE1#sh run | i access-list 100
>> access-list 100 permit ip host 62.xxx.xx.20 host 82.xx.xx.161
>> access-list 100 deny ip any any
>> ----------------- end of listing----------------
>>
>>
>> Interface configuration on PE2
>> =================================================
>> PE2 -->(82.xx.xx.160/30)->CE
>> =================================================
>> ------------------ listing -----------------------
>> interface Gi1.205
>> encapsulation dot1Q 205
>> ip address 82.xx.xx.162 255.255.255.252
>> no ip redirects
>> no ip proxy-arp
>> ip mtu 1500
>> ip flow ingress
>> no cdp enable
>> service-policy output test-Out
>> end
>>
>> PE2#sh policy-map test-Out
>> Policy Map test-Out
>> Class test
>> Class class-default
>>
>> PE2#sh class-map test
>> Class Map match-all test (id 27)
>> Match ip dscp 39
>> ----------------- end of listing----------------
>>
>> ===============================================
>> Start Test
>> ===============================================
>> ------------------ listing -----------------------
>> SW-1#ping 82.xx.xx.161 source 62.xx.xx.20 repeat 10
>>
>> PE1#sh policy-map interface Te1.661
>> TenGigabitEthernet1.661
>> Service-policy input: test
>> class-map: test (match-all)
>> Match: access-group 100
>> set dscp 39:
>> Earl in slot 1 :
>> 1180 bytes
>> 30 second offered rate 280 bps
>> aggregate-forwarded 1180 bytes
>> Class-map: class-default (match-any)
>> 0 packets, 0 bytes
>> 30 second offered rate 0 bps, drop rate 0 bps
>> Match: any
>> 0 packets, 0 bytes
>> 30 second rate 0 bps
>>
>> PE2# sh policy-map interface Gi1.205 output class test
>> GigabitEthernet1.205
>> Service-policy output: test-Out
>> Class-map: test (match-all)
>> 0 packets, 0 bytes
>> 30 second offered rate 0 bps
>> Match: ip dscp 39
>> ----------------- end of listing----------------
>>
>>
>>
>>> cheers, ketimun
>>>
>>>
>>> On Wed, Nov 25, 2009 at 12:09 PM, Teslenko <ex_art [at] mail> wrote:
>>>
>>>> Hello All,
>>>>
>>>> We try to introduce Qos in ours IP/MPLS backbone network,
>>>> constructed on routers 7600th series
>>>>
>>>> All 76-s' are P or PE devices should accept from outside MPLS or IP
>>>> traffic.
>>>> On PE devices we mark packages and we want, that DSCP was transferred
>>>> transparently within MPLS domain. But we have problem.
>>>>
>>>> We use IOS v12.2 (33) SRC1 now.
>>>>
>>>>
>>>> Testing passed on CISCO7609-S with linear card WS-X6708-10GE
>>>>
>>>>
>>>> ==================================
>>>> The test #1
>>>> ==================================
>>>>
>>>> P device CISCO7609-S ingress port on linear card WS-X6708-10GE,
>>>> egress port on linear card WS-X6724-SFP.
>>>> Device PE2 the last in a chain, PHP option enable by default
>>>>
>>>> The scheme of traffic's movement looks as follows
>>>>
>>>> CE--> SW-1> (ingress) PE1 (egress)--> P--> (ingress) PE2
>>>>
>>>> 1.1 Interfaces of the P device are configured as follows
>>>>
>>>> interface TenGigabitEthernet (WS-X6708-10GE)
>>>> dampening
>>>> mtu 4470
>>>> ip address yy.yy.yy.yy 255.255.255.252
>>>> carrier-delay msec 0
>>>> mpls traffic-eng tunnels
>>>> mpls ip
>>>> hold-queue 1000 in
>>>> ip rsvp bandwidth
>>>> end
>>>> !
>>>> interface GigabitEthernet (WS-X6724-SFP)
>>>> dampening
>>>> mtu 4470
>>>> ip address xx.xx.xx.xx 255.255.255.252
>>>> carrier-delay msec 0
>>>> mpls traffic-eng tunnels
>>>> mpls ip
>>>> hold-queue 1000 in
>>>> ip rsvp bandwidth
