DONATE


Author Image
QOS Internetworks Edgar C Francis

I am CCIE Technical Instructor/Network consultant. i am having experience of ranging from operating and maintaining PCs and peripherals to network control programs for multi-faceted data communication networks in LAN,MAN, and WAN environm.

Contact Me

Wednesday, February 2, 2022

What is Weighted Random Early Detection? How to configure WRED?

 Queuing mechanisms we have discus like LLQ is about managing the front of our queues. RED (Random Early Detection) is about managing the tail of our queue.

When a queue is full, IOS has no place to put newly arriving packets, so it discards them this phenomenon is called tail drop.

by default, queues use their maximum size, and then if any new packets arrived it will discard them until there is space again in the queue. yes dropped packets may cause significant application performance degradation when the router interface experiences congestion when the output queue is full. 



 Tail drop is bad for the overall network, especially for TCP traffic, and especially for TCP because when packets are lost, for whatever reason, TCP senders slow their rate of sending data. When tail drops occur and multiple packets are lost, the TCP connections slow even more. 

The TCP window size increases automatically but when TCP segments are dropped, it reduces back to one segment. The window size then grows exponentially until it reaches half the window size of what it was when the congestion occurred. The TCP window size then grows linearly. This process is called a slow start. Meaning that the overall network load tends to drop after multiple packets are tailed dropped. 

Interestingly, overall throughput can be improved by discarding a few packets as queues begin to fill, rather than waiting for the larger impact of tail drops. cisco created weighted random early detection (WRED). Weighted random early detection Cisco iso deployment of red Add weight (precedence / DSCP) Selectively prefer to drop packets with lower QoS markings. Can be applied on the interface or class level.

 Now the question is how WRED works?



 

 

Whenever the average queue depth is below the minimum threshold (20), WRED will not drop any packets at all. Until the average queue depth is above the minimum threshold (20), WRED will start to drop a small number of any (random) packets. If the average queue depth increases, even more, WRED will start dropping a larger percentage of random packets until it will reach the maximum threshold (45). If the average queue depth reaches the maximum threshold (45), WRED drops all packets. The MPD (25%) is the number of packets that WRED drops when we hit the maximum threshold (45).

MPD (mark probability denominator) IOS calculates the discard percentage used at the maximum threshold based on the simple formula 1/MPD.

Enough talk now. Let’s see how to configure WRED with IP Precedence and DSCP this tech.


Topology:




Goal: 

  • configure the topology as per the diagram 
  • configure IP addresses to their ports as per the topology 
  • configure OSPF 1 routing between router 1 and router 2
  • configure WRED default MPD (mark probability denominator)
  • configure WRED using IP precedence on router 1 with the following terms.

1. traffic marking with IPP value 0 and 1 allow 22 percent bandwidth 

2. traffic marking with IPP value 2 and 3 allow 27 percent bandwidth

3. traffic marking with IPP value 4 and  allow 30 percent bandwidth


R1(config)#interface serial 4/0

R1(config-if)#ip address 192.168.1.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#exit


R1(config)#interface fastEthernet 0/0

.R1(config-if)#ip address 172.16.1.1 255.255.0.0

R1(config-if)#no keepalive

R1(config-if)#no shutdown

R1(config-if)#exit


R1(config)#interface loopback 0

R1(config-if)#ip address 10.1.1.1 255.0.0.0

R1(config-if)#no shutdown

R1(config-if)#exit



R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 172.16.1.2 255.255.0.0
R2(config-if)#no keepalive
R2(config-if)#no shutdown
R2(config-if)#exit

R2(config)#int loopback 0
R2(config-if)#ip address 20.1.1.1 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#exit


R1(config)#router ospf 1

R1(config-router)#network 192.168.1.0 255.0.0.0 area 0

R1(config-router)#network 172.16.0.0 255.255.0.0 area 0

R1(config-router)#network 10.0.0.0 255.255.255.0 area 0

R1(config-router)#exit


*Feb  2 13:15:23.675: %OSPF-5-ADJCHG: Process 1, Nbr 20.1.1.1 on Serial4/0 from LOADING to FULL, Loading Done

R2(config)#router ospf 1
R2(config-router)#network 192.168.1.0 255.0.0.0 area 0
R2(config-router)#network 172.16.0.0 255.255.0.0 area 0
R2(config-router)#network 10.0.0.0 255.255.255.0 area 0
R2(config-router)#exit


