QoS MPLS VRFs

Hi guys,
we are creating a new  MPLS cloud with the following VRFs: VRF- Voice, VRF- Data and VRF - Citrix.
My question is: is VRF traffic indepedent from other VRFs (talking about QoS) or I have to request to my MPLS provider to apply QoS?
I would like to have 3 Levels of QoS: Voice, Citrix and Data (that matches with the VRFs).
So it is QoS needed on the MPLS Provider side to increase my traffic performance for voice and Citrix?
Thank you very much for your help.
Jordi

Hi Jordi
You will need to have QOS configured for all the VRFs separately because of two main reasons:
1. Creating a VRF doesn't guarantee that you will get priority.
2. After the traffic enters the Service Provider backbone its all MPLS traffic and many customers share the same backbone, so to have an effective treatment of your traffic you will need to define proper QOS.
Regads
Vivek

Similar Messages

  • Apply QOS to vrf traffic?(Ethernet SubInts)

    Hi,
    I'm trying to apply "GOLD" QOS to vrf traffic that is terminated on eth subints, but class-map is not allowing me to match on subinterfaces:
    class-map match-any GOLD
    match mpls experimental topmost 5
    match ip precedence 5
    match input-interface fastEthernet 0/0 (Subints not allowed)
    I also cannot match on access-group, as the traffic is within a vrf.
    Should I be creating a seperate policy-map marking the traffic as GOLD, and then apply this as a "service-policy input" to each eth subint the vrf is associated with?

    Hi,
    when you apply the service-policy to an interface you do NOT need to specify the interface in the class-map! Example:
    class-map match-any VoIP
    match ip precedence 5
    match ip dscp ef
    policy-map Marking
    class VoIP
    set mpls experimental imposition 5
    interface FastEthernet0/0.100
    ip address ...
    encapsulation dot1q 100
    service-policy input Marking
    This will set MPLS exp bits on all traffic coming into F0/0.100 and being marked with either Prec 5 or DSCP EF.
    Sidenote: using an ACL in class VoIP will also only match traffic on the interface, where the policy is applied. So overlapping customer addresses are not an issue.
    Hope this helps! Please rate all posts.
    Regards, Martin

  • Should Wireless be in its own MPLS VRF?

    Hi,
    I already have an answer I like on this one, "YES!".
    Unfortunately I don't live in Mike-land while I'm at work. I need some reference architectures or authoritative security guides that explain why this is a best-practice, (at least where MPLS VRF's are available for use).
    My short list of reasons is:
    - More refined segementation
    - Easier standardization practices and associated documentation for tier I/IIs support staffs
    - Easier to trouble-shoot when route tables are differentiated, (wireless VRF's and wired VRF's)
    - Easier to observe and isolate traffic, (at firewall or router) in case of security breach
    ...I could go on.
    Any good documentation on this out there?  I can't find much.
    Any help appreciated,
    M.

    As Malcolm says, don't partition. You have a relatively small drive and partitioning will cramp OSX which needs a lot of free disk space to run optimally. The only reason I can see to put OSX on its own partition is if you want to have multiple copies on a computer. The other reason to partition is for convenience in making backups but that's going beyond your immediate question.

  • Full internet routes in MPLS-VRF

    hi~ all
    I just have some confused , whether it's good way load full internet routes in MPLS VRF , which there's no any service routing in core network but topology routing . but there's dual upstream ISP connecting ASBR , I'm afraid if I load these two full internet routes into VRF on 7600 , is it possible ? does it take so long time for loading routes in VRF ?
    could someone give me some proposal about it or some experience about internet routes in VRF , thanks.

    Its not a good practise to load all the internet rouetes in the vrf. Do use vrf leaking. For this create a vrf of named internet which will be loaded with the default route and export that route with the rd and mport that route in your particular vrf. With this you will be having only 1 route in the vrf.
    regards
    shivlu

  • MPLS VRFs and DMVPN

    Hello,
    we try to build a DMVPN Solution and try to integrate this solution into our MPLS network.
    Can anybody give me some informations about DMVPN and MPLS VRF configuration.
    Thanks
    Peer

    Try this link, might help http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110ba1.html

  • Carrying CLNS inside MPLS VRF

    Is there a way to carry CLNS traffic inside MPLS VRF?

