cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
641
Views
10
Helpful
6
Replies
Carlos A. Silva
Participant

[abf with mpls tag support]

Hi, All:

 

I was told by my local SE that as of XR 5.3.0, XR would support the ability for ABF to catch mpls-tagged traffic. I find no trace of this in the release notes. Can anyone confirm if this is indeed supported in 5.3.0 and if not, which version it is committed?

 

Thanks,

c.

1 ACCEPTED SOLUTION

Accepted Solutions
xthuijs
Cisco Employee

hi carlos,

the CSCud94957 was the ddts that reversed that model, so before this ddts you could match on mpls labels etc.

To allow matching on labeled packets we implemented a PBR infrastructure that went into 522.

the command structure is something like this:

 

CLASS-map configuration

class-map type traffic match-all mpls-dns-src

match protocol mpls

 match access-group ipv4 dns-src-acl

 end-class-map

 

Note here the match-all clause and match on mpls and match on access-group to instruct the forwarders to apply the ACL on labeled packets.

Packet MUST be single labeled.

 

PBR configuration:

 

policy-map type pbr demo2

class type traffic mpls-dns-src

  set source-address ipv4 1.2.3.4

!

class type traffic class-default

 !

end-policy-map

!

xander

View solution in original post

6 REPLIES 6
xthuijs
Cisco Employee

hi carlos,

the CSCud94957 was the ddts that reversed that model, so before this ddts you could match on mpls labels etc.

To allow matching on labeled packets we implemented a PBR infrastructure that went into 522.

the command structure is something like this:

 

CLASS-map configuration

class-map type traffic match-all mpls-dns-src

match protocol mpls

 match access-group ipv4 dns-src-acl

 end-class-map

 

Note here the match-all clause and match on mpls and match on access-group to instruct the forwarders to apply the ACL on labeled packets.

Packet MUST be single labeled.

 

PBR configuration:

 

policy-map type pbr demo2

class type traffic mpls-dns-src

  set source-address ipv4 1.2.3.4

!

class type traffic class-default

 !

end-policy-map

!

xander

thank you very much, xander. will test it the way you suggest it.

Xander:

 

Had to pick this up. I never got to test this because xrv does not support ABF. quick question regarding this config you suggest:

 

- ACL is going to look exactly like an ABF ACL? or should we remove the nexthop part?

- for the pbr: set source-address ipv4 [NH] where NH is the nexthop we want the traffic to be sent to?

- then apply service-policy to interface?

 

Configuration-wise it's reasonably different that (the simple) ABF setup.

 

Thanks!

c.

hi Carlos,

with PBR ACL is used only for classification, so drop the nexthop part in the ACL definition.

source-address and destination-address are actually rewriting the IP packet header, changing the source or destination IP address.

To manipulate the next-hop for MPLS packets you can use PBTS. Use the PBR to set the forwarding-class for the traffic of choice (defined by mpls-dns-src in the example). Then create MPLS TE tunnels designated to that forwarding class. You should have one default tunnel and as many specific tunnels (per forwarding class) as you need.

Maybe there is some other trick you can use to manipulate the next hop for MPLS traffic. I can only think of this one.

 

Hope this helps,

Aleksandar

I have to correct my response. You can use the "redirect" keyword in the PBR policy.

 

ipv4 access-list dns-src-acl
 10 permit ipv4 any any
!
class-map type traffic match-all mpls-dns-src
 match protocol mpls
 match access-group ipv4 dns-src-acl
 end-class-map
!
policy-map type pbr demo2
 class type traffic mpls-dns-src
 redirect ipv4 nexthop 1.1.1.1
!
 class type traffic class-default
!
end-policy-map
!
regards, Aleksandar

Thank you very much, Aleksandar! Really appreciate you taking the time.

Hopefully I'll get to try this in the next few days. Will update with results.