What is it "tunnel mpls traffic-eng bandwidth" !!!

Buenas dia, Amigos!
I want to limit the speed of the MPLS Tunnel between two sites. I'm going to create a MPLS tunnel and apply
"tunnel mpls traffic-eng bandwidth X"
Can anybody answer me, it can really limit the speed or only reserve bandwidth?
!Hasta la vista, Amigos!

Hello Oleg,
the command is only used during the tunnel setup and has administrative meaning. It is used by RSVP for reservation of resources. It does not provide any form of rate control over the tunnel.
You need to control how much traffic you put on the tunnel on the tail end router.
Hope to help
Giuseppe

Similar Messages

Which object in RSVP message carried the value configured by "tunnel mpls traffic-eng bandwidth" command?

Hi Experts,
I configured a simple MPLS TE tunnel in my routers and configured it with "tunnel mpls traffic-eng bandwidth 777" command. The tunnel came up fine. I tried to capture the packets (using GNS capture) going out of tunnel head end interface but I could not find out on which message object the value '777' is carried. Can anyone please explain me exactly in which RSVP/OSPF message the bandwidth value is carried?
Thanks,
Madhu

Hello Madhu,
I think it is FLOWSPEC object, not 100% sure
The FLOWSPEC class is defined in RFC 2210. Cisco IOS Software requests Controlled-Load service when reserving a TE tunnel. The FLOWSPEC format is complex and has many things in it that RSVP for MPLS TE doesn't use.The FLOWSPEC is used in Resv messages—Resv, ResvTear, ResvErr, ResvConf, ResvTearConf. Its only use in MPLS TE is to use the average rate section of the FLOWSPEC to specify the bandwidth desired, in bytes. Not bits. Bytes. So if you configure a tunnel with tunnel mpls traffic-eng 100000 to request 100 Mbps of bandwidth, this gets signalled as 12,500,000 bytes per second (100 Mb is 100,000 Kb is 100,000,000 bits, which is 12,500,000 bytes).
Hope this helps
Regards
Mahesh

What is the 'tunnel mpls traffic-en bandwidth' ?

Hi
I do not understand about 'mpls tunnel traffic-en bandwidth'
If i want to use the RSVP-TE then i know i have to configure the 'ip rsvp bandwidth ...' and 'tunnel mpls traffic-en bandwidth...'
But why i have to configure them for TE.
RSVP is Resource Reservation Bandwidth so i think that 'ip rsvp bandwidth' checked the available B/W in physical interface for TE and it is not the reality B/W for tunnel.
Is it correct?
Can you teach me them for me 'IP RSVP BANDWIDTH, TUNNEL MPLS TRAFFIC-EN BANDWIDTH'
Thank you

Hello Byung,
the ip rsvp bandwidth specifies the total amount of resources available outbound an interface = total reserveable bandwidth on the link it can even bei higher then effective interface speed.
The other command specifies the amount of bandwidth to be used in the reservation for the specific MPLS TE tunnel and has to be lower then the first one in order for the link to be selected and used for the tunnel. If no suitable path is found the tunnel setup fails.
To be noted the bandwidth associated to an MPLS TE Tunnel is an administrative parameter and does not reflect the effective traffic that can travel over the tunnel.
The Call admission control is performed on the administrative bandwidth parameter not on effective user traffic.
Hope to help
Giuseppe

Tunnel mpls traffic-eng dynamic reoptimization issue

we have a dynamic tunnel, when the LSP switches to a suboptimal path due to failure on the optimal path it does not switch back to the optimal path once the path is restored.
How do we enable automatic reoptimization plus a threshold setting re = 5 seconds
interface Tunnel0
description test
ip unnumbered Loopback0
tunnel destination 211.1.219.6
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng path-option 10 dynamic

