Uniform MPLS DiffServ Tunneling Mode for 6500/7600 (SUP720) Configuration Example

Introduction

This document describes the minimum configuration steps that need to be completed on the Cisco 7600/6500 router that has a Supervisor engine SUP720 Policy Feature Card 3 (PFC3). These steps are are required in order to configure and verify Uniform Differentiated Services (DiffServ) Tunneling mode available for Multiprotocol Label Switching (MPLS).

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

• MPLS and MPLS for VPNs

• Concepts that relate to IP precedence, Type of Service (ToS), and DiffServ

• QoS Packet Marking and Classification using Modular QoS Command Line Interface CLI (MQC)

Components Used

The information in this document is based on a Cisco 7600 router that acts as PE router and a Cisco 2911 router that acts as a CE router. However, this document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Background

This document aims to help network administrators set up uniform MPLS DiffServ mode on the 7600/6500 SUP720 PFC3. For rest of the document, it is assumed that "mls qos" is enabled globally on 6500/7600 router.

Default Behavior

Figure 1

For a packet that enters the LAN module on the 6500/7600 router, the default behavior is not to trust any QoS value. This means that when a packet with Differentiated Services Code Point (DSCP) 3 enters PE1, PE1 does not trust this DSCP and sets the internal DSCP value equal to zero. When the packet egresses PE1 towards the MPLS side, PE1 uses the internal DSCP value in order to derive experimental value (EXP) and sets this EXP value (in this case zero) in all the MPLS labels that are imposed.

The 6500/7600 router can only do QoS marking in the outermost Layer 3 (L3) encapsulation. In an IP to MPLS situation the outermost L3 encapsulation is MPLS, so the QoS marking is done only in MPLS labels and the IP header remains intact. This is why you see DSCP 3 preserved in the IP header even though there was no trust statement configured on the interface.

Uniform Tunnel Mode

DiffServ Tunneling Uniform Mode has only one layer of QoS which reaches end-to-end.

Figure 2

Imposition of Label (IP > Label)

• The IP precedence of the incoming IP packet is copied to the MPLS EXP bits of all pushed label(s).

• The first three bits of the DSCP bit are copied to the MPLS EXP bits of all pushed label(s).

• This technique is also known as ToS Reflection.

MPLS Forwarding (Label > Label)

• The EXP is copied to the new labels that are swapped/pushed when forwarded or imposed.

• At label imposition, the underlying labels are not modified with the value of the new label that is added to the current label stack.

• At label disposition, the EXP bits are not copied down to the newly exposed label EXP bits.

Disposition of Label (Label > IP)

At label disposition, the EXP bits are copied down to the IP precedence/DSCP field of the newly exposed IP packet. In order to enable uniform mode for the 6500/7600 router, this two step configuration is required:

1. Enable trust at ingress on the PE-CE interface.

   After the trust statement is configured under the interface that faces towards the CE, instead of setting the internal DSCP to zero, the device derives the internal DSCP from the QoS value present in the IP header. This internal DSCP value is now used to derive the EXP value at egress. When the packet egresses the PE1 device, the QoS value in the IP header remains intact as the change is completed only in outermost L3 encapsulation.

   
   Figure 3

   With just this configuration at the egress PE, in the MPLS to IP operation, the device does not copy the experimental value from the MPLS header to the IP header. In order to do so, the additional configuration listed in the next step is required.

2. Enable propagate-cos at egress on PE-CE interface.

   There is a hidden interface level command mpls propagate-cos which needs to be configured on the egress PE-CE interface in order to complete the configuration of uniform mode. This command derives the IP DSCP value from the EXP value in the MPLS header and then rewrites this value in the IP header.

   The PFC only propagates the EXP value if all interfaces in the VPN have EXP propagation enabled. This means the hidden command needs to be present on all the interfaces of the Virtual Routing and Forwarding (VRF) for propagation to work. Also for aggregate VPN labels, the EXP propagation in a recirculation case might not be supported because MPLS adjacency does not know which egress interface the final packet will use.

   After this configuration, uniform mode configuration is complete and the results shown in Figure 2 are achieved.

Configure

Note: Use the Command Lookup Tool (registered customers only) in order to obtain more information on the commands used in this section.

1. Configure port trust in the ingress direction on the PE-CE interface.

   In order to configure the trust state of an ingress port, complete the steps in this table:

   	Command	Purpose
   Step 1	Router(config)# interface {{ type slot/port } | { port-channel number }}	Selects the interface to configure.
   Step 2	Router(config-if)# mls qos trust [ dscp | ip-precedence | cos ]	Configures the trust state of the port.
   	Router(config-if)# no mls qos trust	Reverts to the default trust state (untrusted).
   Step 3	Router(config-if)# end	Exits configuration mode.
   Step 4	Router# show mls qos [ ipv6 ]	Verifies the configuration.

2. Configure propagate-cos in the egress direction on the PE-CE interface.In order to configure the egress PE router at the customer-facing interface, complete the steps in this table:

   	Command	Purpose
   Step 1	Router(config)# interface {{ type slot/port } | { port-channel number }}	Selects the interface to configure.
   Step 2	Router(config-if)# mpls propagate-cos	Enables propagation of EXP value into the underlying IP DSCP.
   Step 3	Router(config-if)# end	Exits configuration mode.

   When you configure the EXP propagation to IP, note this information:

   • mpls propagate-cos is a hidden command and you might need to type the command completely.
   • mpls propagate-cos needs to be present on all the interfaces of the VRF otherwise propagation will not take effect.

   This example shows how to configure Gigabit Ethernet port 1/1 of PE2 with the mpls propagate-cos keywords:

   PE2# configure terminal
   Enter configuration commands, one per line. End with CNTL/Z.
   PE2(config)# interface gigabitethernet 1/1
   PE2(config-if)# mpls propagate-cos
   PE2(config-if)# end
   PE2#

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

• Next Generation MPLS VPN Design
• 7600 MPLS QOS Configuration Guide 15S
• 6500 MPLS QOS Configuration Guide 15SY
• Technical Support & Documentation - Cisco Systems