>>>> end
>>>>
>>>>
>>>> 1.2. Marking of traffic occur on ingress interface of PE1
>>>>
>>>>>> policy-map test-in-dscp-set
>>>>>> class class-default
>>>>>> set dscp 39
>>>> 2.3. Stock-taking dscp labels occur on ingress interface of PE2.
>>>>
>>>> -------------------------------------------------
>>>> listing-------------------
>>>>>> ping from CE
>>>>>> Type escape sequence to abort.
>>>>>> Sending 100, 100-byte ICMP Echos to 10.10.10.5, timeout is 2
>>>> seconds:
>>>>>> Packet sent with a source address of 10.10.10.1
>>>>>> !!!!!
>>>>>> Success rate is 100 percent (100/100), round-trip min/avg/max =
>>>> 1/4/9 ms
>>>>>> PE2#sh policy-map interf Gi0/1.662 in class match-test-dscp
>>>>>> GigabitEthernet0/1.662
>>>>>>
>>>>>> Service-policy input: Customer-test-In
>>>>>>
>>>>>> Class-map: match-test-dscp (match-any)
>>>>>> 0 packets, 0 bytes
>>>>>> 30 second offered rate 0 bps
>>>>>> Match: ip dscp 39
>>>>>> 0 packets, 0 bytes
>>>>>> 30 second rate 0 bps
>>>>>> ----------------- end of
>> listing----------------------------------------
>>>> As appears from an example marking do not occur
>>>>
>>>>
>>>> 1.4 MPLS trace looks as follows
>>>>
>>>> PE1#trace mpls ipv4 213.xxx.xxx.4 255.255.255.255
>>>> Tracing MPLS Label Switched Path to 213.xxx.xxx.4/32, timeout is 2
>> seconds
>>>> Type escape sequence to abort.
>>>> 0 213.xxx.xxx.202 MRU 4470 [Labels: 50 Exp: 0]
>>>> L 1 213.xxx.xxx.201 MRU 4474 [Labels: implicit-null Exp: 0] 169 ms
>>>> ! 2 213.xxx.xxx.18 4 ms
>>>>
>>>> PE1 encapsulate MPLS header to a package with value of the label = 50
>>>> and a field
>>>> Exp=0
>>>>
>>>> ==================================
>>>> The test #2
>>>> ==================================
>>>>
>>>> The scheme of traffic's movement looks as follows
>>>>
>>>> CE--> SW-1> (ingress) PE1 (egress) --->(ingress)PE2
>>>>
>>>> 2.1 Device PE2 the last in the chain, it have PHP option enable by
>> default
>>>> MPLS trace looks as follows
>>>> PE1#trace mpls ipv4 213.xxx.xxx.4 255.255.255.255
>>>> Tracing MPLS Label Switched Path to 213.xxx.xxx.4/32, timeout is 2
>> seconds
>>>> Type escape sequence to abort.
>>>> 0 213.xxx.xxx.19 MRU 4470 [Labels: implicit-null Exp: 0]
>>>> ! 1 213.xxx.xxx.18 4 ms
>>>>
>>>> PE1 don't encapsulate MPLS header to a package.
>>>> Result:
>>>>
>>>>>> PE2#sh policy-map interf Gi0/1.662 in class match-test-dscp
>>>>>> GigabitEthernet0/1.662
>>>>>>
>>>>>> Service-policy input: Customer-test-In
>>>>>>
>>>>>> Class-map: match-test-dscp (match-any)
>>>>>> 100 packets, 0 bytes
>>>>>> 30 second offered rate 0 bps
>>>>>> Match: ip dscp 39
>>>>>> 100 packets, 0 bytes
>>>>>> 30 second rate 0 bps
>>>> So DSCP label comes on PE2
>>>>
>>>> 2.2 Device PE2 the last in a chain, option PHP switched off
>>>>
>>>> PE2 (config) # mpls ldp explicit-null
>>>> PE2 (config) #
>>>>
>>>> So PE1 encapsulate MPLS header to a package,
>>>> And as result packages again comes without DSCP label.
>>>>
>>>> Result.
>>>> When MPLS label was encapsulated to header, as result DCSP label was
>>>> cleared.
>>>>
>>>> Does anybody know decision for this problem?
>>>>
>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list cisco-nsp [at] puck
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>
>>> _______________________________________________
>>> cisco-nsp mailing list cisco-nsp [at] puck
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