If you do a "show mpls traffic-eng tunnels brief" you will see that the default periodic optimization is set to 1 hour (3600 seconds).
You can use the following command to change this default timer:
mpls traffic-eng reoptimize timers frequency
For more information on this command, please see this URL:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/swtch_r/swi_m3.htm#wp1061558
Hope this helps,

"mpls traffic eng passive-interface" mapping on XR

Dears,
ON IOS for TE-InterAS ,the command "mpls traffic-eng passive-interface" is used on InterAS link which isn't running IGP so i am seeking for the equivlent command on XR but i can't find it so please advise what is the equivlent command on XR
Thanks

Hello Amr,
There is no equivalent command on IOS-XR. Are you trying to set up Inter-AS MPLS TE on XR? In IOS-XR, inter-AS tunnels are supported only by using verbatim path-options. Verbatim path-options are supported on both IOS and IOS-XR.
HTH,
Rivalino

Traffic-eng

tunnel mpls traffic-eng path-option number {dynamic |Explicit)
what is explicit if we define next hop under explicit path it will take that route only .Kindly eplain

hello
explicit you specify the path it should take(if constraints are met)
dynamic you rely on cspf to find a path given the constraints
etienne

MVPN RPF: traffic-eng multicast-intact + forwarding-adjacency rpf failure

Hello all,
Am going through a bit of pain at the moment trying to get around TE tunnels breaking RPF checks for multicast.
The common wisdom seems to be to use the "mpls traffic-eng multicast-intact" command, however this only seems to work for TE auto-route.
Is it reasonable to expect that this should work for forwarding-adjacency also?
The documentation says that by using the multicast-intact command, that it will not consider TE tunnels in the RPF check. It seems to me that this should work for forwarding-adjacency as well as auto-route.
This is on 7600s running RSP720s (SRB).
Any hints?
I can provide more details on the design if necessary.
Regards,
Anton

Yes, our tunnel will be dynamic also.
It is a ring based off our main core. I'm going to try a bit of ascii art..
http://www.huge.geek.nz/ascii.txt
We are using TE tunnels with FA from R2/R3 back to C3/C4 to control traffic on our ring (we have congestion so we need to spread the traffic around using TE).
At the moment, we also have multicast flooding in both directions around the ring. Each of the ring PEs needs to receive the multicast.
Our TE tunnels have a deliberate lower metric than the ring so that they will draw all traffic to/from the core to/from the ring PEs. They are also running ldp over rsvp.
This breaks multicast because it arrives on a physical interface but has a route back through the TE tunnels.
If we add a static mroute pointing in the usual arrival direction of the multicast then it will fix the problem, until that leg of the ring breaks. If we point the static at a recursive target then it will most likely choose the tunnel and we have the same RPF problem again. Hope this explains it.. otherwise I can provide more detail.
Regards,
Anton

Possible to ssh tunnel Bonjour traffic across different subnets?

Hello:
For quite some time, I have been thinking of buying a couple of iSights to enable audio/visual between two distant computers. But I really don't want to have to leave a dozen ports in my DSL modems opened up in order to use AIM or Jabber servers to iChatAV to my "usual" called parties (I can't help it, I'm paranoid - I have one ssh port open on my DSL modem at home - so most everything I do from afar -- afp (port 548), vnc( port 5900), etc., I tunnel it all over ssh).
So, in a similar vein, what I would like to do is treat a distant computer as if it were on my local 192.168.x.x NAT subnet, in order to do a Bonjour-like iChatAV connection without having to go to through these public servers and without having to leave a dozen ports open in my firewall (or go through the drill of opening/closing ports every time I want to iChat).
Now, if I understand this correctly, on one's local subnet, iChat AV works using Bonjour to communicate with other iChat AV users on the same subnet, which, I think, uses multicast packets. So I'm wondering if it is possible to ssh tunnel multicast traffic to a different computer like so:
ssh -L 5297:localhost:5297 -L 5298:localhost:5298 {called.party.IP.address}
thus being able to set up a secure point-to-point iChatAV connection?
Anybody ever do something like this?