    To configure a router running Intermediate System-to-Intermediate System (IS-IS) so that it floods Multiprotocol Label Switching (MPLS) traffic engineering (TE) link information into the indicated IS-IS level, use the mpls traffic-eng command in router configuration mode

  • MPLS Vrf opsf interfaces not working

    P/PE router VRF ospf interfaces unable to receive or advertised routing to and from CE router.
    Config attahced.
    Routes from PE VRF nortel shld be forwarded to CE router
    So are routes from CE 50.50.50.0 network
    Any ideas?

    Hello,
    Looks to me as if you did not start the ospf process in the VRF. So adjust the config according to:
    interface Serial2/0
    description MPLS VRF 1:1 connection to Cisco 2611 PPP
    ip vrf forwarding nortel
    ip address 200.0.30.1 255.255.255.0
    encapsulation ppp
    clock rate 128000
    interface FastEthernet4/0
    description MPLS connection for vrf Nortel 1:1
    ip vrf forwarding nortel
    ip address 70.70.70.1 255.255.255.0
    duplex auto
    speed auto
    no router ospf 1
    router ospf 1 vrf nortel
    network 200.0.30.0 0.0.0.255 area 0
    network 70.70.70.1 0.0.0.0 area 0 !In case you want OSPF over this interface as well
    With the current config I would assume that you do not see an OSPF adjacency on the CE.
    Hope this helps! Please rate all posts.
    Regards, Martin

  • MPLS VRFs hanging routes

    Hi all,
    We've a cell-based MPLS network (based on BPX 8600/LSC 7200 acting as the P and MGXs with RPMs acting as the PEs and connected with E3s to the BPX).
    On those PEs...we're running MPLS VPNs for our customers and there're 2 PEs acting as Route Reflectors for all the other PEs for reflecting the MP-BGP routes for the VRFs.
    The problem is that with any RPM reloads or any interface flapping or without any reason....all of a sudden we found that a VRF customer that has for example 2 branches....one of them connected to POPX and the other branch connected to POPY complaining that there's no connectivity bet the 2 branches although when issuing the command " sh ip route vrf Customer AAA " on the PE of POPX we found that the IBGP routes of the other branch are present in its VRF routing table.....but still the 2 branches cannot ping each other.
    The same problem may be repeated for all VRF customers connected bet those 2 POPs and aren't solved except when issuing the command on the PE of POP X "clear ip route (lpbk add of the PE in POPY)"
    After that command....everything is OK and the 2 branches can ping each other without problems.
    After some investigation...we found that this problem is due to an LSC bug....the suspected bugs were CSCea21665 and CSCea74222 and the workaround for those bugs are "clear ip route (Remote PE lpbk add)"
    As listed in those bugs also that the fix for them is in IOS 12.2(15)T05 and higher....so we upgraded our LSC from ver 12.2(8)T4 to the latest
    12.2(19).
    Unfortunately we found that the problem is not yet solved and still the same syptoms appers for the VRFs.....and that mean that upgrading the IOS ver for the LSc is not enough and there's a step yet missing for avoiding that fatal problem.
    So has anyone faced this problem before ??? and if yes what were the steps done to avoid it other than the famous workaround "clear ip route (Remote PE lpbk add)"???

    Mohamed,
    I red your problem, because I'm interested on all the WAN switching staff.
    Look at bug CSCea21665 on CCO, the fix is not integrated in 12.2 main line, so you have to go to one of the following minimum IOS 12.2(15)T05, 12.2(17.6)S, 12.3(1.9), 12.3(1.9)T, 12.0(25.3)S01, 12.2(11)T09, 12.2(15)ZK, 12.3(2.3)B, 12.2(15)ZK01.
    Look at Bug CSCea74222, it's fixed in
    12.2(15)T03, 12.3(1.5), 12.3(1.5)T, 12.2(17.3)S, 12.2(15)ZK, 12.3(2.3)B
    From that two bugs, do not use 12.2 main line, the fix is not integrated.
    Don't use 12.3, it's to new ;-))
    I would recommend 12.2(15)T05 or higher, that means 12.2(15)T07
    Than you shouldn't see the problem again.
    regards
    Dietmar

