No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

IPP2 Services from the VIP VPN Customer Were Unavailable Due to Single Bucket Rate Limit Configuration

Publication Date:  2013-10-08 Views:  16 Downloads:  0
Issue Description

Among VIP VPN services, one type of IP services with IPP being 2 were unavailable. Ping tests on the CE failed.

Networking:

VIP VPN customer ---- CE ---- PE (NE80E) ---- Bearer network ---- CE ---- VPN customer

NE80E version: V300R003C02B382
Handling Process

The TOS of the IP services was 8 and was transmitted to the CE in the format of 00010000.

Upon receiving packets carrying 00010000, the CE set ip precedence to 2, that is, changed the most significant 3 bits to 2. The 8-bit IP header became 01010000 and was transmitted to the PE. Upon receiving the header, the PE processed it based on the DSCP format and converted 01010000 to 20 (decimal). On the PE, the default mapping relationship was ip-dscp-inbound 20 phb af2 yellow, that is, data packets with the TOS being 8 were colored in yellow.

The data packets matched rules for ip-precedence 2 and single bucket CAR was applied to the packets:

         traffic classifier ipp2 operator or
            if-match ip-precedence 2
         traffic behavior CTVPN52008
            car cir 16768 cbs 2432000 pbs 0 green pass red discard

1. For the single bucket CAR (no PIR parameters were configured), only CIR, CBS, and PBS took effect. The values of CBS and PBS must be greater than the longest packet (10000). To ensure accuracy of the CAR, it is recommended that the CBS and PBS be set to a value 10 times of the longest packet. If the value of CBS is less than the average length of input packets, no packets can be forwarded. If the value of PBS is less than the packet length, packets colored yellow cannot be forwarded.

2. According to the mapping rule in the default domain, packets entering the queue were colored yellow. When the PBS was 0, only green packets could be processed and all yellow packets were discarded, and therefore, services were unavailable.
Root Cause
On NE80E, packets were mapped to queues based on DSCP values instead of IPP.
Solution

Configure PBS in the CAR to a non-0 value (it is recommended to configure the PBS to be the same as CBS) or use double-bucket rate limitation (configure CIR, CBS, PIR, and PBS).

 traffic classifier ipp2 operator or
  if-match ip-precedence 2
 traffic behavior CTVPN52008
 car cir 16768 cbs 2432000 pbs 2432000 green pass red discard
Suggestions
On NE80E, packets were mapped to queues based on DSCP values instead of IPP. Therefore, some packets may be colored incorrectly after entering NE80E if the trust upstream was the default domain. To address this problem, change related IP-DSPC mapping in the default domain.

END