QOS Traffic Marking and Directing
Packet classification is pivotal to policy techniques that select packets traversing a network element or a particular interface for different types of QoS service. For example, you can use classification to mark certain packets for IP Precedence and you can identify others as belonging to a Resource Reservation Protocol (RSVP) flow.
Access-lists can be used to identify traffic for classification, based on address or port. However, a more robust solution is Cisco’s Network-Based Application Recognition (NBAR), which will dynamically recognize standard or custom applications, and can classify based on payload.
In this scenario I have 3 routers. Router CE1 as a client router should mark traffic from different subnets and attach the IP Precedence (CoS) as a 3bit field in the Layer 2 frame. Marking Ethernet frames is accomplished using the 3-bit 802.1p Class of Service (CoS) field. The CoS field is part of the 4-byte 802.1Q field in an Ethernet header, and thus is only available when 802.1Q VLAN frame tagging is employed.
The second router ISP is configured with a service policy that will check the CoS precedence marking and then convert them with DSCP markings. Differentiated Service Code Point (DSCP) – uses the first six bits of the ToS field. When using DSCP, the ToS field is often referred to as the Differentiated Services (DS) field.
The third router DC1 will have an inbound policy configured to match the DSCP classified traffic and log the changes, with a simple rule to drop some packets from a particular subnet.
Let us start with some basic configuration of the CE1 router. And on the two other routers we setup only basic routing and interface addressing commands.
hostname CE1
!
interface Loopback0
ip address 5.5.5.5 255.255.255.0
!
interface Loopback1
ip address 6.6.6.6 255.255.255.0
!
interface Loopback2
ip address 7.7.7.7 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.252
service-policy output TRAFFIC
!
ip route 0.0.0.0 0.0.0.0 192.168.1.2
!
access-list 5 permit 5.5.5.5
access-list 6 permit 6.6.6.6
access-list 7 permit 7.7.7.7
The ISP router command scripts:
hostname ISP
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
!
interface FastEthernet1/0
ip address 172.16.1.1 255.255.255.252
service-policy output TRANSLATE
!
ip route 5.5.5.0 255.255.255.0 192.168.1.1
ip route 6.6.6.0 255.255.255.0 192.168.1.1
ip route 7.7.7.0 255.255.255.0 192.168.1.1
ip route 99.99.99.0 255.255.255.0 172.16.1.2
And the DC1 router , the initial connectivity command scripts:
hostname DC1
!
interface Loopback0
ip address 99.99.99.99 255.255.255.0
!
interface FastEthernet0/0
ip address 172.16.1.2 255.255.255.252
service-policy input DIRECT
!
ip route 0.0.0.0 0.0.0.0 172.16.1.1
As we can see on further scripts, we have configure three access lists that are used to capture the loopback traffic. Now we should configure the class-maps from those access-groups. And then a service-policy to se the correct precedence on the particular traffic.
class-map match-all Loop0
match access-group 5
class-map match-all Loop1
match access-group 6
class-map match-all Loop2
match access-group 7
!
policy-map TRAFFIC
class Loop0
set precedence 0
class Loop1
set precedence 1
class Loop2
set precedence 2
This policy will be applied to the output interface of the CE1 router. Next policy will be the input policy of the ISP router that will remap the CoS to DSCP. I will apply it to the interface connected to the DC1 router. These policies can also be applied to the SVI interfaces. The policy is called TRANSLATE.
class-map match-all PR2
match precedence 2
class-map match-all PR0
match precedence 0
class-map match-all PR1
match precedence 1
!
policy-map TRANSLATE
class PR0
set dscp af11
class PR1
set dscp af12
class PR2
set dscp af13
And finally the policy on the DC1 router will capture the AFxx DSCP markings and drop some packets, and the other ones will be logged.
class-map match-all AF12
match dscp af12
class-map match-all AF13
match dscp af13
class-map match-all AF11
match dscp af11
!
policy-map DIRECT
class AF11
drop
class AF12
class AF13
To test the settings I will throw away a couple of ping from the CE1 router to the DC1 router. We can notice that the traffic that is classified with AF11 is dropped. And there are many features that can be done. So let us see the results.
To see the QOS statistics for each classified subnet on the DC1 router, we can use the show policy interface command to see if the chain is finished.
And we have the final results. For every class-map we have different packet count, as I was expecting. This is because I have sent different ping requests to see if all of the packets are captured diferently, and they were. So CoS and DSCP chain is working great.
Feel free to comment.
No comments:
Post a Comment