MPLS VPN QoS with GNS3 and Virtualbox

The integration of Virtualbox with GNS3 has driven me crazy as simulations you can do with it are limitless. When QoS over MPLS is concerned, not many websites are available explaining it in simple terms. The vast majority of results you might get on google would refer to Cisco documentations. It gives me chills to refer to Cisco documentations as it is just too vast and the thought of it overwhelms me. So in this blog, we will see how QoS works in an MPLS environment and the various types and options available with it. We will make a vanilla MPLS setup so that we can concentrate more on QoS.

Minimum Requirements     

  • A fast PC with i7 processor and sufficient ram to run 6 routers and 2 Virtualbox guests.
  • Virtualbox with 2 graphical OSes. I have used Win XP and Ubuntu Studio
  • GNS3 Virtualbox Edition

The Setup

The topology consists of 5 7200s as represented in the diagram. The ip addressing of the links are as mentioned in the diagram. OSPF is running on all links of Service Provider routers using network 0.0.0.0 255.255.255.255 area 0 command. In order to keep the topology simple, I have kept 2 CE routers, 2 PE Routers and a single P router. The PE-CE routing protocol is EIGRP.setup

I am using only one interface on the virtualbox host for connecting it with the GNS3. If you are using a NAT interface simultaneously, the reachability will not be complete as then both interfaces will have default route, so shutdown the NAT interface. I am using Ubuntu Studio as content source and it is connected to R1. Windows XP is user and is connected to R5. You might need the help of a Linux admin if you intend to run this lab as you have to enable Web server, FTP server and Samba on the Linux machine.

Note: The bandwidth testing will be done below 1 Mbps as the GNS3 interfaces are simulated and don’t give transfer rate more than 1 Mbps.

You can find the base configuration for the Routers at the end of the page.

The Scenarios

The QoS relating to an MPLS network can be of 2 types depending upon whether you are a Customer or you are a Service Provider.

QoS on Customer Network with MPLS Links

When you are an MPLS VPN Customer, you do not see the MPLS network as a massive group of routers spread across the country or even spread across the world. You see it just like you would see any Layer 2 private circuit like Frame Relay or Metro Ethernet. Your concern might not be that the traffic which goes across the MPLS link be given priority treatment. Your concern might be that QoS is implemented within your network consisting of multiple offices in multiple cities. The QoS in this case will be that Mission critical and Time Sensitive applications get priority over Bulk and scavenger traffic in your own network.Image

QoS on MPLS Cloud for the Customer

In an MPLS Cloud if there is no QoS, all traffic delivery will be best effort. If you want that your Mission critical and Time sensitive Traffic be given preferential treatment in the MPLS Cloud as compared to other traffic types and other Customers then the Service Provider will have to run QoS in their cloud. This will mean that either the customer has to mark the traffic and send traffic and the Service provider will use the marking for QoS or Service provider will not trust the marking of Customer and mark the customer packets with its own standard markings.

Scenario 1 QoS on Customer Network

As we will be seeing in the coming simulation, the marked packets of customer which has to be intact all over the customer network will remain intact as a default behaviour of MPLS VPN and no configuration is required on the Service Provider side.

Image

Configuration

We will be configuring marking on CE1 to be taken across the MPLS cloud so that I can use it on CE2. Also, we want traffic to be given certain QoS treatment as mentioned below

Marking
FTP as DSCP EF
Web as DSCP AF41
Samba as DSCP CS4

The configuration on CE1 is as follows

ip access-list extended SMB
permit tcp any eq 445 any
permit tcp any any eq 445
class-map match-all FTP
match protocol ftp
class-map match-all WEB
match protocol http
class-map match-all SMB
match access-group name SMB

policy-map MARK
class FTP
set dscp ef
class WEB
set dscp af41
class SMB
set dscp cs4

interface GigabitEthernet1/0
service-policy input MARK

The QoS Policy will be as below
FTP gets policed guaranteed bandwidth of 128Kbps
Web gets 512Kbps guaranteed bandwidth
Samba gets Priority bandwidth of 128 Kbps

The configuration on CE1 is as below

class-map match-all AF41
match dscp af41
class-map match-all EF
match dscp ef
class-map match-all CS4
match dscp cs4
policy-map QOS
class EF
bandwidth 128
police 128000 16000 16000 conform-action transmit exceed-action drop
class AF41
bandwidth 512
class CS4
priority 128 16000
interface GigabitEthernet2/0
bandwidth 1024
load-interval 30
max-reserved-bandwidth 90
service-policy output QOS

Since the MPLS link is like a Layer 2 circuit to customer, for end to end QoS, we will configure the policies of CE1 on CE2 as well.