Hin j.v.,
It is possible to iChat Bonjour over a Virtual Private Network , yes.
2:33 PM Thursday; May 4, 2006

Tunnelling web traffic through ssh

for tunnelling web traffic through ssh, it says here
http://wiki.freaks-unidos.net/weblog...fox-ssh-tunnel
that i have to set only the SOCKS Host text field in the edit>preferences>advanced>network>connection>settings
to localhost and the port i used for ssh but what about the other fields like http,ftp,gopher,and ssl proxy, shouldn't i need to set those too? if not why and what are those fields for anyway?
btw, is it possible to view streaming video like youtube.com while using a proxy? if so, then how would i go about it?

jordi wrote:
ssh -D 4444 (or any other port number) youruser@yourserver
see the manual:
-D [bind_address:] port
Specifies a local ''dynamic'' application-level port forwarding. This works by
allocating a socket to listen to port on the local side, optionally bound to
the specified bind_address. Whenever a connection is made to this port, the
connection is forwarded over the secure channel, and the application protocol
is then used to determine where to connect to from the remote machine. Cur‐
rently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a
SOCKS server. Only root can forward privileged ports. Dynamic port forward‐
ings can also be specified in the configuration file.
streaming videos like youtube.com will be possible... surfing the web will be the same as without socks proxy...
I suggest to use a addon like FoxyProxy if you use socks proxy's a lot.
1) I already know the ssh part, im talking about the configuration in firefox, sorry if i didn't make this clear.
for tunnelling web traffic through ssh, it says here
http://wiki.freaks-unidos.net/weblog...fox-ssh-tunnel
that i have to set only the SOCKS Host text field in the edit>preferences>advanced>network>connection>settings
to localhost and the port i used for ssh but what about the other fields like http,ftp,gopher,and ssl proxy, shouldn't i need to set those too? if not why and what are those fields for anyway?
2) and another thing about streaming videos, why is it that some proxies i have used before don't allow streaming traffic through?
ok it says here for vpn
http://searchsecurity.techtarget.com/sDefi...213324,00.html#
An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.
3) so how would the routers know where to route the data if its encrypted? and how would i go about implementing that?
4) btw, is ssh tunnelling an implementation of vpn?
5) another question i have would be that for ssh tunnelling, it works at the transport layer onwards so only applications which are designed to use the port would go through the tunnel and be encrypted right, other apps would not go through the tunnel. On the contrary, IPsec works on the network layer so all information above the network layer whether they use UDP or TCP or whatever ports for TCP would go through the tunnel and be encrypted. Are the above statements correct?
Last edited by unregistered (2008-05-11 08:39:19)

MPLS-TE Guarantee Bandwidth only for ?

Hello ^_^
Does the MPLS-TE can used in guarantee Bandwidth only for Voice or Video Conference at 3750-ME or 6524ME or 7206 Router ?

Hello Hsin,
if you don't use mpls autoroute announce you can decide what traffic you put in a mesh of MPLS TE tunnels.
This can be done by using static routes or combining them with BGP (using per service next-hop loopbacks).
Then, another matter is the volume of traffic you put over an MPLS TE tunnel: there is no real time effective CAC but CAC is performed on RSVP TE reversations.
In other words if a tunnel declares a bandwidth of 2 Mbps you can still put 20 Mbps of traffic over it!
It is not like it has been on ATM.
Hope to help
Giuseppe

MPLS Traffic Shaping/Policing on PE-CE link

Hi everyone,
We are considering to upgrade our remote sites to MPLS/VPN type of connectivity from ATM/FRASI.
Lets say we take a 10Mb link in the main office and 2-4Mb links for remote sites. Majority of servers (services) reside in main site, so majority of traffic flow will be from main site to remote sites.
1. Since CE at main site sees all the remote sites "coming" from provider's PE, how can you handle traffic shaping/policing issues on this main site CE?
2. Do you use MQC based on destination IP to apply shaping/policing configs on the CE-PE interface?
3. Is it necessary to even bother with this question?
Thank a lot.
David