  • MPLS VRF Routes Leaking

    I am designing network to deploy MPLS L3 VPN services for 2000+ branch locations of 1 customer.
    Cisco 7600 series router is used as PE along with FWSM that points towards Global Routing Table (Internet Gateway).
    Customer is requiring the access for internet along with VPN services to all the 2000+ locations.
    What is the best solution to prefer that meets the requirements & also avoids the security loopholes ?

    you could do one of the following ways to implement Internet access for L3 MPLS VPN
    1. using a separate PE interface in global routing table: in this case the FWSM and an interface in the PE/PEs will require to be in the the global routing table to have the Internet access and then you can inject that route to the VRF/VRFs
    2. Internet access using route leaking between VRFs and the global route table: by using this method you will need to configure a static default route with a next hop as an Internet gateway in your case the FWSM, reachable through the global routing table, this VRF default route need to be injected/redistributed in  the PE-CE routing (MP-BGP) to provide the outbound Internet connectivity to your  VRFs.
    inbound traffic from Internet will require either NATed VRF or a static routes from the global routing table points to the VRF interface
    3. the other method is the used of shared service: with this method you need to put the Internet service FWSM in its own VRF then you can control the import and export between the Internet VRF and other VRFs through import/export of the VRFs route-target values
    good luck
    if helpful Rate

  • IOS Upgrade originating from a MPLS VRF

    What is equivalant MPLS "copy tftp flash" command to copy an image from a TFTP server located in a VRF? I can't get the router to pull IOS images unless the TFTP server is located in the Global Routing Table. I do realize this may be a stupid question btw... :)

    Martin,
    You are correct that the "ip tftp source-interface" command will get it to work but only for images integrating CSCea89507.
    Use the following link to find out in which images this DDTS is integrated:
    http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCea89507
    Hope this helps,

  • Problème MTU on MPLS Vrf

    Hello,
    I realize a laboratory L2 and L3 MPLS VPN.
    I use the ME-3800X. I have a problem with the MTU.
    PING 1500 byte or more between two host at each end of the network is OK
    The VRFs L3 and EoMPLS are almost OK
    But the 1500 byte or more of a VLAN interface of ME-3800 to a host outside the MPLS network is not good.
    A 64-byte ping is OK.
    The backbone-side interfaces have an MTU 1526.
    If anyone can help me, I would send you a diagram.
    Thank you

    Excuse me for being late.
    > why don't you use a simpler approach and configure a higher MTU on  all links end to end and avoid big headaches calculating the exact size  of packets >before and after n mpls labels?
    >ME3800x supports MTU up to 9800 by the way.
    >On MPLS core interfaces the more MTU the better, that's the golden rule!
    This is what I did.
    The probleme is not the MTU in the core, The problem is the return of the ping reply that are greater than 1500 bytes.
    the interface Vlan of ME-3800X sends a packet of size MTU of outgoing interface tengigabit (MTU1530).
    Once arrived  on the LAN, the packet is rejected.
    I send you a diagram as soon as possible!!!
    For EoMPLS is OK.
    One ticket is open at Cisco via my provider NextiraOne
    Cordialy,

  • Extending a MPLS VRF from a local to a remote location

    I am building a L3 MPLS network in our configuration center in Chicago.  The challenge at hand is that during user acceptance testing of all applications a group of individual will need to travel from So. Florida to Chicago and our management would like to test some/all these applications remotely.  What will be the best way to extend the VRF from one location to another.  My original thought is to request a dark fiber from the service provider and extend the CE device to our lab. 
    Any ideas....

    If you use this fiber and configure the interface of router in Chicago Center to belong a VRF the traffic work, only for this VRF. However you will not be extending your domain MPLS until the other point. Ideally, is necessary all sets to participate in the infrastructure domain and thus can configure any MPLS VPNs as necessary.
    tks,
    Fábio

  • TACACS aware MPLS VRF

    Hello,
    we are building MPLS VPN network that includes CE routers with ISDN BRI backup to MPLS VPN core, using L2TP dial-in access. Domain authentication and user authentication for CE routers are done at RADIUS server, through AV pairs which place the CE router in proper VRF.
    Question is: could this be achieved with TACACS server as well? Could TACACS server place CE routers in proper VRF? If this is not supported, is there a plan to support it?
    Thanks a lot for your help!

