Cisco Systems MPC-273 Packet Validation Mechanism, Quality of Service Using the Modular QoS CLI

Page 4

Implementing MPLS VPNs over IP Tunnels on Cisco IOS XR Software

Information About MPLS VPNs over IP Tunnels

Packet Validation Mechanism

The MPLS VPNs over IP Tunnels feature provides a simple mechanism to validate received packets from appropriate peers. The multipoint L2TPv3 tunnel header is automatically configured with a 64-bit cookie and L2TPv3 session ID. This packet validation mechanism protects the VPN from illegitimate traffic sources. The cookie and session ID are not user-configurable, but they are visible in the packet as it is routed between the two tunnel endpoints. Note that this packet validation mechanism does not protect the VPN from hackers who are able to monitor legitimate traffic between PE routers.

Quality of Service Using the Modular QoS CLI

To configure the bandwidth on the encapsulation and decapsulation interfaces, use the modular QoS CLI (MQC).

Note This task is optional.

Use the MQC to configure the IP precedence or Differentiated Services Code Point (DSCP) value set in the IP carrier header during packet encapsulation. To set these values, enter a standalone set command or a police command using the keyword tunnel. In the input policy on the encapsulation interface, you can set the precedence or DSCP value in the IP payload header by using MQC commands without the keyword tunnel.

Note You must attach a QoS policy to the physical interface—notto the tunnel interface.

If Modified Deficit Round Robin (MDRR)/Weighted Random Early Detection (WRED) is configured for the encapsulation interface in the input direction, the final value of the precedence or DSCP field in the IP carrier header is used to determine the precedence class for which the MDRR/WRED policy is applied. On the decapsulation interface in the input direction, you can configure a QoS policy based on the precedence or DSCP value in the IP carrier header of the received packet. In this case, an MQC policy with a class to match on precedence or DSCP value will match the precedence or DSCP value in the received IP carrier header. Similarly, the precedence class for which the MDRR/WRED policy is applied on the decapsulation input direction is also determined by precedence or DSCP value in the IP carrier header.

BGP Multipath Load Sharing for MPLS VPNs over IP Tunnels

BGP Multipath Load Sharing for EBGP and IBGP lets you configure multipath load balancing with both external BGP and internal BGP paths in BGP networks that are configured to use MPLS VPNs. (When faced with multiple routes to the same destination, BGP chooses the best route for routing traffic toward the destination so that no individual router is overburdened.)

BGP Multipath Load Sharing is useful for multihomed autonomous systems and PE routers that import both EBGP and IBGP paths from multihomed and stub networks.

 

Cisco IOS XR MPLS Configuration Guide

MPC-276

OL-12284-01

Image 4
Contents Contents Restrictions for Configuring Mpls VPNs over IP Tunnels Information About Mpls VPNs over IP TunnelsOverview Mpls VPNs over IP Tunnels MPC-274PE Routers and Address Space MPC-275Quality of Service Using the Modular QoS CLI Packet Validation MechanismBGP Multipath Load Sharing for Mpls VPNs over IP Tunnels MPC-276How to Configure Mpls VPNs over IP Tunnels Configuring the Global VRF DefinitionInter-AS and CSC Support over IP Tunnels MPC-277Detailed Steps MPC-278Configuring a Route-Policy Definition MPC-279Configuring a Static Route MPC-280Configuring an IPv4 Loopback Interface MPC-281MPC-282 Configuring a CFI VRF Interface MPC-283Configuring the Core Network MPC-284Configuring Inter-AS and CSC support over IP Tunnels MPC-285As an Asbr eBGP peer MPC-286Command or Action Purpose MPC-287Configuring the Backbone Carrier Core for IP Tunnels MPC-288MPC-289 MPC-290 MPC-291 Verifying Mpls VPN over IP MPC-292Configuring an L2TPv3 Tunnel Example Configuring the Global VRF Definition ExampleConfiguring a Route-Policy Definition Example MPC-293Configuring a Static Route Example Configuring an IPv4 Loopback Interface ExampleConfiguring a CFI VRF Interface Example Additional ReferencesStandards MIBsRFCs MPC-295Technical Assistance MPC-296