Note: Since we are using simulated interfaces of GNS3 which has limited bandwidth of 1 Mbps, we are using bandwidth 1024  on the interface and max-reserved-bandwidth 90 is to lower the reservation for Routing protocol traffic on an interface to 10%. load-interval 30 is for faster refresh of Show counters.

The Results

We have started transfer of all 3 types and we will analyse the results ahead. The best way to check out what is going on, as far as QoS implementation is concerned, is by first verifying the classifications and markings. For this I am relying on Wireshark packet capture because it is visual and I want to explain it without using show commands. We will take an example traffic of Samba.

Classification and Marking

The snap below shows the capture of traffic leaving the CE1 router and that the Samba traffic has been marked with CS4.

Image

Retention of marking in MPLS Cloud

There are 2 things here. The first is that ip markings are copied onto the MPLS EXP bits i.e. the CS4 is copied as EXP 4 on MPLS label. Also as can be seen, there are 2 MPLS labels for our packet, one representing the outer transport label and second representing the inner VPN label. The second thing to note here is that our ip packet markings are intact even in the MPLS cloud but it can never be used because packets are not de-encapsulated till that layer.

Image

Retention of marking on CE2

As seen from the capture below, the Samba packet is having CS4 which means it is retaining its original markings.

Image

The final bandwidth usage can be seen from show policy-map interface output on CE2 as below

CE2#sh policy-map int
GigabitEthernet2/0
Service-policy output: QOS
Class-map: EF (match-all)
17 packets, 25602 bytes
30 second offered rate 123000 bps, drop rate 0 bps
Match: dscp ef (46)
Queueing
Output Queue: Conversation 265
Bandwidth 128 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 17/25602
(depth/total drops/no-buffer drops) 2/0/0
police:
cir 128000 bps, bc 16000 bytes
conformed 17 packets, 25602 bytes; actions: transmit
exceeded 0 packets, 0 bytes; actions: drop
conformed 0 bps, exceed 0 bps

Class-map: AF41 (match-all)
90 packets, 135540 bytes
30 second offered rate 558000 bps, drop rate 0 bps
Match: dscp af41 (34)
Queueing
Output Queue: Conversation 266
Bandwidth 512 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 92/138552
(depth/total drops/no-buffer drops) 28/0/0

Class-map: CS4 (match-all)
13 packets, 18645 bytes
30 second offered rate 136000 bps, drop rate 0 bps
Match: dscp cs4 (32)
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 128 (kbps) Burst 16000 (Bytes)
(pkts matched/bytes matched) 13/18645
(total drops/bytes drops) 0/0

Scenario 2 QoS on MPLS Cloud for the Customer

In the previous scenario we have seen how you can implement QoS in your network not caring what is present in the Service Provider. In this scenario, we will want even the Service Provider to give customer packets priority treatment. It is improbable though that Service Provider will make special policies for individual customers according to their needs. What they might do is make a template of QoS policies and customer can then mark the packets accordingly. We will use the same bandwidth values we used in the previous scenario but this time the Service Provider will be the incharge of markings in its own network and it will give priority to traffic it deems fit.

Marking in Service Provider Cloud

The configuration will be similar to that on CE1 except the markings are as below

FTP as DSCP EF
Web as DSCP AF33
Samba as DSCP AF21

The QoS Policies will be as below
FTP gets policed guaranteed bandwidth of 128 Kbps and exceeded traffic will be remarked with EXP 1 which will get 64Kbps
Web gets 512 Kbps guaranteed bandwidth
Samba gets Priority bandwidth of 128 Kbps

