Configuration for DSCP Preserve Per-VRF
Topology
The topology illustrates the DSCP preserve feature, with PE1 and PE2 as the edge routers running L3VPN services, and the P router functioning as a transit router between them. PE1 receiving L3VPN and 6PE traffic with user-defined DSCP values, which can be either preserved or modified depending on the configurations applied at the ingress PE router. Multiple VRFs will be configured, each representing a different customer, where DSCP-preserve can be enabled or disabled at the per-VRF level.
Figure 71. Per- VRF DSCP Preserve
Configure DSCP Preserve and L3VPN Services on PE1 Router
| 1. | Enable QoS Globally: This command is mandatory to configure any QoS-related settings. Without it, QoS configurations will not function. |
Copy
PE1(config)# qos enable
PE1(config)# commit| 2. | (Optional) Configure DSCP Preserve globally for L3VPN and 6PE Traffic: This command provides control over remarking user-defined DSCP values. Enabling this will preserve the DSCP value throughout the network. If DSCP preserve to be enabled only for specific L3 VPN services, then this command need not to be configured. |
Copy
PE1(config)#mpls lsp-encap-dscp-preserve| 3. | Configure DSCP Preserve globally for 6PE Traffic: This command provides control over remarking user-defined DSCP values. Enabling this will preserve the DSCP value throughout the network. |
Copy
PE1(config)# mpls 6pe lsp-encap-dscp-preserve (enable | disable)| 4. | Configure QoS Profiles or Class-Map Profiles for remarking incoming DSCP values as follows: |
| • | Method 1: QoS Profile: Use the “dscp-to-queue” profile to remark the incoming DSCP value via a user-defined queue. |
Copy
PE1(config)# qos profile dscp-to-queue dscp_profile1
PE1(config-ingress-dscp-map)# dscp 24 queue 3 dscp 32
PE1(config-ingress-dscp-map)# commit
PE1(config-ingress-dscp-map)# exit
PE1(config)# interface xe0.100
PE1(config-if)# qos map-profile dscp-to-queue dscp_profile1
PE1(config-if)# commit
PE1(config-if)# exit| • | Method 2: Class-Map/Policy-Map: Use the “match” criteria to remark the incoming DSCP value to a user-defined DSCP value. |
Copy
PE1(config)# class-map type qos match-any class1
PE1(config-qos-match-any)# match dscp 24
PE1(config-qos-match-any)# commit
PE1(config-qos-match-any)# exit
PE1(config)# policy-map type qos pmap1
PE1(config-pmap-qos)# class type qos class1
PE1(config-pmap-qos)# set dscp 32
PE1(config-pmap-qos)# commit
PE1(config-pmap-qos)# exit
PE1(config)# interface xe0.100
PE1(config-if)# service-policy type qos input pmap1
PE1(config-if)# commit | 5. | Configure EXP Encapsulation on the Egress Interface: This profile modifies the incoming EXP value to the user-defined EXP value, which is then reflected in the MPLS EXP bit. |
| • | Example Config on Qumran 1: |
Copy
PE1(config)# qos profile exp-encap exp_profile1
PE1(config-egress-exp-encap-map)# l3 dscp 32 exp 5
PE1(config-egress-exp-encap-map)# commit
PE1(config-egress-exp-encap-map)# exit
PE1(config)# interface ce46/3
PE1(config-if)# label-switching
PE1(config-if)# qos map-profile exp-encap exp_profile1
PE1(config-if)# commit
PE1(config-if)# exit| • | Example Config on Qumran 2: |
Copy
PE1(config)# qos profile queue-to-exp exp_profile1
PE1(config-egress-queue-exp-map)# queue 3 color all exp 5
PE1(config-egress-queue-exp-map)# commit
PE1(config-egress-queue-exp-map)# exit
PE1(config)# interface ce46/3
PE1(config-if)# label-switching
PE1(config-if)# qos map-profile queue-to-exp exp_profile1| 6. | Define Multiple IP VRFs: Configure VRFs with appropriate Route Distinguisher (RD) and Route Target (RT) values to isolate IP address routing for multiple customers. |
Copy
PE1(config)# ip vrf vrf100
PE1(config-vrf)# rd 1.1.1.1:100
PE1(config-vrf)# route-target both 100:100
PE1(config-vrf)# commit
PE1(config)# ip vrf vrf101
PE1(config-vrf)# rd 1.1.1.1:101
PE1(config-vrf)# route-target both 101:101
PE1(config-vrf)# commit
PE1(config)# ip vrf vrf102
PE1(config-vrf)# rd 1.1.1.1:102
PE1(config-vrf)# route-target both 102:102
PE1(config-vrf)# commit| 7. | Associate Interfaces to VRFs: After defining the VRFs, assign interfaces to them to allow the PE router to recognize which interfaces belong to each VRF. |
Copy
PE1(config)# interface xe0.100
PE1(config-if)# encapsulation dot1q 100
PE1(config-if)# ip vrf forwarding vrf100
PE1(config-if)# ip address 100.100.100.1/24
PE1(config-if)# exit
PE1(config)# commit
PE1(config)# interface xe0.101
PE1(config-if)# encapsulation dot1q 101