*Feb  2 13:15:01.195: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.1.1 on Serial4/0 from LOADING to FULL, Loading Done



R1(config)#class-map WRED0_1

R1(config-cmap)#match ip precedence 0 1

R1(config-cmap)#exit


R1(config)#class-map WRED2_3

R1(config-cmap)#match ip precedence 2 3

R1(config-cmap)#exit


R1(config)#class-map WRED4_5

R1(config-cmap)#match ip precedence 4 5

R1(config-cmap)#exit



R1(config)#policy-map prec_WRED

R1(config-pmap)#class WRED0_1

R1(config-pmap-c)#bandwidth percent 22

R1(config-pmap-c)#random-de

R1(config-pmap-c)#random-detect ?

  atm-clp-based                   Enable atm-clp-based WRED as drop policy

  clp                             parameters for each clp value

  cos                             parameters for each cos value

  cos-based                       Enable cos-class-based WRED as drop policy

  discard-class                   parameters for each discard-class value

  discard-class-based             Enable discard-class-based WRED as drop

                                  policy

  dscp                            parameters for each dscp value

  dscp-based                      Enable dscp-based WRED as drop policy

  ecn                             explicit congestion notification

  exponential-weighting-constant  weight for mean queue depth calculation

  precedence                      parameters for each precedence value

  precedence-based                Enable precedence-based WRED as drop policy

  <cr>


R1(config-pmap-c)#random-detect

R1(config-pmap-c)#random-detect precedence 0 20 40 10

R1(config-pmap-c)#random-detect precedence 1 24 40 10

R1(config-pmap-c)#exit


R1(config-pmap)#class WRED2_3

R1(config-pmap-c)#bandwidth percent 27

R1(config-pmap-c)#random-detect

R1(config-pmap-c)#random-detect precedence 2 26 40 10

R1(config-pmap-c)#random-detect precedence 3 29 40 10

R1(config-pmap-c)#exit


R1(config-pmap)#class WRED4_5

R1(config-pmap-c)#bandwidth percent 30

R1(config-pmap-c)#random-detect

R1(config-pmap-c)#random-detect precedence 4 31 40 10

R1(config-pmap-c)#random-detect precedence 5 33 40 10

R1(config-pmap-c)#exit

R1(config-pmap)#exit


R1(config)#interface serial 4/0

.R1(config-if)#service-policy output prec_WRED

R1(config-if)#

R1(config-if)#exit










R1#show policy-map interface serial 4/0
 Serial4/0

  Service-policy output: prec_WRED

    Class-map: WRED0_1 (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: ip precedence 0  1
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 0/0
      bandwidth 22% (339 kbps)
        Exp-weight-constant: 9 (1/512)
        Mean queue depth: 0 packets
        class       Transmitted         Random drop      Tail drop          Minimum        Maximum     Mark
                pkts/bytes            pkts/bytes       pkts/bytes          thresh         thresh     prob

        0               0/0               0/0              0/0                 20            40  1/10
        1               0/0               0/0              0/0                 24            40  1/10
        2               0/0               0/0              0/0                 24            40  1/10
        3               0/0               0/0              0/0                 26            40  1/10
        4               0/0               0/0              0/0                 28            40  1/10
        5               0/0               0/0              0/0                 30            40  1/10
        6               0/0               0/0              0/0                 32            40  1/10
        7               0/0               0/0              0/0                 34            40  1/10

    Class-map: WRED2_3 (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: ip precedence 2  3
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 0/0
      bandwidth 27% (416 kbps)
        Exp-weight-constant: 9 (1/512)
        Mean queue depth: 0 packets
        class       Transmitted         Random drop      Tail drop          Minimum        Maximum     Mark
                pkts/bytes            pkts/bytes       pkts/bytes          thresh         thresh     prob

        0               0/0               0/0              0/0                 20            40  1/10
        1               0/0               0/0              0/0                 22            40  1/10
        2               0/0               0/0              0/0                 26            40  1/10
        3               0/0               0/0              0/0                 29            40  1/10
        4               0/0               0/0              0/0                 28            40  1/10
        5               0/0               0/0              0/0                 30            40  1/10
        6               0/0               0/0              0/0                 32            40  1/10
        7               0/0               0/0              0/0                 34            40  1/10

    Class-map: WRED4_5 (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: ip precedence 4  5
      Queueing
      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 0/0
      bandwidth 30% (463 kbps)
        Exp-weight-constant: 9 (1/512)
        Mean queue depth: 0 packets
        class       Transmitted         Random drop      Tail drop          Minimum        Maximum     Mark
                pkts/bytes            pkts/bytes       pkts/bytes          thresh         thresh     prob

