Proper QoS configuration and functionality requires three basic mechanisms to work effectively; marking, classify, and scheduling packets. Typically this is done using the QoS MQC interface by creating class-maps that define matching criteria using ACL's, protocol, IP Precedence, and other options. Today's lab will review these features along with how to test that you are marking and classifying traffic correctly.
Concepts tested
- Classifying traffic based on access-list and class map classification mechanisms
- Marking classified traffic
- Verifying proper classification and marking of QoS traffic
- Using IP SLA to generate testing traffic
Topology
Lab Tasks
- Configure an MCQ on R1's interface to R3 with the following configuration.
- Mark HTTP traffic from servers on the 11.0.0.0/24 network with IP Precedence 2.
- Mark ICMP packets with IP precedence 3 down to IP precedence 0, do not use an access list to accomplish this.
- Mark all VOIP traffic from the 11.0.0.0/24 network using TCP ports in the range 16384 - 32767 DSCP EF and guarantee 10 Mbps priority bandwidth for that traffic.
- All other traffic should be marked as IP precedence 1
- Verify configuration is working as intended by generating traffic
GNS3 configuration file, requires IOS v15 for the 7200 router: Link
Solution
R1 configuration
R1(config)#ip access-list ext HTTP
R1(config-ext-nacl)#permit tcp any eq www any
R1(config-ext-nacl)#ip access-list ext VOIP
R1(config-ext-nacl)#permit udp 11.0.0.0 0.0.255.255 any range 16384 32767
R1(config-ext-nacl)#class-map HTTP
R1(config-cmap)#match access-group name HTTP
R1(config-cmap)#class-map ICMP
R1(config-cmap)#match protocol icmp
R1(config-cmap)#match ip precedence 3
R1(config-cmap)#class-map VOIP
R1(config-cmap)#match access-group name VOIP
R1(config)#policy-map POLICY1
R1(config-pmap)#class HTTP
R1(config-pmap-c)#set ip precedence 2
R1(config-pmap-c)#class ICMP
R1(config-pmap-c)#set ip precedence 0
R1(config-pmap-c)#class VOIP
R1(config-pmap-c)#set ip precedence 5
R1(config-pmap-c)#priority 10000
R1(config-pmap-c)#class class-default
R1(config-pmap-c)#set ip precedence 1
R1(config)#interface gig1/0
R1(config-if)#service-policy out POLICY1
R1(config-if)#load-interval 30
R1(config-if)#load-interval 30
R2 configuration
R2(config)#ip sla 1
R2(config-ip-sla)#$3 1111 source-port 80 source-ip 11.0.2.2 control disable
R2(config-ip-sla-tcp)#threshold 500
R2(config-ip-sla-tcp)#timeout 500
R2(config-ip-sla-tcp)#frequency 1
R2(config-ip-sla-tcp)#exit
R2(config)#ip sla schedule 1 start-time now life forever
R3 configuration
For IP SLA 1 on R2:
R3(config)#ip sla responder
Verification
Lets begin verification by testing our HTTP class map. We can do this by configuring Web1 which is an IOS router as a web server and copying a file down to R3.
Start by configure Web1 as an HTTP server and creating a file to download.
Web(config)#ip http server
Web(config)#ip http path flash:
Web(config)#ip http authentication local
Web(config)#username admin priv 15 password CCIE
Web(config)#end
Web#show tech-support | redirect flash:testfile.txt
Then we initiate a copy operation from R3 from Web1. Make sure to clear counters on R1 so you can get clean numbers.
R3#copy http://admin:CCIE@11.0.4.4/testfile.txt null:
Accessing http://*****:*****@11.0.4.4/testfile.txt...
Loading http://**********@11.0.4.4/testfile.txt !!
202711 bytes copied in 8.240 secs (24601 bytes/sec)
R1#sh policy-map interface | b Class-map: HTTP
Class-map: HTTP (match-all)
397 packets, 228073 bytes
30 second offered rate 8000 bps, drop rate 0000 bps
Match: access-group name HTTP
QoS Set
precedence 2
Packets marked 397
R1#sh access-lists
Extended IP access list HTTP
10 permit tcp any eq www any (397 matches)
R3(config)#ip sla responder
R2(config)#ip sla 1
R2(config-ip-sla)#$ 32767 codec g729a source-ip 11.0.2.2 control enable
R2(config-ip-sla-jitter)#frequency 5
R2(config-ip-sla-jitter)#timeout 5000
R2(config-ip-sla-jitter)#threshold 5000
R2(config-ip-sla-jitter)#ip sla schedule 1 life forever start-time now
Class-map: VOIP (match-all)
135 packets, 9990 bytes
30 second offered rate 3000 bps, drop rate 0000 bps
Match: access-group name VOIP
QoS Set
precedence 5
Packets marked 223
Priority: 10000 kbps, burst bytes 250000, b/w exceed drops: 0
R2#ping
Protocol [ip]:
Target IP address: 120.0.13.3
Repeat count [5]: 25
Datagram size [100]: 1400
Timeout in seconds [2]: 1
Extended commands [n]: y
Source address or interface: 11.0.2.2
Type of service [0]: 96
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 25, 1400-byte ICMP Echos to 120.0.13.3, timeout is 1 seconds:
Packet sent with a source address of 11.0.2.2
!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (25/25), round-trip min/avg/max = 44/58/72 ms
R1#sh policy-map interface | b Class-map: ICMP
Class-map: ICMP (match-all)
25 packets, 35350 bytes
30 second offered rate 5000 bps, drop rate 0000 bps
Match: protocol icmp
Match: ip precedence 3
QoS Set
precedence 0
Packets marked 25
Finally we can confirm the default class by looking at the queue counters.
R1#sh policy-map interface | b Class-map: class-default
Class-map: class-default (match-any)
278 packets, 26085 bytes
30 second offered rate 0000 bps, drop rate 0000 bps
Match: any
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 677/289508
QoS Set
precedence 1
Packets marked 278
And that completes our lab
Sources:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/qos_class_mark_police.html
Sources:
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SY/configuration/guide/sy_swcg/qos_class_mark_police.html
No comments:
Post a Comment