PE1(config-if)# ip vrf forwarding vrf101
PE1(config-if)# ip address 100.100.101.1/24
PE1(config-if)# exit
PE1(config)# commit
PE1(config)# interface xe0.102
PE1(config-if)# encapsulation dot1q 102
PE1(config-if)# ip vrf forwarding vrf102
PE1(config-if)# ip address 100.100.102.1/24
PE1(config-if)# exit
PE1(config)# commit
PE1(config)# interface xe0.103
PE1(config-if)# encapsulation dot1q 103
PE1(config-if)# ipv6 address 1001::2/64
PE1(config-if)# exit
PE1(config)# commit| 8. | Configure CE Neighbor for VPN Using BGP: To provide a VPN service, configure the PE router to associate any routing information learned from a VPN customer interface with a particular VRF. |
Copy
PE1(config)# router bgp 100
PE1(config)# bgp router-id 1.1.1.1
PE1(config)# neighbor 3.3.3.3 remote-as 100
PE1(config)# neighbor 3.3.3.3 update-source lo
PE1(config)# neighbor 3.3.3.3 advertisement-interval 0
PE1(config)# neighbor 1001::2 remote-as 100
PE1(config-router)# address-family ipv4 unicast
PE1(config-router-af)# redistribute connected
PE1(config-router-af)# exit-address-family
PE1(config-router)# address-family ipv4 vrf vrf100
PE1(config-router)# neighbor 100.100.100.2 remote-as 100
PE1(config-router-af)# neighbor 100.100.100.2 activate
PE1(config-router-af)# exit-address-family
PE1(config-router)# address-family ipv4 vrf vrf101
PE1(config-router)# neighbor 100.100.101.2 remote-as 100
PE1(config-router-af)# neighbor 100.100.101.2 activate
PE1(config-router-af)# exit-address-family
PE1(config-router)# address-family ipv4 vrf vrf102
PE1(config-router)# neighbor 100.100.102.2 remote-as 100
PE1(config-router-af)# neighbor 100.100.102.2 activate
PE1(config-router-af)# exit-address-family
PE1(config-router)# address-family ipv6 unicast
PE1(config-router-af)# neighbor 1001::2 activate
PE1(config-router-af)# exit-address-family
PE1(config-router)# commit| 9. | Now enable or disable dscp-preserve based on requirement globally and per-vrf level for L3VPN and 6PE traffic. |
Copy
PE1(config)#ip vrf vrf100
PE1(config-vrf)#mpls lsp-encap-dscp-preserve enable
PE1(config)#ip vrf vrf101
PE1(config-vrf)#mpls lsp-encap-dscp-preserve disable
PE1(config)#ip vrf vrf102
PE1(config-vrf)#mpls lsp-encap-dscp-preserve enableRunning Configuration on PE1 Router is as follows:
Copy
PE1#show running-config
!
! Software version: UFI_S9600-56DX-OcNOS-SP-PLUS-6.5.3.80-Alpha 10/07/2024 14:38:44
!
! Last configuration change at 02:55:39 UTC Tue Oct 15 2024 by root
!
feature netconf-ssh vrf management
feature netconf-tls vrf management
no feature netconf-ssh
no feature netconf-tls
service password-encryption
!
snmp-server enable traps link linkDown
snmp-server enable traps link linkUp
!
hardware-profile filter qos-ext enable
hardware-profile statistics voq-full-color enable
hardware-profile statistics cfm-ccm disable
hardware-profile port-config mode3
!
qos enable
qos profile dscp-to-queue dscp_profile1
dscp 24 queue 3 dscp 32
qos profile queue-to-exp exp_profile1
queue 3 color all exp 5
!
mpls lsp-encap-dscp-preserve
!
hostname PE1
port ce46 breakout 4X10g
no ip domain-lookup
ip domain-lookup vrf management
tfo Disable
errdisable cause stp-bpdu-guard
no feature telnet vrf management
no feature telnet
feature ssh vrf management
no feature ssh
feature dns relay
ip dns relay
ipv6 dns relay
feature ntp vrf management
ntp enable vrf management
!
ip vrf management
!
ip vrf vrf100
rd 1.1.1.1:100
route-target both 100:100
!
router ldp
targeted-peer ipv4 3.3.3.3
exit-targeted-peer-mode
transport-address ipv4 1.1.1.1
!
router rsvp
!
interface ce46/3
load-interval 30
ip address 10.10.10.1/24
mtu 9216
label-switching
enable-ldp ipv4
enable-rsvp
!
interface eth0
ip vrf forwarding management
ip address dhcp
!
interface lo
ip address 127.0.0.1/8
ip address 1.1.1.1/32 secondary
ipv6 address ::1/128
!
interface lo.management
ip vrf forwarding management
ip address 127.0.0.1/8
ipv6 address ::1/128
!
exit
!
router ospf 100
ospf router-id 1.1.1.1
network 1.1.1.1/32 area 0.0.0.0
network 10.10.10.0/24 area 0.0.0.0
!
router bgp 100
bgp router-id 1.1.1.1
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source lo
neighbor 3.3.3.3 advertisement-interval 0
!
address-family ipv4 unicast
network 1.1.1.1/32
exit-address-family
!
address-family vpnv4 unicast
neighbor 3.3.3.3 activate
exit-address-family
!
address-family ipv4 vrf vrf100
redistribute connected
neighbor 100.100.100.2 remote-as 100
neighbor 100.100.100.2 activate
exit-address-family
!
exit
!
line console 0
exec-timeout 0
!
