I'm having trouble implementing DiffServ over an MPLS network, since the Mangle rules don't seem to examine packets that have an MPLS label and there doesn't seem to be a way to force it to do so.
Test network is as follows:
Router1 - Router2 - Router3
Router1 mangles packets and sets DSCP to 46 (EF), with a 3 Mbps ingress policing. It's the ingress edge of the MPLS network.
Router2 is MPLS core. It has queues implemented that on a non-MPLS network (re)classify and schedule traffic as follows:
Code: Select all
[admin@Router2] /ip firewall> mangle print
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Already marked packets are considered "trusted", so we'll honor their DSCPs and won't inspect them (which is faster)
chain=forward action=mark-packet new-packet-mark=ef passthrough=no dscp=46
[admin@Router2] /queue tree> print
5 ;;; Traffic to CanBonastre (video feed)
name="1.1-ef" parent=ether2 packet-mark=ef limit-at=3M queue=ef-pfifo
priority=1 max-limit=3M burst-limit=0 burst-threshold=0 burst-time=0s
6 name="1.2-af11" parent=ether2 packet-mark=af11 limit-at=0 queue=tcp-wred
priority=2 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
7 name="1.3-af12" parent=ether2 packet-mark=af12 limit-at=0 queue=tcp-wred
priority=3 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
8 name="1.4-af13" parent=ether2 packet-mark=af13 limit-at=0 queue=tcp-wred
priority=7 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s
9 name="1.5-be" parent=ether2 packet-mark=no-mark,best-effort limit-at=0
queue=tcp-wred priority=8 max-limit=0 burst-limit=0 burst-threshold=0
burst-time=0s
The thing is, if MPLS is enabled in Router2 the ip mangle doesn't match the DSCP value within the packet (and therefore sends it to the 1.5-be queue since the packet-mark is "no-mark", instead of marking it with packet-mark "ef" and sending it to 1.1-ef queue.)
Is there any way to force the firewall mangle rule to examine and match the MPLS-tagged packet contents, so that it can then police it?
I'm aware of the other industry common implementation (using EXP bits to classify/police within MPLS), but I haven't been able either to set up a filter to match MPLS EXP bits and then police the traffic with a queue tree. I've read this http://wiki.mikrotik.com/wiki/Manual:MP ... _behaviour and tried to set up an IP Mangle rule (Matching Advanced > "Ingress Priority" and using Action "set priority"), and that doesn't seem to work.
If I disable MPLS, then the DiffServ domain scheduling, policing and classification works OK. It's just the Mangle/classifier that doesn't work with MPLS tagged packets.
Any suggestions on how to do this? Is it just me or is this feature really not implemented?
Regards,
Aleix