13-3
Cisco SCE 2000 and SCE 1000 Software Configuration Guide
OL-7827-12
Chapter 13 MPLS/VPN Support
What are the Challenges for Service Control for MPLS/VPN Support?
What are the Challenges for Service Control for MPLS/VPN
Support?
•
Private IP addresses cause flows to look the same except for their MPLS labels.
•
The MPLS labels are different in each direction, and must be matched.
•
Detecting that a flow belongs to a certain VPN is complicated by the fact that in the downstream
direction there is no external label. The SCE platform must be able to understand the VPN
information from the internal label + the MAC address of the PE.
How MPLS/VPN Support Works
Service Control supports three mechanisms that make MPLS/VPN support work:
•
Flow detection – This is the job of the SCE platform, to match upstream and downstream traffic to
identify flows.
•
VPN detection – Downstream VPN labels are identified by the SM. The SCE platform learns the
upstream labels from the traffic to identify the VPN.
•
Subscriber detection – The SM and the SCE platform function together to identify the IP range
within a VPN that is defined as a single subscriber.
Flow Detection
Flow detection is the process of deciding which packets belong to the same flow. This relates to the first
two challenges listed:
•
Private IP addresses cause flows to look the same except for their MPLS labels.
•
The MPLS labels are different in each direction, and must be matched.
Flow detection is based on the MPLS labels, extending the basic 5 tuple that SCOS uses to identify flows,
and taking into account the fact that in MPLS, the packet is labeled differently in each direction.
Since MPLS traffic is unidirectional, each direction is classified separately by the SCE platform, using
the following:
•
Downstream – the BGP label and the MAC address of the PE (only one label that is relevant to the
classification)
Downstream labels are learned from the control plane (through the SM BGP LEG).
•
Upstream – the combination of the external label, the BGP label, and the MAC address of the P
router (two labels that are relevant to the classification)
Upstream labels are learned from the data plane.