Configuration on PE1

class-map match-all EXP5
match mpls experimental topmost 5
class-map match-all EXP3
match mpls experimental topmost 3
class-map match-all EXP2
match mpls experimental topmost 2
policy-map QOS
class EXP3
bandwidth 512
class EXP2
priority 128 16000
class EXP5
bandwidth 128
police 128000 16000 16000 confor transm exceed-act set-mpls-exp-topmost-transmit 1
interface GigabitEthernet2/0
bandwidth 1024
load-interval 30
max-reserved-bandwidth 90
service-policy output QOS

I am utilizing EXP markings instead of DSCP as DSCP will automatically be copied to EXP bits with a corresponding value. You can refer to the following table to see the mapping between DSCP and EXP.DSCP to EXP

In order to ensure end to end QoS in the whole Service Provider domain, we will have to next configure it on P router. The configuration will be same as that on PE1 except you will not have to mark anything as the marking is already present in MPLS EXP bits. We just need to make configuration for the exceeded remarked traffic on P router.

class-map match-all EXP1
match mpls experimental topmost 1
policy-map QOS
class EXP1
police 64000 8000 8000 conform-action transmit exceed-action drop

After packets leave the P router, it will lose the outer label to MPLS PHP. We cannot afford to lose this label as exceeded ftp traffic will be remarked in the outer label. In order to retain the outer label, we will enable Explicit Null on PE2 router.

mpls ldp explicit-null

When the packets reach PE2, MPLS label will be stripped and ip packets will head out via customer interface. There can be 2 cases here. As I said, ip packets will retain the markings even after traversing MPLS cloud, so we can use the packet marking and set bandwidth policies on PE2. This would be the case if there is no packet remarking in the MPLS Cloud. The other thing is that since we are resorting to packet remarking in MPLS Cloud, we cannot use ip packets for QoS treatment. We must utilise markings on EXP bits but as the labels are stripped, we must store the markings on a temporary placeholder. This is where qos group comes into the picture. We will make a template to copy all EXP bits from the MPLS header to a corresponding qos group. The configuration on PE2 is as mentioned below

class-map match-all EXP0
match mpls experimental topmost 0
class-map match-all EXP1
match mpls experimental topmost 1
class-map match-all EXP2
match mpls experimental topmost 2
class-map match-all EXP3
match mpls experimental topmost 3
class-map match-all EXP4
match mpls experimental topmost 4
class-map match-all EXP5
match mpls experimental topmost 5

policy-map EXPtoQOS
class EXP0
set qos-group 0
class EXP1
set qos-group 1
class EXP2
set qos-group 2
class EXP3
set qos-group 3
class EXP4
set qos-group 4
class EXP5
set qos-group 5
interface GigabitEthernet1/0
service-policy input EXPtoQOS

Now that we have copied the EXP bits to qos group, we can utilise it to set bandwidth policies on customer exit interface.

class-map match-all QOS0
match qos-group 0
class-map match-all QOS1
match qos-group 1
class-map match-all QOS2
match qos-group 2
class-map match-all QOS3
match qos-group 3
class-map match-all QOS4
match qos-group 4
class-map match-all QOS5
match qos-group 5

policy-map QOS
class QOS3
bandwidth 512
class QOS2
priority 128 16000
class QOS5
bandwidth 128
police 128000 16000 16000 conform-action transmit exceed-action drop
class QOS1
police 64000 8000 8000 conform-action transmit exceed-action drop

interface GigabitEthernet2/0
bandwidth 1024
load-interval 30
max-reserved-bandwidth 90
service-policy output QOS

Results

We will utilize the packet capture from Wireshark to explain the events that take place in the MPLS Cloud. We will take the example of FTP traffic. As can be seen below, the ip header retains its marking but it is of no use to us since we cannot go to that level in an MPLS Cloud. The DSCP marking is copied to EXP 5 automatically.

pe1 to p ftp marking
On P router, had we not used Explicit Null on PE2 router, we would have lost the transport label and we could not have been able to remark exceeded FTP traffic. As can be seen, when the traffic leaves P router, there is no Transport label.p to pe2 ftp without explicit null

After Explicit Null, we can see the remarked MPLS Label with EXP 1 which we had used on P router police configuration.