!
end
PE1#Running Configuration on P Router is as follows:
Copy
P#show running-config
!
! Software version: EC_AS5912-54X-OcNOS-SP-MPLS-6.6.0.104-Alpha 10/13/2024 21:38:49
!
! Last configuration change at 02:00:52 UTC Tue Oct 15 2024 by root
!
feature netconf-ssh vrf management
feature netconf-tls vrf management
no feature netconf-ssh
no feature netconf-tls
service password-encryption
!
snmp-server enable traps link linkDown
snmp-server enable traps link linkUp
!
hardware-profile statistics ingress-acl enable
!
qos enable
!
hostname P
no ip domain-lookup
ip domain-lookup vrf management
tfo Disable
errdisable cause stp-bpdu-guard
no feature telnet vrf management
no feature telnet
feature ssh vrf management
no feature ssh
feature dns relay
ip dns relay
ipv6 dns relay
feature ntp vrf management
ntp enable vrf management
!
ip vrf management
!
router ldp
transport-address ipv4 2.2.2.2
!
router rsvp
!
interface eth0
ip vrf forwarding management
ip address dhcp
!
interface lo
ip address 127.0.0.1/8
ip address 2.2.2.2/32 secondary
ipv6 address ::1/128
!
interface lo.management
ip vrf forwarding management
ip address 127.0.0.1/8
ipv6 address ::1/128
!
interface xe1
load-interval 30
ip address 10.10.10.2/24
mtu 9216
label-switching
enable-ldp ipv4
enable-rsvp
!
interface xe9
load-interval 30
ip address 20.20.20.2/24
mtu 9216
label-switching
enable-ldp ipv4
enable-rsvp
!
exit
!
router ospf 100
ospf router-id 2.2.2.2
network 2.2.2.2/32 area 0.0.0.0
network 10.10.10.0/24 area 0.0.0.0
network 20.20.20.0/24 area 0.0.0.0
!
line console 0
exec-timeout 0
!
!
end
P#Running Configuration on PE2 Router is as follows:
Copy
PE2#show running-config
!
! Software version: EC_AS7316-26XB-OcNOS-CSR-6.5.3.81-Alpha 10/08/2024 14:39:39
!
! Last configuration change at 07:33:31 UTC Tue Oct 15 2024 by root
!
feature netconf-ssh vrf management
feature netconf-tls vrf management
no feature netconf-ssh
no feature netconf-tls
service password-encryption
!
snmp-server enable traps link linkDown
snmp-server enable traps link linkUp
!
hardware-profile statistics ingress-acl enable
!
qos enable
!
hostname PE2
no ip domain-lookup
ip domain-lookup vrf management
tfo Disable
errdisable cause stp-bpdu-guard
no feature telnet vrf management
no feature telnet
feature ssh vrf management
no feature ssh
feature dns relay
ip dns relay
ipv6 dns relay
feature ntp vrf management
ntp enable vrf management
!
ip vrf management
!
ip vrf vrf100
rd 3.3.3.3:100
route-target both 100:100
!
router ldp
!
router rsvp
!
interface ce0
!
interface ce1
!
interface eth0
ip vrf forwarding management
ip address dhcp
!
interface lo
ip address 127.0.0.1/8
ip address 3.3.3.3/32 secondary
ipv6 address ::1/128
!
interface lo.management
ip vrf forwarding management
ip address 127.0.0.1/8
ipv6 address ::1/128
!
interface xe4.100
encapsulation dot1q 100
load-interval 30
ip vrf forwarding vrf100
ip address 200.200.200.1/24
mtu 9216
!
interface xe9
load-interval 30
ip address 20.20.20.1/24
mtu 9216
label-switching
enable-ldp ipv4
!
exit
!
router ospf 100
ospf router-id 3.3.3.3
network 3.3.3.3/32 area 0.0.0.0
network 20.20.20.0/24 area 0.0.0.0
!
router bgp 100
bgp router-id 3.3.3.3
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source lo
neighbor 1.1.1.1 advertisement-interval 0
!
address-family ipv4 unicast
network 1.1.1.1/32
exit-address-family
!
address-family vpnv4 unicast
neighbor 1.1.1.1 activate
exit-address-family
!
address-family ipv4 vrf vrf100
redistribute connected
neighbor 200.200.200.2 remote-as 100
neighbor 200.200.200.2 activate
exit-address-family
!
exit
!
line console 0
exec-timeout 0
!
!
end
PE2#