        0               0/0               0/0              0/0                 20            40  1/10
        1               0/0               0/0              0/0                 22            40  1/10
        2               0/0               0/0              0/0                 24            40  1/10
        3               0/0               0/0              0/0                 26            40  1/10
        4               0/0               0/0              0/0                 31            40  1/10
        5               0/0               0/0              0/0                 33            40  1/10
        6               0/0               0/0              0/0                 32            40  1/10
        7               0/0               0/0              0/0                 34            40  1/10

    Class-map: class-default (match-any)
      19 packets, 1622 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any

      queue limit 64 packets
      (queue depth/total drops/no-buffer drops) 0/0/0
      (pkts output/bytes output) 19/1622


R1#show policy-map
  Policy Map prec_WRED
    Class WRED0_1
      bandwidth 22 (%)
       packet-based wred, exponential weight 9

      class    min-threshold    max-threshold    mark-probablity
      ----------------------------------------------------------
      0       20               40               1/10
      1       24               40               1/10
      2       -                -                1/10
      3       -                -                1/10
      4       -                -                1/10
      5       -                -                1/10
      6       -                -                1/10
      7       -                -                1/10
    Class WRED2_3
      bandwidth 27 (%)
       packet-based wred, exponential weight 9

      class    min-threshold    max-threshold    mark-probablity
      ----------------------------------------------------------
      0       -                -                1/10
      1       -                -                1/10
      2       26               40               1/10
      3       29               40               1/10
      4       -                -                1/10
      5       -                -                1/10
      6       -                -                1/10
      7       -                -                1/10
    Class WRED4_5
      bandwidth 30 (%)
       packet-based wred, exponential weight 9

      class    min-threshold    max-threshold    mark-probablity
      ----------------------------------------------------------
      0       -                -                1/10
      1       -                -                1/10
      2       -                -                1/10
      3       -                -                1/10
      4       31               40               1/10
      5       33               40               1/10
      6       -                -                1/10
      7       -                -                1/10

(In the next section we are going to configure DSCP)





by at No comments:
Tags:

Friday, October 22, 2021

What is LLQ (Low Latency Queuing) and CBWFQ (Class-Based Weighted Fair Queuing)? How to configure LLQ and CBWFQ?

 LLQ (Low Latency Queuing) 

 CBWFQ (Class-Based Weighted Fair Queuing)



Cisco created CBWFQ and LLQ using some of the best concepts from legacy queuing methods. PQ and CQ as well as WFQ while adding several features.




LLQ low-latency queuing is developed by Cisco and it provides strict priority queuing to CBWFQ (class-based weighted fair queueing. Low-latency queuing provides delay-sensitive data like VoIP traffic to be given more preferential treatment over other traffic by letting the data be dequeued and sent first.  

CBWFQ (Class-Based Weighted Fair Queuing) it's a scheduling mechanism that allows a  minimum bandwidth guarantee when the network congestion occurs on an interface. 

CBWFQ is used to provide traffic classes during times of network congestion at an interface. Each of the CBWFQ queues is assigned a weight, and the packets are treated from the queues based upon the weight of the queue.CBWFQ and LLQ both support 64 queues/classes and also have one special queue called the class-default queue. LLQ and CBWFQ are both tools that use MQC and NBAR for configuration. there is one drawback in CBWFQ is VoIP traffic suffers an unacceptable delay. 





Advantage of LLQ

LLQ provides all the benefits of CBWFQ (Class-Based Weighted Fair Queuing), including the capability of the user to queue and guarantees each queue an appropriate amount of bandwidth and to apply WRED to each of the queues (except to the strict-priority queue). 

LLQ combines priority queuing and CBWFQ and provides Strict priority queueing for sensitive traffic like VoIP and video. LLQ also reduces latency/jitter for communications.


let's see the configuration for a better understanding of LLQ and CBWFQ.


Topology:-



Goal:-

  • configure the topology as per the diagram above.
  • configure IP addresses to their ports
  • configure EIGRP AS 65120 and advertise directly connected interfaces.
  • configure CBWFQ tool on router 1 
  • configure ICMP bandwidth 18 percent, FTP bandwidth 28 and HTTP bandwidth 38.
  • configure LLQ tool on router 3
  • configure VoIP priority 192, ICMP bandwidth 120, HTTP priority 10 and FTP priority 15.
  • The rest of the traffic use WFQ.