--
Andrey Teslenko
Leading ip engineer
JSC "Farlep-Invest", Ukraine, Odessa
Backbone network department
Network operation sector
mob: 8063 617-01-68
tel: 8048 716-55-72
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

thomas at habets

Nov 25, 2009, 12:08 PM

Post #6 of 10 (775 views)
Permalink

Re: Problem with dscp packets marking on 76th platform. [In reply to]

On Wed, 25 Nov 2009, Teslenko wrote:
> PE2#sh policy-map test-Out
> Policy Map test-Out
> Class test
> Class class-default
>
> PE2#sh class-map test
> Class Map match-all test (id 27)
> Match ip dscp 39
[...]
> PE2# sh policy-map interface Gi1.205 output class test
> GigabitEthernet1.205
> Service-policy output: test-Out
> Class-map: test (match-all)
> 0 packets, 0 bytes
> 30 second offered rate 0 bps
> Match: ip dscp 39

The output counter will not increment if you only match on 6500/7600, and
don't actually *set* anything in your policy-map. This is true for getting
EXP-x counter values in P at least.

Try this on PE2:
policy-map test-Out
class test
set dscp 39

And see if the counter wakes up. Are you sure the tags are as you think
on the wire, or are you bravely believing anything that the 6500/7600
tells you? The counter is (can be) a lie.

This will of course not actually change anything, since you are setting 39
if it's set to 39.

---------
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "thomas [at] habets" };
char kernel[] = { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt" };
char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

ketimun at gmail

Nov 26, 2009, 3:48 AM

Post #7 of 10 (766 views)
Permalink

Re: Problem with dscp packets marking on 76th platform. [In reply to]

In you last test with setting "mpls ldp explicit-null" on PE2, you tell the
previous node NOT to keep the label. Therefore packet arrives with
MPLS-label(s). and no packet will match a DSCP-value because you only have
EXP-values in the label.

When you did your first test, CE-PE1-P-PE2 where there still vrf's
configured. That would explain why you did not see DSCP-values, you would
have seen EXP-values. You still would have 1 label (vpn-label).

To prove this, could you change your policy to match EXP 4 instead of DSCP
39 ?

cheers, ketimun

On Wed, Nov 25, 2009 at 9:08 PM, Thomas Habets <thomas [at] habets> wrote:

> On Wed, 25 Nov 2009, Teslenko wrote:
>
>> PE2#sh policy-map test-Out
>> Policy Map test-Out
>> Class test
>> Class class-default
>>
>> PE2#sh class-map test
>> Class Map match-all test (id 27)
>> Match ip dscp 39
>>
> [...]
>
> PE2# sh policy-map interface Gi1.205 output class test
>> GigabitEthernet1.205
>> Service-policy output: test-Out
>> Class-map: test (match-all)
>> 0 packets, 0 bytes
>> 30 second offered rate 0 bps
>> Match: ip dscp 39
>>
>
> The output counter will not increment if you only match on 6500/7600, and
> don't actually *set* anything in your policy-map. This is true for getting
> EXP-x counter values in P at least.
>
> Try this on PE2:
> policy-map test-Out
> class test
> set dscp 39
>
> And see if the counter wakes up. Are you sure the tags are as you think on
> the wire, or are you bravely believing anything that the 6500/7600 tells
> you? The counter is (can be) a lie.
>
> This will of course not actually change anything, since you are setting 39
> if it's set to 39.
>
> ---------
> typedef struct me_s {
> char name[] = { "Thomas Habets" };
> char email[] = { "thomas [at] habets" };
> char kernel[] = { "Linux" };
> char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt" };
> char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" };
> char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
> } me_t;
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

thomas at habets

Nov 26, 2009, 11:11 AM

Post #8 of 10 (765 views)
Permalink

Re: Problem with dscp packets marking on 76th platform. [In reply to]

On Thu, 26 Nov 2009, selamat pagi wrote:
> When you did your first test, CE-PE1-P-PE2 where there still vrf's
> configured. That would explain why you did not see DSCP-values, you would
> have seen EXP-values. You still would have 1 label (vpn-label).