    Going by what I know, vrf is configured on PE. The CE doesn't have any knowledge of vrf. Am I missing something?

  • MPLS VRF configuartion on CE router

    I have following Secinario.
    CE1----PE1---P---PE2---CE1
    ---CE2
    From PE2 to CE2 there two links.
    Customer want VRF configuartion on the CE2 router on one link.
    I have confirgured the VRF in between PE2 and CE2 on one link.Also configured Rd and RT parameter in the VRF.
    I am useing BGP as routing protocol in between PE and CE.Can you please let me know should i have to configure MP-BGP in between PE2 and CE2 to carry RD and RT values from CE2 to PE2 ?

    only if you extending MPLS VPN down to your CE. MP-BGP propgates VPNv4 updates tagged with a VPN label among PE routers only.
    Normally an IGP protocol such as OSPF is used between PE-CE. You can configure OSPF in the VRF associated with the VPN and associate the interface connected to the CE with the VRF. OSPF routes can then propagate from a CE to a PE when an OSPF adjacency has formed between the two routers. OSPF adds routes to the VRF's forwarding table at the PE side with routes learned from the CE.
    see this http://www.juniper.net/techpubs/software/erx/erx50x/swconfig-routing-vol2/html/bgp-mpls-vpns-config5.html

  • MPLS / VRF

    Hello,
    how is it possible that VRF can be routed from one site to another site by the core routers?
    It is clear that the VRF must be configured and each interface is to be assigned.
    In addition, the IGP / redistribution between PE-CE and MP-BGP is to be configured.
    I found the following configurations in the documentation to configure the PE-Routers in the Core:
    (Configuring MP-BGP):
    PE 1:
    router bgp 1
    x.x.x.x neighbor remote-as 1
    x.x.x.x neighbor update-source loopback0
    address-family vpnv4
    neighbor x.x.x.x activate
    x.x.x.x neighbor send-community Both
    exit-address family
    PE 2:
    router bgp 1
    x.x.x.x neighbor remote-as 1
    x.x.x.x neighbor update-source loopback0
    address-family vpnv4
    neighbor x.x.x.x activate
    x.x.x.x neighbor send-community Both
    exit-address family
    What additional commands are required that a router from one location can ping a router to another location in the same VRF successful?
    Thanks for your help!

    Hello, 
    From the above configuration it looks like that you have configured MP-BGP. This is important for VRF to VRF communication over MPLS enabled backbone (MPLS VPN) since  MP-BGP propagates virtual routing and forwarding (VRF) reachability information to all members of a VPN community. MP-BGP peering must be configured on all PE devices within a VPN community. 
    Below are 2 links which clearly suggests what all things are required for VRF to VRF communication and reason for it. 
    http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_l3_vpns/configuration/15-mt/mp-l3-vpns-15-mt-book/mp-bgp-mpls-vpn.html
    http://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/13733-mpls-vpn-basic.html
    HTH,
    Nikhil 

Maybe you are looking for

  • Difference between Interface node and normal node?

    What is the main difference between  Interface node and normal node? Cheers Aisurya.

  • How to view the program panel in full screen mode?

    I know how to make the program panel full screen using the "~" key, but I would like to view my work completely without borders. Similar to using Quicktime or Windows media player. I can't imagine that this feature doesn't exist. Any help would be gr

  • IPad does not appear in iTunes.

    I'm running OS X 10.6.8 on my Mac. I'm plugged into a USB port on my Mac. I can see the device in iPhoto, but not iTunes. I tried reinstalling iTunes but receive the message that I have a newer version on my hard drive. I've restarted both units and

  • I forgot the passcode to erase my iphone 4s. What can I do???

    Verizon will not take back my iphone 4s unless they can erase the phone. I don't remember ever setting up a code to do this...What options do I have? Thanks!

  • Can't drag and drop from iPhoto

    For what ever reason my iPhoto will no longer allow me to drag photos and drop them into files on my desktop. It was letting my do it this morning so I would assume it is more a glitch than a permanent problem, if anyone could give me any suggestions