BGP contains a multitude of knobs which allow a SP to control the traffic sent on one PE-CE link as opposed to the other. One can also make use of the Link Bandwidth extended community to control how traffic is distributed among multiple egress PE-CE links.
The VPN scheme is of course compatible with the use of traffic engineering techniques (RSVP-TE based or otherwise) in the backbone network.
A PE may support additional QoS support by means of one or more of the following methods:
-i. One COS per PW End Service (PWES), mapped to a single COS PW at the PSN.
-ii. Multiple COS per PWES mapped to a single PW with multiple COS at the PSN.
-iii. Multiple COS per PWES mapped to multiple PWs at the PSN.

MPLS Traffic Load Sharing

What is the best way to configure a load sharing policy from multiple CE "remotes" to two CE "hosts" in a MPLS network? Currently, all incoming traffic goes to only one host from the PE.

Hi,
you need to have a look at the complete routing architecture to understand possibilities/responsibilities.
Mainly load distribution for a single prefix can only occur, if more than one path to a destination is known. This however might not be given in the MPLS network. The underlying reason is that BGP will only send the best path in an update - but not all pathes a BGP speaker knows of (RFC mandates this).
As practically all larger BGP implementations use Route Reflectors, which are (RFC conforming) BGP speakers, they will only forward the best path to a destination. The result is:
IF more than one path to a destination network exists and is sent to the RR through different PE routers (with same RD) then only one path will be distributed to all other PE routers.
In this scenario load sharing for a single prefix can not occur, because only one routing table entry exists for this prefix in most if not all PE routers. All you can do is to try to load share by selecting different pathes for different destination prefixes by influencing routing metric. This way part of your traffic will go one way and part will take another path.
IF the SP however uses different RD values for every VRF and the proper "maximum-path" statements in MP-BGP, then load sharing per prefix can be achieved in the MPLS network. The customer however can not influence the SP setup.
Hope this Helps! Please rate all posts.
Regards, Martin

MPLS Traffic

Hi,
We are already having leased line for our branch office connectivity. We are planning to extend the connectivity through MPLS.
Is it possible to convert my traffic from LL to MPLS or we need to extend the connectivity with MPLS only.
Exisiting
Branch Office --> LL --> Head Office
Proposed
Branch Office --> LL --> MPLS --> MPLS Cloud --> Head Office
Also let me know to check the network latency in MPLS cloud.
Best Regards,
M.K

Hi,
What kind of traffic do you have?
You should be able to run MPLS over the LL. You can also run MPLS over the other links, extending the MPLS cloud.
To check round-trip latency, you can use IP SLA. The easiest is to just use ICMP:
http://www.cisco.com/en/US/partner/docs/ios/12_4/ip_sla/configuration/guide/hsicmp.html
Thanks,
Luc

MPLS Sizing - Enterprise Bandwidth Usage by Application

Hello Everyone,
In an effort to estimate bandwidth usage on an MPLS upgrade and rollout we have been tasked with determining what bandwidth is required without use of baseline measurements on live data.
Would anyone have a table or chart of applicaitons and their associated bandwidth requirements?
For example
SAP
Salesforce.com SAAS
desktop video conferencing
Email with attachments
etc
Thank you for your help,
Matthew

yeah... you bet, i considered all the options with access to the network.
Here is the scoop - Network is on 200 locations (MPLS), and I need to estimate for future applications.
I really really really wish for a chart that tells me BW per user per App...
dreaming?

Static-nat and vpn tunnel bound traffic from same private address?