R1(config)#interface serial 4/0

R1(config-if)#ip address 192.168.10.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#exit


R1(config)#interface fastEthernet 0/0

R1(config-if)#ip address 10.1.1.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#no keepalive

R1(config-if)#exit


R2(config)#interface serial 4/0

R2(config-if)#ip address 192.168.10.2 255.255.255.0

R2(config-if)#no shutdown

R2(config-if)#exit


R2(config)#interface fastEthernet 0/0

R2(config-if)#ip address 20.1.1.1 255.255.255.0

R2(config-if)#no shutdown

R2(config-if)#no keepalive

R2(config-if)#exit


R2(config)#interface serial 4/1

R2(config-if)#ip address 23.1.1.1 255.255.255.0

R2(config-if)#no shutdown

R2(config-if)#exit


R3(config)#interface serial 4/1

R3(config-if)#ip address 23.1.1.2 255.255.255.0

R3(config-if)#no shutdown

R3(config-if)#exit


R3(config)#interface fastEthernet 0/0

R3(config-if)#ip address 30.1.1.1 255.255.255.0

R3(config-if)#no keepalive

R3(config-if)#no shutdown

R3(config-if)#exit



R1(config)#router eigrp 65120

R1(config-router)#network 192.168.10.0

R1(config-router)#network 10.0.0.0

R1(config-router)#no auto-summary

R1(config-router)#exit



R2(config)#router eigrp 65120
R2(config-router)#network 192.168.10.0
R2(config-router)#network 192.168.10.0
R2(config-router)#network 20.0.0.0
R2(config-router)#network 23.1.1.0
R2(config-router)#no auto-summary
R2(config-router)#exit

R3(config)#router eigrp 65120
R3(config-router)#network 23.1.1.0
R3(config-router)#network 30.0.0.0
R3(config-router)#no auto-summary
R3(config-router)#exit

R1(config)#class-map ICMP-TRAFFIC

R1(config-cmap)#match protocol icmp

R1(config-cmap)#class-map HTTP-TRAFFIC

R1(config-cmap)#match protocol http

R1(config-cmap)#class-map FTP-TRAFFIC

R1(config-cmap)#match protocol ftp

R1(config-cmap)#exit


R1(config)#policy-map CBWFQ-QUEUE

R1(config-pmap)#class ICMP-TRAFFIC

R1(config-pmap-c)#bandwidth percent 18

R1(config-pmap-c)#class HTTP-TRAFFIC

R1(config-pmap-c)#bandwidth percent 38

R1(config-pmap-c)#exit



R1(config-pmap)#policy-map CBWFQ-QUEUE

R1(config-pmap)#class FTP-TRAFFIC

R1(config-pmap-c)#bandwidth percent 28

R1(config-pmap-c)#exit

R1(config-pmap)#class class-default

R1(config-pmap-c)#exit

R1(config-pmap)#exit


R1(config)#interface serial 4/0

R1(config-if)#service-policy output CBWFQ-QUEUE

R1(config-if)#END


R1#show policy-map interface serial 4/0

 Serial4/0


  Service-policy output: CBWFQ-QUEUE


    Class-map: ICMP-TRAFFIC (match-all)

      0 packets, 0 bytes

      5 minute offered rate 0000 bps, drop rate 0000 bps

      Match: protocol icmp

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 0/0

      bandwidth 18% (277 kbps)


    Class-map: HTTP-TRAFFIC (match-all)

      0 packets, 0 bytes

      5 minute offered rate 0000 bps, drop rate 0000 bps

      Match: protocol http

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 0/0

      bandwidth 38% (586 kbps)


    Class-map: FTP-TRAFFIC (match-all)

      0 packets, 0 bytes

      5 minute offered rate 0000 bps, drop rate 0000 bps

      Match: protocol ftp

      Queueing

      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 0/0

      bandwidth 28% (432 kbps)


    Class-map: class-default (match-any)

      2 packets, 48 bytes

      5 minute offered rate 0000 bps, drop rate 0000 bps

      Match: any


      queue limit 64 packets

      (queue depth/total drops/no-buffer drops) 0/0/0

      (pkts output/bytes output) 2/48


 

R1#show run policy-map

Building configuration...


