It is very messy, but until we get a Supervisor/MSFC/PFC that can police on egress vlan... We have two bgp sessions with our provider, one that distributes I2 routes, and the other, default. Each points to the other end of their respective /30 subnets on their own vlan on an 802.1q trunk (set up manually, not using VTP. This box is connected to two separate layer 2 cores via two /29s (via 802.1q trunks). Once /29 is the "Commodity" (ie. we must pay) vlan, and has the default-information-originate. Then, the other /29 has its own ospf process (like i said, messy). We redistribute the bgp I2 routes into that ospf process, using as-path filters. Now at the two cores, when traffic for the commodity traffic comes in, it goes to the border router via one vlan, research/I2 traffic the other. We are then able to filter on the ingress vlan on the border router. Now, for you, if don't have a situation where some of your external traffic needs rate-limited, while some can flow as fast and free as it wants, then you just need to do in-bound rate limiting, coming from your internal network to your border router. What sucks for us, is that since we are not experiencing any congestion on our internal network, we can't take advantage of wfq or wred. That was as simple as i could put it, if you have other questions, please ask. --On Tuesday, July 16, 2002 11:41 AM -0400 Alex Rubenstein <alex@nac.net> wrote:
Is this link in production? We are using a gigabit ethernet to our provider. We are limited on our traffic going to Commodity traffic, but have free reign on our Internet 2 traffic. We found that we get the best results when we shape/police our traffic to stay within our contractual limits, on our side of the link. Since we are using a 6509 with a Sup1A, we had to do some tricky things to police traffic on only one vlan of an 802.1q trunk on the gigE connection. It works though. We see insignificant losses on the link.
can you share how you are doing this?
Hybrid or integrated?
good luck!
Peter Hill Network Engineer Carnegie Mellon University
-- Alex Rubenstein, AR97, K2AHR, alex@nac.net, latency, Al Reuben -- -- Net Access Corporation, 800-NET-ME-36, http://www.nac.net --