p to pe2 ftp remarked with Explicit null

The Final bandwidth we can verify from the show policy-map interface command

PE2#sh policy-map int g2/0
GigabitEthernet2/0

Service-policy output: QOS

Class-map: QOS3 (match-all)                                       HTTP Traffic
8044 packets, 12110416 bytes
30 second offered rate 533000 bps, drop rate 0 bps
Match: qos-group 3
Queueing
Output Queue: Conversation 265
Bandwidth 512 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 7789/11730234
(depth/total drops/no-buffer drops) 7/0/0

Class-map: QOS2 (match-all)                                         Samba Traffic
1240 packets, 1702089 bytes
30 second offered rate 115000 bps, drop rate 0 bps
Match: qos-group 2
Queueing
Strict Priority
Output Queue: Conversation 264
Bandwidth 128 (kbps) Burst 16000 (Bytes)
(pkts matched/bytes matched) 1194/1645395
(total drops/bytes drops) 2/3012

Class-map: QOS5 (match-all)                                         Conforming FTP Traffic
1624 packets, 2417685 bytes
30 second offered rate 124000 bps, drop rate 0 bps
Match: qos-group 5
Queueing
Output Queue: Conversation 266
Bandwidth 128 (kbps) Max Threshold 64 (packets)
(pkts matched/bytes matched) 1563/2325819
(depth/total drops/no-buffer drops) 1/0/0
police:
cir 128000 bps, bc 16000 bytes
conformed 1622 packets, 2414673 bytes; actions:transmit
exceeded 3 packets, 4518 bytes; actions:drop
conformed 124000 bps, exceed 0 bps

Class-map: QOS1 (match-all)                                             Exceeded FTP Traffic
122 packets, 183732 bytes
30 second offered rate 4000 bps, drop rate 0 bps
Match: qos-group 1
police:
cir 64000 bps, bc 8000 bytes
conformed 76 packets, 114456 bytes; actions:transmit
exceeded 46 packets, 69276 bytes; actions:drop
conformed 4000 bps, exceed 0 bps

Class-map: class-default (match-any)
194 packets, 15956 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any

Base configuration

CE1
router eigrp 100
network 1.1.40.0 0.0.0.255
network 172.16.11.0 0.0.0.255
no auto-summary

PE1
ip vrf cust
rd 100:1
route-target export 100:1
route-target import 100:1

interface GigabitEthernet1/0
ip vrf forwarding cust
interface GigabitEthernet2/0
mpls ip
router eigrp 65000
auto-summary
!
address-family ipv4 vrf cust
redistribute bgp 100 metric 1 1 1 1 1
network 172.16.11.0 0.0.0.255
no auto-summary
autonomous-system 100
exit-address-family
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 100.100.100.2 remote-as 100
neighbor 100.100.100.2 update-source Loopback100
!
address-family vpnv4
neighbor 100.100.100.2 activate
neighbor 100.100.100.2 send-community extended
exit-address-family
!
address-family ipv4 vrf cust
redistribute eigrp 100
no auto-summary
no synchronization
exit-address-family

P
interface GigabitEthernet1/0
mpls ip
!
interface GigabitEthernet2/0
mpls ip
!
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0

PE2
ip vrf cust
rd 100:1
route-target export 100:1
route-target import 100:1
interface GigabitEthernet1/0
mpls ip
!
interface GigabitEthernet2/0
ip vrf forwarding cust
!
router eigrp 65000
auto-summary
!
address-family ipv4 vrf cust
redistribute bgp 100 metric 1 1 1 1 1
network 172.16.22.0 0.0.0.255
no auto-summary
autonomous-system 100
exit-address-family
router ospf 1
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 100.100.100.1 remote-as 100
neighbor 100.100.100.1 update-source Loopback100
!
address-family vpnv4
neighbor 100.100.100.1 activate
neighbor 100.100.100.1 send-community extended
exit-address-family
!
address-family ipv4 vrf cust
redistribute eigrp 100
no auto-summary
no synchronization
exit-address-family

CE2
router eigrp 100
network 172.16.22.0 0.0.0.255
network 192.168.10.0
no auto-summary

I hope my post has been helpful in your life but the only guide which can help you in the hereafter is the Qur’an. You can download the English translation of the Qur’an here.

Advertisements

One thought on “MPLS VPN QoS with GNS3 and Virtualbox

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s