Current configuration : 185 bytes

!

policy-map CBWFQ-QUEUE

 class ICMP-TRAFFIC

  bandwidth percent 18

 class HTTP-TRAFFIC

  bandwidth percent 38

 class FTP-TRAFFIC

  bandwidth percent 28

 class class-default

!

end


R1#show run class-map

Building configuration...


Current configuration : 168 bytes

!

class-map match-all FTP-TRAFFIC

 match protocol ftp

class-map match-all ICMP-TRAFFIC

 match protocol icmp

class-map match-all HTTP-TRAFFIC

 match protocol http

end




FROM ROUTER 2 















FROM ROUTER 1












Read more »
by at No comments:
Tags:

Tuesday, October 19, 2021

What is the queue? How do software and hardware queues work? Congestion management using Queuing.

Routers use a queue to store traffic until it can be processed or serialized. switches and router interfaces have ingress (inbound) queues and egress (outbound) queues. An ingress (inbound) queue stores packets until the switch or router CPU can forward the data to the appropriate interface.




Cisco routers can be configured to perform well queuing for packets that are waiting to exit an interface. Queues are buffers in devices that hold data to be processed. Queues provide bandwidth reservation and prioritization of traffic as it enters or leaves a network device. If the queues are not emptied, they overflow and drop traffic.

We have two types of queues and fancy queueing QoS tools like CBWFQ  & LLQ.

Hardware queue 

Software queue 

Hardware queues provide the following features:

  • When an interface finishes sending a packet, the next packet from the hardware queue can be encoded and sent out the interface, without ensuring a software interrupt to the CPU—ensuring full use of interface bandwidth.
  • Always use FIFO logic first in first out.
  • Cannot be affected by IOS queuing tools.
  • IOS automatically shrinks the length of the hardware queue to a smaller length than the default when a queuing tool is present.
  • Short hardware queue length means packets are more likely to be in the controllable software queues, giving the software queuing more control of the traffic leaving the interface.
  • The only function of a hardware queue that can be manipulated is the length of the queue.

Congestion management using Queuing

Congestion can occur at any point in the network where there are points of speed mismatches or aggregation, Speed mismatches are the most typical cause of congestion. when the packets travel from LAN to WAN. Generally, a full hardware queue indicates interface congestion and software queuing is used to manage it. The software queuing system can be selected and configured depending on the platform and Cisco IOS version. Queuing manages congestion to provide bandwidth and delay guarantees.



Creation of queues. Assignment of packets to those queues based on the classification of the packets, and scheduling of the packets in a queue for transmission. Allow us to control congestion by determining the order in which packets are sent out an interface based on priorities assigned to those packets. 

by at No comments:
Tags: ,

Thursday, October 14, 2021

What is Marking in QoS ? How to mark packets?

 In this section, we are going to discuss and look at the configuration of marking packets. When we set the TOS (Type of Service) byte with an IP Precedence value or DSCP value this is marking.  In case if you don’t know what is Classification, IP precedence, or DSCPcolor code value click here. I'm assuming you understand Classification.

What is Quality of Service (QOS)?

What is Modular Quality of service CLI (MQC)?

What is Classification and marking? What are IP Precedence and DSCP Values? What is AF and EF?





Let see the configuration:-

Topology:-



Goal:-

  • configure the topology as per the diagram. 
  • configure IP addresses as per the topology. 
  • configure EIGRP AS 65100 and advertise all the directly connected interfaces.
  • configure marking on router 1 to mark the packets coming from FastEthernet 0/0 and fwd to router 3 with IP precedence 2 value.
  • configure  IP precedence of 3 to ICMP packets on router 2.


R1(config)#interface serial 4/0

R1(config-if)#ip address 12.1.1.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#exit