No, I had multiple P routers in a row where I matched on EXP and saw this.
And I think this was also an issue outgoing from the egress PE when there
is no label (only DSCP) and I matched on DSCP.

Really, the show-policy-map-interface counters don't work unless you set
something in the matching class on 6500/7600.

Yes. Really.

> To prove this, could you change your policy to match EXP 4 instead of DSCP
> 39 ?

That's what I did. Since as you say, only the outer label is popped by
PHP.

Like I said: sniff the traffic if you think things aren't being tagged.
They may well be tagged properly. Also you can try traceroute through the
network with a traceroute that understands EXP in the TTL expired messages
(where the traceroute probes ought to be tagged). Doesn't work all that
well if you have no-propagate-ttl though.

---------
typedef struct me_s {
char name[] = { "Thomas Habets" };
char email[] = { "thomas [at] habets" };
char kernel[] = { "Linux" };
char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt" };
char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" };
char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
} me_t;
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

daniel at fnutt

Nov 29, 2009, 11:26 AM

Post #9 of 10 (709 views)
Permalink

Re: Problem with dscp packets marking on 76th platform. [In reply to]

On 25.11.2009 12:09, Teslenko wrote:
> We try to introduce Qos in ours IP/MPLS backbone network,
> constructed on routers 7600th series

There is a hardware limitation in the PFC on the Cat6500/7600 which i
might think you are hitting.

You can _not_ mark packets ingress (as IP) on this platform and then
egress them as MPLS. In that scenario the DSCP header will be lost.

--
Daniel Husand

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

ex_art at mail

Dec 9, 2009, 6:59 AM

Post #10 of 10 (612 views)
Permalink

Re: Problem with dscp packets marking on 76th platform. [In reply to]

We resolved this problem
when we changed MPLS DiffServ mode from Short Pipe to Uniform mode

It will work if we will apply next command in global configuration mode

#mls mpls qos input uniform-mode

Thomas Habets пишет:
> On Thu, 26 Nov 2009, selamat pagi wrote:
>> When you did your first test, CE-PE1-P-PE2 where there still vrf's
>> configured. That would explain why you did not see DSCP-values, you
>> would
>> have seen EXP-values. You still would have 1 label (vpn-label).
>
> No, I had multiple P routers in a row where I matched on EXP and saw
> this. And I think this was also an issue outgoing from the egress PE
> when there is no label (only DSCP) and I matched on DSCP.
>
> Really, the show-policy-map-interface counters don't work unless you
> set something in the matching class on 6500/7600.
>
> Yes. Really.
>
>> To prove this, could you change your policy to match EXP 4 instead of
>> DSCP
>> 39 ?
>
> That's what I did. Since as you say, only the outer label is popped by
> PHP.
>
> Like I said: sniff the traffic if you think things aren't being tagged.
> They may well be tagged properly. Also you can try traceroute through
> the network with a traceroute that understands EXP in the TTL expired
> messages (where the traceroute probes ought to be tagged). Doesn't
> work all that well if you have no-propagate-ttl though.
>
> ---------
> typedef struct me_s {
> char name[] = { "Thomas Habets" };
> char email[] = { "thomas [at] habets" };
> char kernel[] = { "Linux" };
> char *pgpKey[] = { "http://www.habets.pp.se/pubkey.txt" };
> char pgp[] = { "A8A3 D1DD 4AE0 8467 7FDE 0945 286A E90A AD48 E854" };
> char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
> } me_t;
>
>

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads