The qos-group only exists inside the router itself. It is not part of the packet at all. So if you are looking at doing things with MPLS you have to take a look at your network, and what you are doing at each hop along the way, and what you are looking at setting. Whenever you are doing an L3 lookup, you can match on stuff. Once you are the middle of your MPLS network, your L3 lookups don't take place, so matching is irrelevant. So things you may look at doing... Set the mpls exp bits? Manipulate the next hop to force difference types of traffic down different LSPs. HTH, Scott
_____ From: Gary Lo [mailto:[EMAIL PROTECTED] Sent: Saturday, December 15, 2007 10:48 AM To: [EMAIL PROTECTED] Cc: Aqbalali Arne; [email protected] Subject: Re: [OSL | CCIE_SP] Rate limiting based on Community Hi Scott I also am trying to configure the QPPB and i have been at it for several days. The problem is, in a MPLS network, when you configure the route-map to match bgp community and then apply it via table-map under route bgp, you see that when doing a show ip cef (the target network) you see it being tagged as qos-group # which is good. But when actual traffic going out an mpls interface, the policy map or rate-limit will not match the qos-group!! The qos-group exist only on the ipv4 label and not the mpls top label. Is it something to do with the PHP? i am having trouble getting the qos-group value to be on the top-most MPLS label. Thanks in advance Gary On Dec 14, 2007 5:09 PM, Scott Morris < [EMAIL PROTECTED]> wrote: No worries. it's good to be able to think through things like that, because once you understand the options available to you, you'll be able to get through any manipulation they ask you to do! HTH, Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al. CCSI/JNCI-M/JNCI-ER VP - Technical Training - IPexpert, Inc. IPexpert Sr. Technical Instructor A Cisco Learning Partner - We Accept Learning Credits! [EMAIL PROTECTED] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 http://www.ipexpert.com _____ From: Aqbalali Arne [mailto:[EMAIL PROTECTED] Sent: Friday, December 14, 2007 5:09 AM To: [EMAIL PROTECTED]; [email protected] Subject: RE: [OSL | CCIE_SP] Rate limiting based on Community Thanks Scott, in fact i saw the same option yesterday in DQOS book for QPPB and they have given an example for community itself. Thanks again. Aqbal _____ From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [email protected] Subject: RE: [OSL | CCIE_SP] Rate limiting based on Community Date: Thu, 13 Dec 2007 08:54:18 -0500 We frequently see communities used in order to do Remote Triggered Black Hole Routing, which is essentially killing traffic based on particular community values by rearranging the next-hop. I don't see why we couldn't use it for policing as well, but there isn't any inherent mechanism of QoS or policing to match on BGP community. So we would need to look at an architecture where there were dual next-hops to really forward traffic. One path is "normal", the other is simply policed. There's a more formal option in place called QPPB (Qos Policy Propogation via BGP) that you may want to look at. :) In a route-map, you can match on BGP communities then "set ip qos-group" which is a non-transitive value. But that's a value that can then be used in MQC to "match qos-group" and set any policing parameters. So there are a couple of options for you to play around with! HTH, Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, JNCIE-M #153, JNCIS-ER, CISSP, et al. CCSI/JNCI-M/JNCI-ER VP - Technical Training - IPexpert, Inc. IPexpert Sr. Technical Instructor A Cisco Learning Partner - We Accept Learning Credits! [EMAIL PROTECTED] Telephone: +1.810.326.1444 Fax: +1.810.454.0130 http://www.ipexpert.com _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aqbalali Arne Sent: Thursday, December 13, 2007 7:38 AM To: [email protected] Subject: [OSL | CCIE_SP] Rate limiting based on Community Hi, Is there any feature to rate limit the traffic when a router recieves BGP routes with a particular community string attached. May be something to do with DOS attack. Aqbal _____ Post free auto ads on Yello Classifieds now! Try it <http://ss1.richmedia.in/recurl.asp?pid=255> now! _____ Fly HYD-BLR for Rs.499 Log on to MakeMyTrip! Check it <http://ss1.richmedia.in/recurl.asp?pid=266> out!