R1(config)#interface fastEthernet 0/0

R1(config-if)#ip address 192.168.10.1 255.255.255.0

R1(config-if)#no shutdown

R1(config-if)#no keepalive

R1(config-if)#exit


R1(config)#interface loopback 0

R1(config-if)#ip address 1.1.0.1 255.255.255.0

R1(config-if)#interface loopback 1

R1(config-if)#ip address 1.1.1.1 255.255.255.0

R1(config-if)#interface loopback 2

R1(config-if)#ip address 1.1.2.1 255.255.255.0

R1(config-if)#interface loopback 3

R1(config-if)#ip address 1.1.3.1 255.255.255.0

R1(config-if)#exit


R2(config)#interface serial 4/0

R2(config-if)#ip address 12.1.1.2 255.255.255.0

R2(config-if)#no shutdown

R2(config-if)#exit


R2(config)#interface serial 4/1

R2(config-if)#ip address 23.1.1.1 255.255.255.0

R2(config-if)#no shutdown

R2(config-if)#exit


R2(config)#interface fastEthernet 0/0

R2(config-if)#ip address 192.168.20.1 255.255.255.0

R2(config-if)#no shutdown

R2(config-if)#no keepalive

R2(config-if)#exit


R2(config)#interface loopback 0

R2(config-if)#ip address 2.2.0.2 255.255.255.0

R2(config-if)#interface loopback 1

R2(config-if)#ip address 2.2.1.2 255.255.255.0

R2(config-if)#interface loopback 2

R2(config-if)#ip address 2.2.2.2 255.255.255.0

R2(config-if)#interface loopback 3

R2(config-if)#ip address 2.2.3.2 255.255.255.0

R2(config-if)#exit


R3(config)#interface serial 4/1

R3(config-if)#ip address 23.1.1.2 255.255.255.0

R3(config-if)#no shutdown

R3(config-if)#exit


R3(config)#interface fastEthernet 0/0

R3(config-if)#ip address 192.168.30.1 255.255.255.0

R3(config-if)#no keepalive

R3(config-if)#exit


R3(config)#interface loopback 0

R3(config-if)#ip address 3.3.0.3 255.255.255.0

R3(config-if)#interface loopback 1

R3(config-if)#ip address 3.3.1.3 255.255.255.0

R3(config-if)#interface loopback 2

R3(config-if)#ip address 3.3.2.3 255.255.255.0

R3(config-if)#interface loopback 3

R3(config-if)#ip address 3.3.3.3 255.255.255.0

R3(config-if)#exit



R1(config)#router eigrp 65100

R1(config-router)#network 12.1.1.1 0.0.0.0

R1(config-router)#network 1.1.0.1 0.0.0.0

R1(config-router)#network 1.1.1.1 0.0.0.0

R1(config-router)#network 1.1.2.1 0.0.0.0

R1(config-router)#network 1.1.3.1 0.0.0.0

R1(config-router)#network 192.168.10.1 0.0.0.0

R1(config-router)#end


R2(config)#router eigrp 65100

R2(config-router)#network 12.1.1.2 0.0.0.0

R2(config-router)#network 2.2.0.2 0.0.0.0

R2(config-router)#network 2.2.1.2 0.0.0.0

R2(config-router)#network 2.2.2.2 0.0.0.0

R2(config-router)#network 2.2.3.2 0.0.0.0

R2(config-router)#network 192.168.20.1 0.0.0.0

R2(config-router)#network 23.1.1.1 0.0.0.0

R2(config-router)#exit



R3(config)#router eigrp 65100
R3(config-router)#network 23.1.1.2 0.0.0.0
R3(config-router)#network 23.1.1.2 0.0.0.0
R3(config-router)#network 192.168.30.1 0.0.0.0
R3(config-router)#network 3.3.0.3 0.0.0.0
R3(config-router)#network 3.3.1.3 0.0.0.0
R3(config-router)#network 3.3.2.3 0.0.0.0
R3(config-router)#network 3.3.3.3 0.0.0.0
R3(config-router)#exit

*Oct 14 17:14:20.351: %DUAL-5-NBRCHANGE: EIGRP-IPv4 65100: Neighbor 23.1.1.1 (Serial4/1) is up: new adjacency


R1(config)#access-list 111 permit IP host 192.168.10.1 host 192.168.30.1
R1(config)#class-map TEST
R1(config-cmap)#match access-group 111
R1(config-cmap)#exit

R1(config)#policy-map TEST-POLICY
R1(config-pmap)#class TEST
R1(config-pmap-c)#set ip precedence 3
R1(config-pmap-c)#end

R1(config)#interface serial 4/0
R1(config-if)#service-policy output TEST-POLICY
R1(config-if)#END

*Oct 14 17:19:48.795: %SYS-5-CONFIG_I: Configured from console by console
R1#ping 192.168.30.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.30.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/52/72 ms




R1#show policy-map interface serial 4/0
 Serial4/0

  Service-policy output: TEST-POLICY

    Class-map: TEST (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group 111
      QoS Set
        precedence 3
          Packets marked 0

    Class-map: class-default (match-any)
      262 packets, 17710 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any

R1#show run class-map
Building configuration...

