Solved: [abf with mpls tag support]

Carlos A. Silva · ‎02-04-2015

Hi, All:

I was told by my local SE that as of XR 5.3.0, XR would support the ability for ABF to catch mpls-tagged traffic. I find no trace of this in the release notes. Can anyone confirm if this is indeed supported in 5.3.0 and if not, which version it is committed?

Thanks,

c.

xthuijs · ‎02-08-2015

hi carlos,

the CSCud94957 was the ddts that reversed that model, so before this ddts you could match on mpls labels etc.

To allow matching on labeled packets we implemented a PBR infrastructure that went into 522.

the command structure is something like this:

CLASS-map configuration

class-map type traffic match-all mpls-dns-src

match protocol mpls

match access-group ipv4 dns-src-acl

end-class-map

Note here the match-all clause and match on mpls and match on access-group to instruct the forwarders to apply the ACL on labeled packets.

Packet MUST be single labeled.

PBR configuration:

policy-map type pbr demo2

class type traffic mpls-dns-src

set source-address ipv4 1.2.3.4

!

class type traffic class-default

!

end-policy-map

!

xander

View solution in original post

xthuijs · ‎02-08-2015

hi carlos,

the CSCud94957 was the ddts that reversed that model, so before this ddts you could match on mpls labels etc.

To allow matching on labeled packets we implemented a PBR infrastructure that went into 522.

the command structure is something like this:

CLASS-map configuration

class-map type traffic match-all mpls-dns-src

match protocol mpls

match access-group ipv4 dns-src-acl

end-class-map

Note here the match-all clause and match on mpls and match on access-group to instruct the forwarders to apply the ACL on labeled packets.

Packet MUST be single labeled.

PBR configuration:

policy-map type pbr demo2

class type traffic mpls-dns-src

set source-address ipv4 1.2.3.4

!

class type traffic class-default

!

end-policy-map

!

xander

Carlos A. Silva · ‎02-09-2015

thank you very much, xander. will test it the way you suggest it.

Carlos A. Silva · ‎09-21-2015

Xander:

Had to pick this up. I never got to test this because xrv does not support ABF. quick question regarding this config you suggest:

- ACL is going to look exactly like an ABF ACL? or should we remove the nexthop part?

- for the pbr: set source-address ipv4 [NH] where NH is the nexthop we want the traffic to be sent to?

- then apply service-policy to interface?

Configuration-wise it's reasonably different that (the simple) ABF setup.

Thanks!

c.

Aleksandar Vidakovic · ‎09-22-2015

hi Carlos,

with PBR ACL is used only for classification, so drop the nexthop part in the ACL definition.

source-address and destination-address are actually rewriting the IP packet header, changing the source or destination IP address.

To manipulate the next-hop for MPLS packets you can use PBTS. Use the PBR to set the forwarding-class for the traffic of choice (defined by mpls-dns-src in the example). Then create MPLS TE tunnels designated to that forwarding class. You should have one default tunnel and as many specific tunnels (per forwarding class) as you need.

Maybe there is some other trick you can use to manipulate the next hop for MPLS traffic. I can only think of this one.

Hope this helps,

Aleksandar

Aleksandar Vidakovic · ‎09-23-2015

I have to correct my response. You can use the "redirect" keyword in the PBR policy.

ipv4 access-list dns-src-acl
 10 permit ipv4 any any
!
class-map type traffic match-all mpls-dns-src
 match protocol mpls
 match access-group ipv4 dns-src-acl
 end-class-map
!
policy-map type pbr demo2
 class type traffic mpls-dns-src
 redirect ipv4 nexthop 1.1.1.1
!
 class type traffic class-default
!
end-policy-map
!

regards, Aleksandar

Carlos A. Silva · ‎09-23-2015

Thank you very much, Aleksandar! Really appreciate you taking the time.

Hopefully I'll get to try this in the next few days. Will update with results.