Hi guys,
I have site-to-site tunnel local host @192.168.0.250 and remote-host @172.16.3.3.
For this local host @192.168.0.250, I also have a static one-to-one private to public.
static (mgmt-192,outside-50) 216.9.50.250 192.168.0.250 netmask 255.255.255.255
As you can see, IPSec SA shows end-points in question and traffic is being decrypted but not encrypted host traffic never enter into the tunnel, why?
How can I resolve this problem, without complicating the setup ?
BurlingtonASA1# packet-tracer input mgmt-192 icmp 192.168.0.250 8 0 172.16.3.3
Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
MAC Access list
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside-50
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.0.0 255.255.255.0 mgmt-192
Phase: 5
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group mgmt_intf in interface mgmt-192
access-list mgmt_intf extended permit icmp any any
access-list mgmt_intf remark *** Permit Event02 access to DMZ Intf ***
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
nat-control
match ip mgmt-192 host 192.168.0.250 outside-50 host 172.16.3.3
NAT exempt
translate_hits = 5, untranslate_hits = 0
Additional Information:
Phase: 9
Type: NAT
Subtype:
Result: ALLOW
Config:
static (mgmt-192,outside-50) 216.9.50.250 192.168.0.250 netmask 255.255.255.255
nat-control
match ip mgmt-192 host 192.168.0.250 outside-50 any
static translation to 216.9.50.250
translate_hits = 25508, untranslate_hits = 7689
Additional Information:
Phase: 10
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (mgmt-192,dmz2-172) 192.168.0.0 192.168.0.0 netmask 255.255.255.0
nat-control
match ip mgmt-192 192.168.0.0 255.255.255.0 dmz2-172 any
static translation to 192.168.0.0
translate_hits = 28867754, untranslate_hits = 29774713
Additional Information:
Phase: 11
Type: VPN
Subtype: encrypt
Result: ALLOW
Config:
Additional Information:
Phase: 12
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 1623623685, packet dispatched to next module
Result:
input-interface: mgmt-192
input-status: up
input-line-status: up
output-interface: outside-50
output-status: up
output-line-status: up
Action: allow
BurlingtonASA1#
Crypto map tag: map1, seq num: 4, local addr: 216.9.50.4
access-list newvpn extended permit ip host 192.168.0.250 host 172.16.3.3
local ident (addr/mask/prot/port): (192.168.0.250/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.16.3.3/255.255.255.255/0/0)
current_peer: 216.9.62.4
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 53, #pkts decrypt: 53, #pkts verify: 53
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 216.9.50.4, remote crypto endpt.: 216.9.62.4
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 37CA63F1
current inbound spi : 461C843C
inbound esp sas:
spi: 0x461C843C (1176273980)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 77398016, crypto-map: map1
sa timing: remaining key lifetime (kB/sec): (3914997/25972)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x003FFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x37CA63F1 (936010737)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 77398016, crypto-map: map1
sa timing: remaining key lifetime (kB/sec): (3915000/25972)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001

Hi
intersting VPN ACL
object-group network DM_INLINE_NETWORK_18
network-object YYY.YYY.YYY.0 255.255.255.0
object-group network DM_INLINE_NETWORK_22
network-object UUU.UUU.UUU.0 255.255.255.0
access-list outside_access_in extended permit ip object-group DM_INLINE_NETWORK_22 object-group DM_INLINE_NETWORK_18
Static NAT
static (Inside,outside) XXX.XXX.XXX.171 YYY.YYY.YYY.39 netmask 255.255.255.255
No NAT
object-group network DM_INLINE_NETWORK_20
network-object UUU.UUU.UUU.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip ZZZ.ZZZ.ZZZ.0 255.255.255.0 object-group DM_INLINE_NETWORK_20
VPN CLient Pool
No pool configured as it uses the interesting traffic or protected traffic in ASDM - UUU.UUU.UUU.0 is the IP address range at the far side of the site to site VPN.
I hope this helps
Thanks

What is it "tunnel mpls traffic-eng bandwidth" !!!

Similar Messages

Maybe you are looking for