Current configuration: 57 bytes
!
class-map match-all TEST
 match access-group 111
end

Read more »
by at No comments:
Tags:

Monday, October 11, 2021

What is of NBAR (network- based application recognition),classification QOS How to configure NBAR?

 When we implement Quality of Service (QoS) the first step is classification, by default our router does not care about what kind of IP packets it is. Our router just looks at the routing table to find the correct destination IP address and forwards.

When we configure QoS technologies like queuing, policing, or shaping before doing first we have to identify what kind of traffic is running on our routers so we can figure out what kind of application it belongs to. This is classification.


What is Quality of Service (QOS)?

What is Modular Quality of service CLI (MQC)?

What is Classification and marking? What are IP Precedence and DSCP Values? What is AF and EF?

 

 

Once we identify our traffic (classify). Now we can mark and apply QoS policy to it.

There are a few methods on IOS routers for classification:

Header inspection It is a simple classification method and it works really good but has some disadvantages. Let’s say we configure our router all the applications run TCP and its destination is HTTP port 80. Anyhow some other applications are also using TCP port 80. The router is going to perform the same action on both.

Payload inspection This is reliable and it will do deep packet inspection. This method will look at the content of the payload and recognize the application. On our Cisco IOS, this is done with the help of NBAR (network-based application recognition)



NBAR router inspects incoming IP packets and matches them with attributes and signatures in the (packet description language module) PDLM. NBAR is commonly used to block websites and it’s very popular for classification 

NBAR classification modern client-server and web-based applications. Perform identification of applications and protocols (layers 4-7) NBAR Performs protocol discovery and provides traffic statistics. NBAR enables downstream action based on QoS policies via (RED), class-based queuing, and policing. New applications are easily supported by loading a PDLM.

NBAR can classify applications that use Statically assigned TCP and UDP port numbers. Non-UDP and non-TCP IP protocols. Dynamically assigned TCP and UDP port numbers negotiated during connection establishing (requires stateful inspection)   

NBAR2 is the next generation of NBAR, enhancing the application recognition engine to support more than 1000 applications.  NBAR2 functionality requires an advanced license

 

Packet description language module

PDLMs allow NBAR to recognize new protocol-matching text patterns in data packets without requiring a new Cisco IOS software image or a router reload. An external PDLM can be loaded at run time to extend the NBAR list of recognized protocols. PDLMs can also be used to enhance an existing protocol recognition capability. PDLMs must be produced by Cisco engineers.

 

NBAR Protocol Discovery

Analyze application traffic patterns in real-time and discover which traffic is running on the network. Provides bidirectional, per-interface, and per-protocol statistics. Important monitoring tool supported by Cisco QoS management tools Generates real-time application statistics Provides traffic distribution information at key network locations.

let's see the configuration: -

Topology:


  • configure the topology as per our diagram
  • assign the IP address to their respective interfaces 
  • configure EIGRP AS65100
  • configure outbound MQC
  • configure IP precedence of 1 to ICMP packets, IP precedence of 2 HTTP packets and configure DSCP EF TO VoIP.

R1(config)#interface serial 4/0
R1(config-if)#ip address 192.168.10.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#exit


R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 10.1.1.1 255.0.0.0
R1(config-if)#no keepalive
R1(config-if)#no shutdown
R1(config-if)#exit

R1#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        10.1.1.1        YES manual up                    up
Serial4/0              192.168.10.1    YES manual up                    up


R2(config)#interface serial 4/0
R2(config-if)#ip address 192.168.10.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#exit



R2(config)#interface fastEthernet 0/0
R2(config-if)#ip address 20.1.1.1 255.0.0.0
R2(config-if)#no shutdown
R2(config-if)#no keepalive
R2(config-if)#exit


R2#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
FastEthernet0/0        20.1.1.1        YES manual up                    up
Serial4/0               192.168.10.2    YES manual up                    up


R1(config)#router eigrp 65100
R1(config-router)#network 192.168.10.0
R1(config-router)#network 10.0.0.0
R1(config-router)#no auto-summary
R1(config-router)#exit


R2(config)#router eigrp 65100
R2(config-router)#network 192.168.10.0
R2(config-router)#network 192.168.10.0
R2(config-router)#network 20.1.1.1
R2(config-router)#no auto-summary
R2(config-router)#exit

*Oct 11 18:22:53.123: %DUAL-5-NBRCHANGE: EIGRP-IPv4 65100: Neighbor 192.168.10.1 (Serial4/0) is up: new adjacency


R1#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     20.0.0.0/8 [90/2172416] via 192.168.10.2, 00:00:21, Serial4/0


R1#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(65100)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
0   192.168.10.2            Se4/0                    13 00:00:31   54   324  0  4

R2#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

D     10.0.0.0/8 [90/2172416] via 192.168.10.1, 00:00:42, Serial4/0


R2#show ip eigrp neighbors
EIGRP-IPv4 Neighbors for AS(65100)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
0   192.168.10.1            Se4/0                    11 00:00:46   44   264  0  3



R1(config)#class-map HTTP
R1(config-cmap)#match protocol http 
R1(config-cmap)#exit

R1(config)#class-map VoIP
R1(config-cmap)#match access-group name VOICE
R1(config-cmap)#exit

R1(config)#class-map ICMP
R1(config-cmap)#match protocol icmp
R1(config-cmap)#exit

R1(config)#ip access-list extended VOICE
R1(config-ext-nacl)#permit udp any any range 16380 32760
R1(config-ext-nacl)#exit

R1(config)#policy-map INTERNETWORKS

R1(config-pmap)#class ICMP
R1(config-pmap-c)#set ip precedence 1
R1(config-pmap-c)#exit

R1(config-pmap)#class HTTP
R1(config-pmap-c)#set ip precedence 2
R1(config-pmap-c)#exit

R1(config-pmap)#class VoIP
R1(config-pmap-c)#set ip dscp ef
R1(config-pmap-c)#exit
R1(config-pmap)#exit
R1(config)#exit


R1#show run policy-map
Building configuration...

Current configuration : 132 bytes
!
policy-map INTERNETWORKS
 class ICMP
  set ip precedence 1
 class HTTP
  set ip precedence 2
 class VoIP
  set ip dscp ef
!
end

R1#show run class-map
Building configuration...

Current configuration : 156 bytes
!
class-map match-all ICMP
 match protocol icmp
class-map match-all HTTP
 match protocol http
class-map match-all VoIP
 match access-group name VOICE
end


R1(config)#interface serial 4/0
R1(config-if)#service-policy output INTERNETWORKS
R1(config-if)#EXIT
R1(config)#END

R1#show policy-map interface serial 4/0
 Serial4/0

  Service-policy output: INTERNETWORKS

    Class-map: ICMP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: protocol icmp
      QoS Set
        precedence 1
          Packets marked 0

    Class-map: HTTP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: protocol http
      QoS Set
        precedence 2
          Packets marked 0

    Class-map: VoIP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name VOICE
      QoS Set
        dscp ef
          Packets marked 0

    Class-map: class-default (match-any)
      7 packets, 368 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any

R1#ping 20.1.1.1 source 10.1.1.1 repeat 16
Type escape sequence to abort.
Sending 16, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!!!!!!!!!!!!
Success rate is 100 percent (16/16), round-trip min/avg/max = 32/46/52 ms

R1#show policy-map interface serial 4/0
 Serial4/0

  Service-policy output: INTERNETWORKS

    Class-map: ICMP (match-all)
      16 packets, 1664 bytes
      5 minute offered rate 1000 bps, drop rate 0000 bps
      Match: protocol icmp
      QoS Set
        precedence 1
          Packets marked 16

    Class-map: HTTP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: protocol http
      QoS Set
        precedence 2
          Packets marked 0

    Class-map: VoIP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name VOICE
      QoS Set
        dscp ef
          Packets marked 0

    Class-map: class-default (match-any)
      20 packets, 1313 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any

R1#ping 20.1.1.1 source 10.1.1.1 repeat 4
Type escape sequence to abort.
Sending 4, 100-byte ICMP Echos to 20.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!
Success rate is 100 percent (4/4), round-trip min/avg/max = 44/49/52 ms
R1#show policy-map interface serial 4/0
 Serial4/0

  Service-policy output: INTERNETWORKS

    Class-map: ICMP (match-all)
      20 packets, 2080 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: protocol icmp
      QoS Set
        precedence 1
          Packets marked 20

    Class-map: HTTP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: protocol http
      QoS Set
        precedence 2
          Packets marked 0

    Class-map: VoIP (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: access-group name VOICE
      QoS Set
        dscp ef
          Packets marked 0

    Class-map: class-default (match-any)
      26 packets, 1617 bytes
      5 minute offered rate 0000 bps, drop rate 0000 bps
      Match: any


by at No comments:
Tags:
Subscribe to: Posts (Atom)

INSTAGRAM FEED

@soratemplates